Wie werde ich HTML:Incuder-AY[Trj] los?

wbtroj · 24.02.2014, 04:31

Hallo,
nach einem Virenscan (Startzeit Überprüfung) mit Avast (neueste Version, Viren Update aktuell) wurden 23 infizierte Dateien gefunden und in den Viren Container verschoben.
Log-Datei:

Code:

ATTFilter

02/22/2014 09:32
Prüfung aller lokalen Laufwerke

Datei C:\Users\internet\AppData\Local\Temp\mediathek8992625032441363921.tmp|>{bzip} Fehler 42130 {BZIP2-Archiv ist beschädigt.}
Datei C:\Users\netbook\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\quarantine.db|>data Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Windows\Installer\a95ae.msi|>libreoffice1.cab|>template7.bau|>+BBcEEQ-1+BCE-\Pictures\2000001B00000CD200000CED63AA5866.svm Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Windows\Installer\a95ae.msi|>libreoffice1.cab|>template7.bau|>+BBcEEQQU-\Pictures\2000001B00000CD200000CED63AA5866.svm Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Windows\SoftwareDistribution\Download\ba2e9f6aed71e4d78a0a46179542d6b0\BIT954C.tmp|>1.161.947.0_to_1.161.1215.0_mpasdlta.vdm._p Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei D:\portable servers\server2go_a22_psmp.zip|>server2go\server\mysql\bin\myisampack.exe Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei E:\Setups\TurboDelphi\IE60SP1\ielpkpe.cab|>LARIALBI.TTF Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei E:\Setups\TurboDelphi\prereqs.zip|>IE60SP1\ielpkpe.cab|>LARIALBI.TTF Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei E:\Setups\TurboDelphi\prereqs.zip|>IE60SP1\ielpkpe.cab Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei F:\Tutorials\PHP\SELFPHP_5.5.4.chm|>SELFPHP_5.5.4\anbieterverzeichnis\images\2panels_IU4_IE7_300x238.png Fehler 42136 {CHM-Archiv ist beschädigt.}
Datei F:\wamp\www\WB_Bootstrap\wp-content\themes\twenty_child\Bootstrap\bootstrap-3.0.0.zip|>bootstrap-3.0.0\examples\screenshots\jumbotron.jpg Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei F:\Downloads\LibO_3.6.6_Win_x86_install_multi(1).msi.part|>libreoffice1.cab|>th_bg_BG_v2.dat Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei F:\Downloads\LibO_3.6.6_Win_x86_install_multi(1).msi.part|>libreoffice1.cab Fehler 42144 {OLE-Archiv ist beschädigt.}
Datei G:\Tutorials\PHP\SELFPHP_5.5.4.chm|>SELFPHP_5.5.4\anbieterverzeichnis\images\2panels_IU4_IE7_300x238.png Fehler 42136 {CHM-Archiv ist beschädigt.}
Datei I:\Eigene Dateien\Iris\Beef Tapa Recipe l-Dateien\st_002.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben
Datei I:\Eigene Dateien\Iris\Camaron Rebosado-Dateien\st_002.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben
Datei I:\Eigene Dateien\Iris\Macaroni -ChickenSalad -Dateien\st_002.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben
Datei I:\Eigene Dateien\Iris\schnittlauch-eier-dip.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben
Datei I:\Eigene Dateien\Iris\teelichthalter-basteln.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben
Datei I:\Eigene Dateien\Iris\Pork Tapa Recipe-Dateien\st_002.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben
Datei I:\Eigene Dateien\Iris\Cheese Sticks-Dateien\st_002.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben
Datei I:\Eigene Dateien\Iris\kuerbis-sugo_.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben
Datei I:\Eigene Dateien\Iris\Banana Bread Recipe-Dateien\st_002.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben
Datei I:\Eigene Dateien\Iris\Banana Bread Recipe-Dateien\st_data\DARTIframe_data\st.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben
Datei I:\Eigene Dateien\Iris\Banana Bread Recipe-Dateien\st_data\DARTIframe_data_002\st.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben
Datei I:\Eigene Dateien\Iris\Haekeln\muffins_joghurt.html ist infiziert von HTML:Includer-AY [Trj], In Container verschoben
Datei I:\Eigene Dateien\Iris\Haekeln\osterbecher.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben
Datei I:\Eigene Dateien\Iris\Haekeln\servietten-osterhase.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben
Datei I:\Eigene Dateien\Iris\Egg-deep-fried-Dateien\st_002.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben
Datei I:\Eigene Dateien\Iris\Chocolate Brownies.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben
Datei I:\Eigene Dateien\Iris\Chocolate Cupcakes.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben
Datei I:\Eigene Dateien\Iris\Chicken Breasts Moroccan Spiced Grilled .htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben
Datei I:\Eigene Dateien\Iris\Chicken Peanut Stews.htm ist infiziert von HTML:Includer-AY [Trj], In Container verschoben
Datei K:\Internet\FireFox\Profile\Desktop_20June2013\bkehi1ow.default\extensions\xboz@ajin.com.xpi|>overlay.js ist infiziert von Other:Malware-gen [Trj], In Container verschoben
Datei K:\Internet\Firefox 6.0.2 (de) - 2013-03-31.pcv|>extensions\xboz@ajin.com.xpi|>overlay.js ist infiziert von Other:Malware-gen [Trj], In Container verschoben
Datei K:\Internet\Firefox 6.0.2 (de) - 2013-04-30.pcv|>extensions\xboz@ajin.com.xpi|>overlay.js ist infiziert von Other:Malware-gen [Trj], In Container verschoben
Datei K:\Internet\Firefox 6.0.2 (de) - 2013-05-07.pcv|>extensions\xboz@ajin.com.xpi|>overlay.js ist infiziert von Other:Malware-gen [Trj], In Container verschoben
Datei K:\wp_backups\Islanders\remote\backwpup_1_2012-11-14_22-20-15.zip|>wrd_ge745oh1gb.sql Fehler 42125 {ZIP-Archiv ist beschädigt.}
Anzahl durchsuchter Ordner: 56229
Anzahl der geprüften Dateien: 1911830
Anzahl infizierter Dateien: 23
----------------------------------------

Bevor ich mich dann an Eure Seite hier und die gute Hilfe, die man hier bekommt, erinnerte, habe ich noch folgende Aktion durchgeführt:
A) Das Programm Trojan Killer laufen lassen. Ergebnisse:

Code:

ATTFilter

Trojan Killer (32-bit) v.2.2.1.6
Report file date: 2/23/2014 10:24:43 AM
Last update : --

Scanning for 746444 virus strains and unwanted programs.

Licensed:         UNREGISTERED
Windows version:  Windows 7 Starter (version 6.1)
Username:         netbook
Computer name:    NETBOOK-PC

Starting the file scan:

Standard Scan started
Startup objects checked
BHO plugins checked
Services checked
ActiveX objects checked
Files checked
Scanning process...
----- HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\Report "\adwcleaner\adwcleaner[s0].txt" ---- Registry
	File-not-found#AS


----- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\UpdatePRCShortCut ""c:\program files\lenovo\onekey app\onekey recovery\muitransfer\muistartmenu.exe" "c:\program files\lenovo\onekey app\onekey recovery" updatewithcreateonce "software\lenovo\onekey app\onekey recovery"" ---- Registry
	File-not-found#AS


----- HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\GrpConv "grpconv -o" ---- Registry
	File-not-found#AS


----- e:\progra~1\ratdvd\xeb\xebcore.dll ---- General
	Mal/Fraud!se-1256
	ProdVer: 
	FileVer: 
	MD5: C711B758282C8B6280F2FD45B569A679:571904
	SUBS: Win32 GUI
	PE: x86
	EPSEC: 7
	EPRVA: 0011B001
	IBASE: 00400000
	EP:60E803000000E9EB045D4555C3E801000000EB5DBBEDFFFFFF03DD81EB00B01100807D4D01750C8B74242883FE01895D4E75318D45535053FFB5ED0900008D4535
	SEC:
		:E0000040:F639EEF27ECBA542BFE3B861A8BBCABE:353280
		:E0000040:81BBBF8C0CC76991E84645D96F59E3A6:7168
		:E0000040:00000000000000000000000000000000:0
		:E0000040:7FE5590E319CF09113C5CDEF65947260:10240
		:E0000040:53D34698542AAA60D8D2EF5B98B43F1A:512
		:E0000040:A52F888B761E8716DED9D24252E6234A:33792
		.rsrc:E0000040:47F0CF55D9619157CE718E50E7583A62:40448
		.data:E0000040:38C44DFE831262F1975B718283DB802F:125440
		.adata:E0000040:00000000000000000000000000000000:0


----- e:\progra~1\ratdvd\xeb\rattag.dll ---- General
	Mal/Fraud!se-1256
	ProdVer: 
	FileVer: 
	MD5: 2B7B660D3B189F373AB7A3CD2CCD20EF:225280
	SUBS: Win32 GUI
	FUZ: 6144:bG2Dh+ishWxpaZU3Ll3OEUx3HhQ1eIIFmGMmBjE:bGCh+ispU35OB6eNFtMmJE
	PE: x86
	EPSEC: 7
	EPRVA: 00044001
	IBASE: 00400000
	EP:60E803000000E9EB045D4555C3E801000000EB5DBBEDFFFFFF03DD81EB00400400807D4D01750C8B74242883FE01895D4E75318D45535053FFB5ED0900008D4535
	SEC:
		:E0000040:3DFBD399538DC72F315C333C13EA0E97:88576
		:E0000040:610EF0591E77C9E16F9E8CBA63C5FBB5:1536
		:E0000040:00000000000000000000000000000000:0
		:E0000040:27E658ECD62F179418266EF8C3EE4A68:3584
		:E0000040:9E80FC4BB728D667AA64B2F4CE0EC152:512
		:E0000040:4078F271A05E5DE39605B30763C9DC2B:10752
		.rsrc:E0000040:D9E87628C45FC386BA127BB719AA6CE5:3584
		.data:E0000040:0253E9BC617F03F9CBB584B057A603C0:115200
		.adata:E0000040:00000000000000000000000000000000:0


----- e:\progra~1\ratdvd\xeb\fcfolder.dll ---- General
	Mal/Fraud!se-1256
	ProdVer: 
	FileVer: 
	MD5: F93E519C817A38008C20AA84AB2BCD7D:178688
	SUBS: Win32 GUI
	FUZ: 3072:6UdhRcqNth1ZcIs3txpVsoKLEZQc3HuwejbhVMIIF2hf2JnnUx9wOmBHh/r3CNS:hFhhs3t/VY0x3HhQ1eIIFmGMmBV35
	PE: x86
	EPSEC: 7
	EPRVA: 00025001
	IBASE: 00400000
	EP:60E803000000E9EB045D4555C3E801000000EB5DBBEDFFFFFF03DD81EB00500200807D4D01750C8B74242883FE01895D4E75318D45535053FFB5ED0900008D4535
	SEC:
		:E0000040:69064E587A294652E1039C21D079E339:48128
		:E0000040:655E49DA1B0BDA906A2735683D4F21AA:1024
		:E0000040:00000000000000000000000000000000:0
		:E0000040:4C7DB3636CB4DF826DFA344F6E6AD68E:3072
		:E0000040:1942724016C474DBCCA6F18A9F9E18A8:512
		:E0000040:CB8D3A3B1DA5F8188EAC537E3B6C04AB:6656
		.rsrc:E0000040:82B262C9841EBA552F8A534F5E0017FF:3072
		.data:E0000040:4C512D62F1C8E1A2B4E49D37A7B9654E:115200
		.adata:E0000040:00000000000000000000000000000000:0


----- C:\Users\netbook\AppData\Local\Temp\SCC.dll ---- General
	Broken.Executable (Broken PE file - Section 1 starts beyond the end of file (Offset@ 22200, Total filesize 77031)
	MD5: FD13D1FD4372787DA319750AF7E1B58C:77031
	SUBS: Win32 GUI
	FUZ: 1536:6ELulWx8eA/jke1L0tT14//sK8JZQwtDRldPJZyAWeloNhg:6Edx8ekstT16/sK8J3lPJZyio7g
	PE: x86
	EP:00
	SEC:
		.text:E0000020:1E4B4664B3E541F76C297F27AE250275:76007
		.rsrc:E0000020:00000000000000000000000000000000:5632
		:C0000040:00000000000000000000000000000000:0


Scan completed

Scan result:         7 detected items
Scan completed in:   Scan completed in 27 minute(s) 53 sec.
Files were scanned:  13926

Dann noch einen QuickScan mit Malwarebytes Anti-Malware (aktuelle Version) gemacht:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.21.12

Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 11.0.9600.16518
internet :: NETBOOK-PC [limited]

Protection: Disabled

2/23/2014 9:56:29 AM
mbam-log-2014-02-23 (09-56-29).txt

Scan type: Custom scan (C:\Program Files|)
Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P
Objects scanned: 7910
Time elapsed: 9 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Dann nochmal Avast laufen lassen:

Code:

ATTFilter

02/22/2014 14:33
Prüfung aller lokalen Laufwerke

Datei C:\Users\internet\AppData\Local\Temp\mediathek8992625032441363921.tmp|>{bzip} Fehler 42130 {BZIP2-Archiv ist beschädigt.}
Datei C:\Users\netbook\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\quarantine.db|>data Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Windows\Installer\a95ae.msi|>libreoffice1.cab|>template7.bau|>+BBcEEQ-1+BCE-\Pictures\2000001B00000CD200000CED63AA5866.svm Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Windows\Installer\a95ae.msi|>libreoffice1.cab|>template7.bau|>+BBcEEQQU-\Pictures\2000001B00000CD200000CED63AA5866.svm Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Windows\SoftwareDistribution\Download\ba2e9f6aed71e4d78a0a46179542d6b0\BIT954C.tmp|>1.161.947.0_to_1.161.1215.0_mpasdlta.vdm._p Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei D:\portable servers\server2go_a22_psmp.zip|>server2go\server\mysql\bin\myisampack.exe Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei E:\Setups\TurboDelphi\IE60SP1\ielpkpe.cab|>LARIALBI.TTF Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei E:\Setups\TurboDelphi\prereqs.zip|>IE60SP1\ielpkpe.cab|>LARIALBI.TTF Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei E:\Setups\TurboDelphi\prereqs.zip|>IE60SP1\ielpkpe.cab Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei F:\Tutorials\PHP\SELFPHP_5.5.4.chm|>SELFPHP_5.5.4\anbieterverzeichnis\images\2panels_IU4_IE7_300x238.png Fehler 42136 {CHM-Archiv ist beschädigt.}
Datei F:\wamp\www\WB_Bootstrap\wp-content\themes\twenty_child\Bootstrap\bootstrap-3.0.0.zip|>bootstrap-3.0.0\examples\screenshots\jumbotron.jpg Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei F:\Downloads\LibO_3.6.6_Win_x86_install_multi(1).msi.part|>libreoffice1.cab|>th_bg_BG_v2.dat Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei F:\Downloads\LibO_3.6.6_Win_x86_install_multi(1).msi.part|>libreoffice1.cab Fehler 42144 {OLE-Archiv ist beschädigt.}
Datei G:\Tutorials\PHP\SELFPHP_5.5.4.chm|>SELFPHP_5.5.4\anbieterverzeichnis\images\2panels_IU4_IE7_300x238.png Fehler 42136 {CHM-Archiv ist beschädigt.}
Datei K:\wp_backups\Islanders\remote\backwpup_1_2012-11-14_22-20-15.zip|>wrd_ge745oh1gb.sql Fehler 42125 {ZIP-Archiv ist beschädigt.}
Anzahl durchsuchter Ordner: 56133
Anzahl der geprüften Dateien: 1912032
Anzahl infizierter Dateien: 0

Es wurden keine Infektionen mehr gefunden.

Danach bin ich dann auf Eure Seite und habe erstmal alle geforderten Protokolle erstellt. Hier die Ergebnisse:

A) Defrogger => wurde erfolgreich beendet und habe ich nicht wieder re-enabled

B) FRST
1: FRST.txt => erstellt

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-02-2014 01
Ran by internet (ATTENTION: The logged in user is not administrator) on NETBOOK-PC on 24-02-2014 08:25:55
Running from D:\AntiVr\TrojaneroardSoftware
Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() D:\Programme\dsksve8\DeskSave.exe
(NTeWORKS) E:\Imaging\PicPick\picpick.exe
(Microsoft Corporation) E:\Program Files\Microsoft Office\Office10\msoffice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM\...\Run: [GfxServiceInstall] - C:\windows\system32\GfxCUIServiceInstall.vbs [131 2012-02-27] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10025576 2011-02-14] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [1813800 2011-05-17] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files\Motorola\Bluetooth\btmshell.dll [24868696 2011-04-22] (Motorola Solutions, Inc.)
HKLM\...\Run: [Energy Management] - C:\Program Files\Lenovo\Energy Management\Energy Management.exe [8972224 2011-04-01] (Lenovo (Beijing) Limited)
HKLM\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-14] (CyberLink Corp.)
HKLM\...\Run: [Lenovo Registration] - C:\Program Files\Lenovo Registration\LenovoReg.exe [4351712 2012-01-26] (Lenovo, Inc.)
HKLM\...\Run: [NetFxUpdate_v1.1.4322] - C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [106496 2004-08-10] (Microsoft)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-19] (AVAST Software)
HKLM\...\RunOnce: [20131224] - C:\Program Files\AVAST Software\Avast\setup\emupdate\c96afbec-8119-4e6d-9278-25ac133224ad.exe /check [181136 2014-02-22] (AVAST Software)
HKLM\...\RunOnce: [DCERegBootClean] - C:\windows\RegBootClean.exe [181776 2014-02-22] ()
HKLM\...\Runonce: [GrpConv] - grpconv -o
HKU\S-1-5-21-2638138946-3830281041-644157228-1001\...\Run: [Google Update] - C:\Users\internet\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-02-13] (Google Inc.)
HKU\S-1-5-21-2638138946-3830281041-644157228-1001\...\Run: [DeskSave] - D:\Programme\dsksve8\DeskSave.exe [82944 2008-07-26] ()
HKU\S-1-5-21-2638138946-3830281041-644157228-1001\...\Run: [SUPERAntiSpyware] - D:\AntiVr\Superspyware\SUPERAntiSpyware.ex_
HKU\S-1-5-21-2638138946-3830281041-644157228-1001\...\Run: [PicPick Start] - E:\Imaging\PicPick\picpick.exe [13229912 2014-01-16] (NTeWORKS)
AppInit_DLLs: C:\windows\system32\guard32.dll => C:\windows\system32\guard32.dll [301264 2012-11-08] (COMODO)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENE&bmod=LENE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENE&bmod=LENE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENE
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={A52C2B2D-E755-4837-BA84-049847A21828}&mid=e8c015351f7347d0bd7fd1553d990405-b0d4f81a8999f5981f04537c5ec8468fd5234593&lang=en&ds=bm013&pr=sa&d=2012-11-08 15:18:25&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\java\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\java\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\AntiVr\Superspyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Homepage: https://www.gmx.net/|hxxp://speedtest.net
FF Keyword.URL: hxxp://ph.search.yahoo.com/search?fr=mcafee&p=
FF NetworkProxy: "http", "192.168.0.103"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - E:\Program Files\java\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - E:\Program Files\java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - E:\Program Files\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\internet\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\internet\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\internet\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\internet\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\internet\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\internet\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\internet\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\internet\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\searchplugins\ixquick.xml
FF SearchPlugin: C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\searchplugins\webde-suche.xml
FF Extension: German Dictionary - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2012-11-04]
FF Extension: Wörterbuch Deutsch (de-DE), Hunspell-unterstützt - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\de_DE@dicts.j3e.de [2013-09-14]
FF Extension: United States English Spellchecker - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\en-US@dictionaries.addons.mozilla.org [2013-03-24]
FF Extension: Free Download Manager plugin - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\fdm_ffext@freedownloadmanager.org [2013-03-18]
FF Extension: FireShot - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-01-30]
FF Extension: TV-Fox - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4} [2013-03-31]
FF Extension: Live HTTP Headers - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2012-11-04]
FF Extension: WOT - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-01]
FF Extension: DownloadHelper - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-28]
FF Extension: FoxClocks - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2014-01-24]
FF Extension: Memory Fox - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} [2013-02-24]
FF Extension: Firebug - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\firebug@software.joehewitt.com.xpi [2012-11-04]
FF Extension: Open RegEdit Key - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\openregeditkey@kashiif.com.xpi [2012-11-04]
FF Extension: SQLite Manager - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2013-05-25]
FF Extension: GMX MailCheck - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\toolbar@gmx.net.xpi [2012-11-04]
FF Extension: YSlow - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\yslow@yahoo-inc.com.xpi [2012-11-04]
FF Extension: Facebook Phishing Protector - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi [2012-11-04]
FF Extension: X-notifier - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2012-11-04]
FF Extension: FireFTP - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012-11-04]
FF Extension: Greasemonkey - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-11-04]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-03]
FF StartMenuInternet: FIREFOX.EXE - E:\Internet\FireFox\firefox.exe

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=LENE&bmod=LENE
CHR DefaultSearchKeyword: google.com.ph
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~1\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (YouTube) - C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-31]
CHR Extension: (Google Search) - C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-31]
CHR Extension: (avast! Online Security) - C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-05-19]
CHR Extension: (Mailvelope) - C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajibbejlbohfaggdiogboambcijhkke [2013-11-02]
CHR Extension: (AVG Security Toolbar) - C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-12-26]
CHR Extension: (Google Wallet) - C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-27]
CHR Extension: (Gmail) - C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-31]

========================== Services (Whitelisted) =================

R2 !SASCORE; D:\AntiVr\Superspyware\SASCORE.EXE [119056 2013-05-24] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-19] (AVAST Software)
R3 Bluetooth Device Manager; C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [3533656 2011-04-16] (Motorola Solutions, Inc.)
R2 Bluetooth Media Service; C:\Program Files\Motorola\Bluetooth\audiosrv.exe [904272 2011-03-18] (Motorola Solutions, Inc.)
R2 Bluetooth OBEX Service; C:\Program Files\Motorola\Bluetooth\obexsrv.exe [564056 2011-05-05] (Motorola Solutions, Inc.)
R2 cnosdsrv; C:\Program Files\cnosd\cnosdsrv.exe [49152 2011-01-21] ()
R2 lmhosts; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2012-11-08] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NlaSvc; C:\windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 wampapache; F:\wamp\bin\apache\apache2.2.22\bin\httpd.exe [18432 2012-05-13] (Apache Software Foundation)
S3 wampmysqld; F:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe [8177664 2012-04-19] ()
S4 cmdAgent;  [X]
S4 FsUsbExService;  [X]
S4 VideAceWindowsService;  [X]

==================== Drivers (Whitelisted) ====================

R3 ACPIVPC; C:\windows\System32\DRIVERS\AcpiVpc.sys [23136 2011-01-28] (Lenovo Corporation)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [67824 2014-02-19] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [79720 2013-10-19] (AVAST Software)
R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [49944 2013-10-19] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [775952 2014-02-19] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [410784 2014-02-19] (AVAST Software)
R3 aswStm; C:\windows\system32\drivers\aswStm.sys [64168 2014-02-19] (AVAST Software)
R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [180248 2013-12-29] ()
R1 avgtp; C:\windows\system32\drivers\avgtpx86.sys [37664 2013-11-12] (AVG Technologies)
S3 btmaudio; C:\windows\System32\drivers\btmaud.sys [33920 2011-02-23] (Motorola Solutions, Inc.)
R3 BTMCOM; C:\windows\System32\Drivers\btmcom.sys [41472 2011-02-23] (Motorola Solutions, Inc.)
R3 BTMNET; C:\windows\System32\DRIVERS\btmnet.sys [21760 2011-02-23] (Motorola Solutions, Inc.)
R3 BTMUSB; C:\windows\System32\Drivers\btmusb.sys [547328 2011-03-23] (Motorola Solutions, Inc.)
R1 cmdGuard; C:\windows\System32\DRIVERS\cmdguard.sys [494416 2012-11-08] (COMODO)
R1 cmdHlp; C:\windows\System32\DRIVERS\cmdhlp.sys [36072 2012-11-08] (COMODO)
S3 epmntdrv; C:\windows\system32\epmntdrv.sys [14216 2009-08-26] ()
R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [120104 2011-05-17] (ELAN Microelectronics Corp.)
S3 EuGdiDrv; C:\windows\system32\EuGdiDrv.sys [8456 2009-09-16] ()
S3 FsUsbExDisk; C:\windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
R1 funfrm; C:\windows\system32\Drivers\funfrm.sys [53136 2012-11-15] ()
S3 gdrv; C:\windows\gdrv.sys [17488 2013-06-14] (Windows (R) 2000 DDK provider)
R1 inspect; C:\windows\System32\DRIVERS\inspect.sys [82952 2012-11-08] (COMODO)
R0 LHDmgr; C:\windows\System32\DRIVERS\LhdX86.sys [32352 2010-01-16] (Lenovo.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 networx; C:\windows\System32\drivers\networx.sys [52728 2013-01-25] (NetFilterSDK.com)
R3 RTL8192Ce; C:\windows\System32\DRIVERS\rtl8192Ce.sys [760936 2011-12-22] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; D:\AntiVr\Superspyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; D:\AntiVr\Superspyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 StarOpen; C:\windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 TrojanKillerDriver; C:\windows\System32\DRIVERS\gtkdrv.sys [16128 2014-02-11] (Windows (R) Win 7 DDK provider)
S3 wsvd; C:\windows\System32\DRIVERS\wsvd.sys [81704 2009-07-22] (CyberLink)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-24 08:25 - 2014-02-24 08:25 - 00000000 ____D () C:\FRST
2014-02-24 08:23 - 2014-02-24 08:23 - 00000000 _____ () C:\Users\netbook\defogger_reenable
2014-02-23 10:21 - 2014-02-23 10:21 - 00000763 _____ () C:\Users\Public\Desktop\Trojan Killer.lnk
2014-02-23 10:21 - 2014-02-23 10:21 - 00000000 ____D () C:\ProgramData\GridinSoft
2014-02-23 09:55 - 2014-02-23 09:55 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Malwarebytes
2014-02-22 13:07 - 2013-11-27 07:29 - 05693440 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-02-22 09:06 - 2014-02-22 09:06 - 00000760 _____ () C:\windows\DCEBOOT.RST
2014-02-22 09:06 - 2014-02-22 09:06 - 00000000 _____ () C:\windows\DCEBOOT.LOG
2014-02-22 08:55 - 2014-02-22 09:02 - 00181776 _____ () C:\windows\RegBootClean.exe
2014-02-22 08:55 - 2014-02-22 09:02 - 00004788 _____ () C:\windows\RegBootClean.CFG
2014-02-22 08:55 - 2014-02-22 08:58 - 00022032 _____ () C:\windows\DCEBoot.exe
2014-02-22 08:21 - 2014-02-22 08:21 - 00257928 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys
2014-02-22 08:21 - 2014-02-22 08:21 - 00000036 _____ () C:\Users\netbook\AppData\Local\housecall.guid.cache
2014-02-21 17:40 - 2014-02-21 17:40 - 00000000 ____D () C:\Users\netbook\AppData\Roaming\Malwarebytes
2014-02-21 17:39 - 2014-02-21 18:05 - 00001067 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-21 17:39 - 2014-02-21 18:05 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-21 17:39 - 2014-02-21 17:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-21 17:39 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-02-21 10:10 - 2013-10-02 08:42 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-02-21 10:10 - 2013-10-02 08:32 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-21 10:10 - 2013-10-02 08:30 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-21 10:10 - 2013-10-02 08:14 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-02-21 10:10 - 2013-10-02 08:14 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-02-21 10:10 - 2013-10-02 07:58 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-02-21 10:10 - 2013-10-02 07:45 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-02-21 10:10 - 2013-10-02 07:08 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-02-21 10:10 - 2013-10-02 07:00 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-02-21 10:10 - 2013-10-02 06:53 - 00350208 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-02-21 10:10 - 2013-10-02 06:34 - 01068544 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-02-21 10:08 - 2014-02-06 18:38 - 17103872 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-21 10:08 - 2014-02-06 18:20 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-21 10:08 - 2014-02-06 18:19 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-21 10:08 - 2014-02-06 18:01 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-21 10:08 - 2014-02-06 18:00 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-21 10:08 - 2014-02-06 17:57 - 02168320 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-21 10:08 - 2014-02-06 17:52 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-21 10:08 - 2014-02-06 17:52 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-21 10:08 - 2014-02-06 17:49 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-21 10:08 - 2014-02-06 17:47 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-21 10:08 - 2014-02-06 17:47 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-21 10:08 - 2014-02-06 17:46 - 00553472 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-21 10:08 - 2014-02-06 17:34 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-21 10:08 - 2014-02-06 17:25 - 04244480 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-21 10:08 - 2014-02-06 17:25 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-21 10:08 - 2014-02-06 17:13 - 00524288 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-21 10:08 - 2014-02-06 17:09 - 01964032 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-21 10:08 - 2014-02-06 17:03 - 11266048 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-21 10:08 - 2014-02-06 16:41 - 01820160 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-21 10:08 - 2014-02-06 16:36 - 01156096 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-21 10:08 - 2014-02-06 16:34 - 00703488 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-21 09:53 - 2013-12-21 16:56 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-02-21 08:46 - 2013-12-25 07:09 - 01987584 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-02-21 08:46 - 2013-11-26 16:16 - 03419136 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-02-21 08:45 - 2013-12-04 10:03 - 00428032 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
2014-02-21 08:45 - 2013-12-04 10:03 - 00423936 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
2014-02-21 08:45 - 2013-12-04 10:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
2014-02-21 08:45 - 2013-12-04 10:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
2014-02-21 08:45 - 2013-12-04 10:02 - 00390144 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2014-02-21 08:45 - 2013-12-04 09:54 - 00594944 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
2014-02-21 08:45 - 2013-12-04 09:54 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
2014-02-21 08:45 - 2013-12-04 09:54 - 00510976 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
2014-02-21 08:45 - 2013-12-04 09:54 - 00508928 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
2014-02-21 08:37 - 2014-01-01 07:05 - 00420008 _____ () C:\windows\system32\locale.nls
2014-02-21 08:37 - 2013-09-25 09:57 - 00792576 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-02-21 08:36 - 2013-12-06 10:02 - 01237504 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-02-21 08:36 - 2013-12-06 10:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-02-21 08:32 - 2013-11-27 09:14 - 00258560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-02-21 08:32 - 2013-11-27 09:13 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-02-21 08:32 - 2013-11-27 09:13 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-02-21 08:32 - 2013-11-27 09:13 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-02-21 08:32 - 2013-11-27 09:13 - 00024064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-02-21 08:32 - 2013-11-27 09:13 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2014-02-21 08:32 - 2013-11-27 09:13 - 00006016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-02-11 19:59 - 2014-02-11 19:59 - 00016128 _____ (Windows (R) Win 7 DDK provider) C:\windows\system32\Drivers\gtkdrv.sys

==================== One Month Modified Files and Folders =======

2014-02-24 08:27 - 2012-11-09 05:56 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-02-24 08:25 - 2014-02-24 08:25 - 00000000 ____D () C:\FRST
2014-02-24 08:24 - 2012-05-26 07:27 - 01472710 _____ () C:\windows\WindowsUpdate.log
2014-02-24 08:23 - 2014-02-24 08:23 - 00000000 _____ () C:\Users\netbook\defogger_reenable
2014-02-24 08:23 - 2012-10-30 12:33 - 00000000 ____D () C:\Users\netbook
2014-02-24 08:23 - 2009-07-14 12:34 - 00016752 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-24 08:23 - 2009-07-14 12:34 - 00016752 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-24 08:21 - 2013-06-03 16:19 - 00000350 _____ () C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-02-24 08:21 - 2012-05-26 08:18 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-24 08:20 - 2009-07-14 12:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-02-24 08:20 - 2009-07-14 12:39 - 00119860 _____ () C:\windows\setupact.log
2014-02-23 17:13 - 2012-05-26 08:18 - 00000900 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-23 10:21 - 2014-02-23 10:21 - 00000763 _____ () C:\Users\Public\Desktop\Trojan Killer.lnk
2014-02-23 10:21 - 2014-02-23 10:21 - 00000000 ____D () C:\ProgramData\GridinSoft
2014-02-23 09:55 - 2014-02-23 09:55 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Malwarebytes
2014-02-23 09:06 - 2013-04-17 10:14 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2638138946-3830281041-644157228-1001UA.job
2014-02-22 14:06 - 2009-07-14 10:37 - 00000000 ____D () C:\windows\system32\NDF
2014-02-22 09:06 - 2014-02-22 09:06 - 00000760 _____ () C:\windows\DCEBOOT.RST
2014-02-22 09:06 - 2014-02-22 09:06 - 00000000 _____ () C:\windows\DCEBOOT.LOG
2014-02-22 09:06 - 2010-11-21 05:48 - 00208038 _____ () C:\windows\PFRO.log
2014-02-22 09:02 - 2014-02-22 08:55 - 00181776 _____ () C:\windows\RegBootClean.exe
2014-02-22 09:02 - 2014-02-22 08:55 - 00004788 _____ () C:\windows\RegBootClean.CFG
2014-02-22 08:58 - 2014-02-22 08:55 - 00022032 _____ () C:\windows\DCEBoot.exe
2014-02-22 08:58 - 2012-05-26 08:08 - 00000000 ___HD () C:\QuickStartUtil
2014-02-22 08:21 - 2014-02-22 08:21 - 00257928 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys
2014-02-22 08:21 - 2014-02-22 08:21 - 00000036 _____ () C:\Users\netbook\AppData\Local\housecall.guid.cache
2014-02-21 18:05 - 2014-02-21 17:39 - 00001067 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-21 18:05 - 2014-02-21 17:39 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-21 17:40 - 2014-02-21 17:40 - 00000000 ____D () C:\Users\netbook\AppData\Roaming\Malwarebytes
2014-02-21 17:39 - 2014-02-21 17:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-21 16:08 - 2009-07-14 10:37 - 00000000 ____D () C:\windows\rescache
2014-02-21 15:06 - 2013-04-17 10:14 - 00000868 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2638138946-3830281041-644157228-1001Core.job
2014-02-21 11:57 - 2009-07-14 10:37 - 00000000 ____D () C:\windows\Microsoft.NET
2014-02-21 11:30 - 2012-10-30 19:17 - 00000000 ____D () C:\Users\internet\AppData\Roaming\vlc
2014-02-21 10:07 - 2013-07-16 07:14 - 00000000 ____D () C:\windows\system32\MRT
2014-02-21 09:58 - 2012-11-01 09:31 - 85946576 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-02-21 09:51 - 2010-11-21 05:01 - 00789298 _____ () C:\windows\system32\PerfStringBackup.INI
2014-02-19 15:35 - 2012-11-02 19:59 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Mozilla
2014-02-19 15:15 - 2013-10-19 12:52 - 00002047 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-19 15:14 - 2013-12-29 18:21 - 00064168 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys
2014-02-19 15:14 - 2012-11-03 08:02 - 00775952 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2014-02-19 15:14 - 2012-11-03 08:02 - 00410784 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-02-19 15:14 - 2012-11-03 08:02 - 00270240 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-02-19 15:14 - 2012-11-03 08:02 - 00067824 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-02-19 15:14 - 2012-11-03 08:02 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-02-16 09:40 - 2009-07-14 12:53 - 00032642 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-02-11 19:59 - 2014-02-11 19:59 - 00016128 _____ (Windows (R) Win 7 DDK provider) C:\windows\system32\Drivers\gtkdrv.sys
2014-02-10 11:30 - 2012-11-09 05:56 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-02-10 11:30 - 2012-11-09 05:56 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-06 18:38 - 2014-02-21 10:08 - 17103872 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-06 18:20 - 2014-02-21 10:08 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-06 18:19 - 2014-02-21 10:08 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-06 18:01 - 2014-02-21 10:08 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-06 18:00 - 2014-02-21 10:08 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-06 17:57 - 2014-02-21 10:08 - 02168320 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-06 17:52 - 2014-02-21 10:08 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-06 17:52 - 2014-02-21 10:08 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-06 17:49 - 2014-02-21 10:08 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-06 17:47 - 2014-02-21 10:08 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-06 17:47 - 2014-02-21 10:08 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-06 17:46 - 2014-02-21 10:08 - 00553472 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-06 17:34 - 2014-02-21 10:08 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-06 17:25 - 2014-02-21 10:08 - 04244480 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-06 17:25 - 2014-02-21 10:08 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-06 17:13 - 2014-02-21 10:08 - 00524288 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-06 17:09 - 2014-02-21 10:08 - 01964032 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-06 17:03 - 2014-02-21 10:08 - 11266048 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-06 16:41 - 2014-02-21 10:08 - 01820160 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-06 16:36 - 2014-02-21 10:08 - 01156096 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-06 16:34 - 2014-02-21 10:08 - 00703488 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-03 17:23 - 2012-10-30 18:36 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Skype
2014-01-29 16:10 - 2012-10-30 15:59 - 00000000 ____D () C:\Users\netbook\AppData\Roaming\Skype

==================== Bamital & volsnap Check =================

C:\windows\explorer.exe => MD5 is legit
C:\windows\system32\winlogon.exe => MD5 is legit
C:\windows\system32\wininit.exe => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\services.exe => MD5 is legit
C:\windows\system32\User32.dll => MD5 is legit
C:\windows\system32\userinit.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

2. Addition.txt = erstellt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-02-2014 01
Ran by internet at 2014-02-24 08:28:00
Running from D:\AntiVr\TrojaneroardSoftware
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Anki (HKLM\...\Anki) (Version:  - )
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2013 - Avast Software)
Borland Turbo Delphi (HKLM\...\{7ED5371F-F4EA-48F9-B8F7-C8777AD9DF69}) (Version: 10.0.3 - Borland Software Corporation)
calibre (HKLM\...\{260CE6D4-9FB5-47CB-8425-BEE666F40FC0}) (Version: 1.7.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 3.25 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.2.3442 - CDBurnerXP)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CNOSD (HKLM\...\{35F814AA-CB70-4927-A7BC-2B0D0F85F8C8}) (Version: 1.0.0.4 - cn_client)
COMODO Internet Security (HKLM\...\{E62381A7-B1C1-4121-8262-84D38C77786C}) (Version: 5.12.55693.2551 - COMODO Security Solutions Inc.)
Corel Paint Shop Pro X (HKLM\...\{1A15507A-8551-4626-915D-3D5FA095CC1B}) (Version: 10.03 - Corel Inc)
Creative MediaSource 5 (HKLM\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Disk Space Fan 4 Free 4.5.1.129 (HKCU\...\Disk Space Fan 4 Free_is1) (Version:  - Disk Space Fan Team)
DriveImage XML (Private Edition) (HKLM\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.44.000 - Runtime Software)
EASEUS Partition Master 4.1.1 Professional (HKLM\...\EASEUS Partition Master Professional Edition_is1) (Version:  - EASEUS)
EasyCapture (HKLM\...\EasyCapture4.0) (Version: V4.0.09.0731 - Lenovo)
Energy Management (HKLM\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.4 - Lenovo)
Energy Management (Version: 6.0.2.4 - Lenovo) Hidden
ETDWare PS/2-X86 8.0.4.5_WHQL (HKLM\...\Elantech) (Version: 8.0.4.5 - ELAN Microelectronic Corp.)
FileZilla Client 3.7.1 (HKLM\...\FileZilla Client) (Version: 3.7.1 - FileZilla Project)
Fotogalerie (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Free 3GP Video Converter version 5.0.24.430 (HKLM\...\Free 3GP Video Converter_is1) (Version: 5.0.24.430 - DVDVideoSoft Ltd.)
FreeCommander 2009.02b (HKCU\...\FreeCommander_is1) (Version: 2009.02 - Marek Jasinski)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
GNU Backgammon (MAIN branch, 20121023 code) (HKLM\...\GNU Backgammon_is1) (Version:  - Free Software Foundation)
Google Chrome (HKLM\...\Google Chrome) (Version: 32.0.1700.107 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM\...\{41101F0C-DBD9-321C-A6B1-E0689B495A4E}) (Version: 5.1.4.17398 - Google)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.14.8.1075 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Kyodai Mahjongg (HKLM\...\Kyodai Mahjongg_is1) (Version:  - Rene-Gilles Deberdt)
Kyodai Mahjongg 2006 v1.42 (HKLM\...\Kyodai Mahjongg 2006_is1) (Version:  - Rene-Gilles Deberdt)
Lenovo OneKey Recovery (HKLM\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0.2525 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.0.2525 - CyberLink Corp.) Hidden
Lenovo Registration (HKLM\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
LibreOffice 4.0.5.2 (HKLM\...\{5B9C9486-4287-4621-8F9D-EC3EE622A82F}) (Version: 4.0.5.2 - The Document Foundation)
LibreOffice 4.1 Help Pack (German) (HKLM\...\{F2087365-70E1-47F0-950F-A9844022279A}) (Version: 4.1.2.3 - The Document Foundation)
Macromedia Dreamweaver MX 2004 (HKLM\...\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}) (Version: 7.0 - Macromedia)
Macromedia Extension Manager (HKLM\...\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}) (Version: 1.5 - Macromedia)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework SDK (English) 1.1 (HKLM\...\{EB9BD1D5-8DFB-48C4-927B-10BB47CA59B3}) (Version: 1.1.4322 - Microsoft)
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Expression Web 4 (HKLM\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Expression Web 4 (Version: 4.0.1460.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM\...\{90110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.40303 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.40308 - Microsoft Corporation) Hidden
Miro (HKLM\...\Miro) (Version: 6.0 - Participatory Culture Foundation)
Motorola Bluetooth (HKLM\...\1DF1F719-D43A-46E8-950F-65A8D96C678A.MBT_is1) (Version: 3.0.13.307 - Motorola Solutions, Inc.)
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 16.0.2 (x86 de) (HKLM\...\Mozilla Firefox 16.0.2 (x86 de)) (Version: 16.0.2 - Mozilla)
Mozilla Firefox 27.0.1 (x86 de) (HKCU\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 16.0.2 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetWorx 5.2.8 (HKLM\...\NetWorx_is1) (Version:  - Softperfect Research)
Neverball 1.5.4 (HKCU\...\Neverball) (Version: 1.5.4 - )
Opera 12.15 (HKCU\...\Opera 12.15.1748) (Version: 12.15.1748 - Opera Software ASA)
Photo Common (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PicPick (HKLM\...\PicPick) (Version: 3.3.0 - NTeWORKS)
Power Tab Editor 1.7 (HKLM\...\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}) (Version: 1.7.0 - Power Tab Software)
QuickStart (HKLM\...\InstallShield_{36B0DC39-3282-40EB-8587-B875CE46C3A7}) (Version: 3.0.23.199 - VideACE Co.)
QuickStart (Version: 3.0.23.199 - VideACE Co.) Hidden
ratDVD 0.78.1444 (HKLM\...\ratDVD) (Version: 0.78.1444 - ratDVD)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6309 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.0180 - REALTEK Semiconductor Corp.)
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
Security Task Manager 1.8g (HKLM\...\Security Task Manager) (Version: 1.8g - Neuber Software)
Simple Sudoku 4.2 (HKLM\...\Simple Sudoku_is1) (Version:  - )
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.18 - Piriform)
StreamTransport version: 1.0.2.2171 (HKLM\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version:  - )
SugarSync Manager (HKLM\...\SugarSync) (Version: 1.9.49.86082 - SugarSync, Inc.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1020 - SUPERAntiSpyware.com)
TreeSize Free V2.7 (HKCU\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
Trojan Killer (HKLM\...\GridinSoft Trojan Killer) (Version: 2.2.1.6 - GridinSoft LLC)
TuxGuitar (HKLM\...\{03534DA5-2F88-4B8E-A978-849B979E1B8F}) (Version: 1.2 - Herac)
UserGuide (HKLM\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
UserGuide (Version: 1.0.0.6 - Lenovo) Hidden
Video Converter Factory Pro (HKLM\...\VideoConverterFactoryPro) (Version:  - WonderFox Soft, Inc. All Rights Reserved.)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
WampServer 2.2 (HKLM\...\WampServer 2_is1) (Version:  - Hervé Leclerc (HeL))
Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Live Communications Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinHTTrack Website Copier 3.47-23 (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.47.23 - HTTrack)
WinSCP 4.3.7 (HKCU\...\winscp3_is1) (Version: 4.3.7 - Martin Prikryl)
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - )
Yahoo! Toolbar (HKLM\...\Yahoo! Toolbar) (Version:  - )

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2009-07-14 10:04 - 2013-04-08 09:40 - 00000986 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1       localhost
127.0.0.1       localhost
127.0.0.1       localhost
127.0.0.1       localhost
127.0.0.1       localhost


==================== Scheduled Tasks (whitelisted) =============

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => ?
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2638138946-3830281041-644157228-1001Core.job => C:\Users\internet\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2638138946-3830281041-644157228-1001UA.job => C:\Users\internet\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-06-19 04:08 - 2013-06-19 04:08 - 00093696 _____ () E:\Internet\FileZilla FTP Client\fzshellext.dll
2008-12-20 11:20 - 2008-12-20 11:20 - 00051016 _____ () C:\Program Files\Lenovo\Energy Management\HookLib.dll
2013-10-19 12:51 - 2013-10-19 12:51 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-04-23 11:42 - 2008-07-26 19:56 - 00082944 _____ () D:\Programme\dsksve8\DeskSave.exe

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/24/2014 08:22:19 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 05:41:22 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 05:14:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 02:19:20 PM) (Source: PerfNet) (User: )
Description: 

Error: (02/23/2014 09:46:32 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 09:02:44 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/22/2014 05:25:32 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/22/2014 02:31:20 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/22/2014 02:14:56 PM) (Source: Application Hang) (User: )
Description: The program javaw.exe version 7.0.510.13 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2330

Start Time: 01cf2f9444e21482

Termination Time: 59060

Application Path: E:\Program Files\java\bin\javaw.exe

Report Id:

Error: (02/22/2014 02:13:48 PM) (Source: Application Hang) (User: )
Description: The program javaw.exe version 7.0.510.13 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2014

Start Time: 01cf2f9457e12fd2

Termination Time: 4118

Application Path: E:\Program Files\java\bin\javaw.exe

Report Id:


System errors:
=============
Error: (02/24/2014 08:22:34 AM) (Source: DCOM) (User: )
Description: "C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe" -Embedding2{FE7BF085-73BC-4CE1-830E-62335D63E74B}

Error: (02/24/2014 08:22:20 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (02/24/2014 08:21:13 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom

Error: (02/24/2014 08:20:44 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126

Error: (02/23/2014 05:41:28 PM) (Source: DCOM) (User: )
Description: "C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe" -Embedding2{FE7BF085-73BC-4CE1-830E-62335D63E74B}

Error: (02/23/2014 05:40:26 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom

Error: (02/23/2014 05:39:55 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\windows\system32\Rtlihvs.dll
Error Code: 126

Error: (02/23/2014 05:15:30 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (02/23/2014 05:15:08 PM) (Source: DCOM) (User: )
Description: "C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe" -Embedding2{FE7BF085-73BC-4CE1-830E-62335D63E74B}

Error: (02/23/2014 05:14:21 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom


Microsoft Office Sessions:
=========================
Error: (02/24/2014 08:22:19 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 05:41:22 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 05:14:49 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 02:19:20 PM) (Source: PerfNet)(User: )
Description: 

Error: (02/23/2014 09:46:32 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/23/2014 09:02:44 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/22/2014 05:25:32 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/22/2014 02:31:20 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/22/2014 02:14:56 PM) (Source: Application Hang)(User: )
Description: javaw.exe7.0.510.13233001cf2f9444e2148259060E:\Program Files\java\bin\javaw.exe

Error: (02/22/2014 02:13:48 PM) (Source: Application Hang)(User: )
Description: javaw.exe7.0.510.13201401cf2f9457e12fd24118E:\Program Files\java\bin\javaw.exe


==================== Memory info =========================== 

Percentage of memory in use: 85%
Total physical RAM: 2036.8 MB
Available physical RAM: 296.82 MB
Total Pagefile: 3636.8 MB
Available Pagefile: 2044.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.37 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:29.3 GB) (Free:3.88 GB) NTFS
Drive d: (System) (Fixed) (Total:30.38 GB) (Free:27.3 GB) NTFS
Drive e: (Programme) (Fixed) (Total:39.06 GB) (Free:31.72 GB) NTFS
Drive f: (Daten) (Fixed) (Total:39.06 GB) (Free:19.03 GB) NTFS
Drive g: (MP3) (Fixed) (Total:97.66 GB) (Free:21.82 GB) NTFS
Drive h: (Bilderr) (Fixed) (Total:97.66 GB) (Free:61.46 GB) NTFS
Drive i: (Eigene) (Fixed) (Total:58.59 GB) (Free:40.79 GB) NTFS
Drive k: (SundayBackups) (Fixed) (Total:59.09 GB) (Free:24.44 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================

C) Gmer.txt => erstellt und aufgrund der Größe als zip im Anhang mit versendet.

Ich hoffe Euch damit erstmal alle notwendigen Daten geliefert zu habe. Hoffentlich könnt Ihr mir bei der Sache helfen. Ich bin mir im Moment nicht sicher, ob ich nun keine Schadware mehr habe (wie es der 2. Avast Scan sagt) oder ob ich nicht doch noch - mit Eurer Hilfe - die eigentlichen Schaddateien entfernen muss.

Vielen Dank schon mal im Voraus
Andreas!

schrauber · 24.02.2014, 07:52

Hi,

FRST bitte nochmal, unsere Tools brauchen immer Adminrechte.

wbtroj · 24.02.2014, 08:18

Hallo,
sorry - daran habe ich nicht mehr gedacht. Hier also nun das Protokoll mit Adminrechten erstellt:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-02-2014 01
Ran by netbook (administrator) on NETBOOK-PC on 24-02-2014 15:06:01
Running from D:\AntiVr\TrojaneroardSoftware
Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) D:\AntiVr\Superspyware\SASCORE.EXE
(Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
(Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
() C:\Program Files\cnosd\cnosdsrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\windows\system32\UI0Detect.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Microsoft Corporation) C:\windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Samsung Electronics Co., Ltd.) E:\Samsung PC Studio\NPSAgent.exe
(NTeWORKS) E:\Imaging\PicPick\picpick.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) E:\Program Files\Microsoft Office\Office10\msoffice.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM\...\Run: [GfxServiceInstall] - C:\windows\system32\GfxCUIServiceInstall.vbs [131 2012-02-27] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10025576 2011-02-14] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [1813800 2011-05-17] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files\Motorola\Bluetooth\btmshell.dll [24868696 2011-04-22] (Motorola Solutions, Inc.)
HKLM\...\Run: [Energy Management] - C:\Program Files\Lenovo\Energy Management\Energy Management.exe [8972224 2011-04-01] (Lenovo (Beijing) Limited)
HKLM\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-14] (CyberLink Corp.)
HKLM\...\Run: [Lenovo Registration] - C:\Program Files\Lenovo Registration\LenovoReg.exe [4351712 2012-01-26] (Lenovo, Inc.)
HKLM\...\Run: [NetFxUpdate_v1.1.4322] - C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [106496 2004-08-10] (Microsoft)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-19] (AVAST Software)
HKU\S-1-5-21-2638138946-3830281041-644157228-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20587168 2013-11-18] (Skype Technologies S.A.)
HKU\S-1-5-21-2638138946-3830281041-644157228-1000\...\Run: [AutoStartNPSAgent] - E:\Samsung PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-2638138946-3830281041-644157228-1000\...\Run: [PicPick Start] - E:\Imaging\PicPick\picpick.exe [13229912 2014-01-16] (NTeWORKS)
AppInit_DLLs: C:\windows\system32\guard32.dll => C:\windows\system32\guard32.dll [301264 2012-11-08] (COMODO)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENE&bmod=LENE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {1345153D-84A3-4DF1-A314-495C5CF015C5} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENE
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\java\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\java\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\AntiVr\Superspyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: https://www.gmx.net/|hxxp://speedtest.net
FF Keyword.URL: hxxp://ph.search.yahoo.com/search?fr=mcafee&p=
FF NetworkProxy: "http", "192.168.0.103"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - E:\Program Files\java\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - E:\Program Files\java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - E:\Program Files\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\searchplugins\ixquick.xml
FF SearchPlugin: C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\searchplugins\webde-suche.xml
FF Extension: German Dictionary - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2012-11-02]
FF Extension: Wörterbuch Deutsch (de-DE), Hunspell-unterstützt - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\de_DE@dicts.j3e.de [2013-10-18]
FF Extension: United States English Spellchecker - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\en-US@dictionaries.addons.mozilla.org [2013-05-21]
FF Extension: TV-Fox - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4} [2013-04-24]
FF Extension: Live HTTP Headers - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2012-11-01]
FF Extension: WOT - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-01-16]
FF Extension: DownloadHelper - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-10-18]
FF Extension: FoxClocks - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2013-12-10]
FF Extension: Firebug - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\firebug@software.joehewitt.com.xpi [2012-11-01]
FF Extension: Open RegEdit Key - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\openregeditkey@kashiif.com.xpi [2012-11-01]
FF Extension: YSlow - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\yslow@yahoo-inc.com.xpi [2012-11-01]
FF Extension: Facebook Phishing Protector - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi [2012-11-01]
FF Extension: X-notifier - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2012-11-01]
FF Extension: FireFTP - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012-11-01]
FF Extension: Greasemonkey - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-11-01]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-03]
FF StartMenuInternet: FIREFOX.EXE - E:\Internet\FireFox\firefox.exe

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=LENE&bmod=LENE
CHR DefaultSearchKeyword: google.com.ph
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\netbook\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~1\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (AVG Security Toolbar) - C:\Users\netbook\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-02-25]
CHR Extension: (Google Wallet) - C:\Users\netbook\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-21]

========================== Services (Whitelisted) =================

R2 !SASCORE; D:\AntiVr\Superspyware\SASCORE.EXE [119056 2013-05-24] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-19] (AVAST Software)
R3 Bluetooth Device Manager; C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [3533656 2011-04-16] (Motorola Solutions, Inc.)
R2 Bluetooth Media Service; C:\Program Files\Motorola\Bluetooth\audiosrv.exe [904272 2011-03-18] (Motorola Solutions, Inc.)
R2 Bluetooth OBEX Service; C:\Program Files\Motorola\Bluetooth\obexsrv.exe [564056 2011-05-05] (Motorola Solutions, Inc.)
R2 cnosdsrv; C:\Program Files\cnosd\cnosdsrv.exe [49152 2011-01-21] ()
S3 Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2012-11-08] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 wampapache; F:\wamp\bin\apache\apache2.2.22\bin\httpd.exe [18432 2012-05-13] (Apache Software Foundation)
S3 wampmysqld; F:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe [8177664 2012-04-19] ()
S4 cmdAgent;  [X]
S4 FsUsbExService;  [X]
S4 VideAceWindowsService;  [X]

==================== Drivers (Whitelisted) ====================

R3 ACPIVPC; C:\windows\System32\DRIVERS\AcpiVpc.sys [23136 2011-01-28] (Lenovo Corporation)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [67824 2014-02-19] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [79720 2013-10-19] (AVAST Software)
R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [49944 2013-10-19] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [775952 2014-02-19] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [410784 2014-02-19] (AVAST Software)
R3 aswStm; C:\windows\system32\drivers\aswStm.sys [64168 2014-02-19] (AVAST Software)
R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [180248 2013-12-29] ()
R1 avgtp; C:\windows\system32\drivers\avgtpx86.sys [37664 2013-11-12] (AVG Technologies)
S3 btmaudio; C:\windows\System32\drivers\btmaud.sys [33920 2011-02-23] (Motorola Solutions, Inc.)
R3 BTMCOM; C:\windows\System32\Drivers\btmcom.sys [41472 2011-02-23] (Motorola Solutions, Inc.)
R3 BTMNET; C:\windows\System32\DRIVERS\btmnet.sys [21760 2011-02-23] (Motorola Solutions, Inc.)
R3 BTMUSB; C:\windows\System32\Drivers\btmusb.sys [547328 2011-03-23] (Motorola Solutions, Inc.)
R1 cmdGuard; C:\windows\System32\DRIVERS\cmdguard.sys [494416 2012-11-08] (COMODO)
R1 cmdHlp; C:\windows\System32\DRIVERS\cmdhlp.sys [36072 2012-11-08] (COMODO)
S3 epmntdrv; C:\windows\system32\epmntdrv.sys [14216 2009-08-26] ()
R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [120104 2011-05-17] (ELAN Microelectronics Corp.)
S3 EuGdiDrv; C:\windows\system32\EuGdiDrv.sys [8456 2009-09-16] ()
S3 FsUsbExDisk; C:\windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
R1 funfrm; C:\windows\system32\Drivers\funfrm.sys [53136 2012-11-15] ()
S3 gdrv; C:\windows\gdrv.sys [17488 2013-06-14] (Windows (R) 2000 DDK provider)
R1 inspect; C:\windows\System32\DRIVERS\inspect.sys [82952 2012-11-08] (COMODO)
R0 LHDmgr; C:\windows\System32\DRIVERS\LhdX86.sys [32352 2010-01-16] (Lenovo.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 networx; C:\windows\System32\drivers\networx.sys [52728 2013-01-25] (NetFilterSDK.com)
R3 RTL8192Ce; C:\windows\System32\DRIVERS\rtl8192Ce.sys [760936 2011-12-22] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; D:\AntiVr\Superspyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; D:\AntiVr\Superspyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 StarOpen; C:\windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 TrojanKillerDriver; C:\windows\System32\DRIVERS\gtkdrv.sys [16128 2014-02-11] (Windows (R) Win 7 DDK provider)
S3 wsvd; C:\windows\System32\DRIVERS\wsvd.sys [81704 2009-07-22] (CyberLink)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-24 09:16 - 2014-02-24 09:16 - 00076344 _____ () C:\Users\netbook\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-24 09:07 - 2014-02-24 09:07 - 00189672 _____ () C:\Users\netbook\Desktop\Gmer.txt
2014-02-24 08:25 - 2014-02-24 15:06 - 00000000 ____D () C:\FRST
2014-02-24 08:23 - 2014-02-24 08:23 - 00000000 _____ () C:\Users\netbook\defogger_reenable
2014-02-23 10:21 - 2014-02-23 10:21 - 00000763 _____ () C:\Users\Public\Desktop\Trojan Killer.lnk
2014-02-23 10:21 - 2014-02-23 10:21 - 00000000 ____D () C:\ProgramData\GridinSoft
2014-02-23 09:55 - 2014-02-23 09:55 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Malwarebytes
2014-02-22 13:07 - 2013-11-27 07:29 - 05693440 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-02-22 09:06 - 2014-02-22 09:06 - 00000760 _____ () C:\windows\DCEBOOT.RST
2014-02-22 09:06 - 2014-02-22 09:06 - 00000000 _____ () C:\windows\DCEBOOT.LOG
2014-02-22 08:55 - 2014-02-22 09:02 - 00181776 _____ () C:\windows\RegBootClean.exe
2014-02-22 08:55 - 2014-02-22 08:58 - 00022032 _____ () C:\windows\DCEBoot.exe
2014-02-22 08:21 - 2014-02-22 08:21 - 00257928 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys
2014-02-22 08:21 - 2014-02-22 08:21 - 00000036 _____ () C:\Users\netbook\AppData\Local\housecall.guid.cache
2014-02-21 17:40 - 2014-02-21 17:40 - 00000000 ____D () C:\Users\netbook\AppData\Roaming\Malwarebytes
2014-02-21 17:39 - 2014-02-21 18:05 - 00001067 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-21 17:39 - 2014-02-21 18:05 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-21 17:39 - 2014-02-21 17:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-21 17:39 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-02-21 10:10 - 2013-10-02 08:42 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-02-21 10:10 - 2013-10-02 08:32 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-21 10:10 - 2013-10-02 08:30 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-21 10:10 - 2013-10-02 08:14 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-02-21 10:10 - 2013-10-02 08:14 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-02-21 10:10 - 2013-10-02 07:58 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-02-21 10:10 - 2013-10-02 07:45 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-02-21 10:10 - 2013-10-02 07:08 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-02-21 10:10 - 2013-10-02 07:00 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-02-21 10:10 - 2013-10-02 06:53 - 00350208 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-02-21 10:10 - 2013-10-02 06:34 - 01068544 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-02-21 10:08 - 2014-02-06 18:38 - 17103872 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-21 10:08 - 2014-02-06 18:20 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-21 10:08 - 2014-02-06 18:19 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-21 10:08 - 2014-02-06 18:01 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-21 10:08 - 2014-02-06 18:00 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-21 10:08 - 2014-02-06 17:57 - 02168320 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-21 10:08 - 2014-02-06 17:52 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-21 10:08 - 2014-02-06 17:52 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-21 10:08 - 2014-02-06 17:49 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-21 10:08 - 2014-02-06 17:47 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-21 10:08 - 2014-02-06 17:47 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-21 10:08 - 2014-02-06 17:46 - 00553472 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-21 10:08 - 2014-02-06 17:34 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-21 10:08 - 2014-02-06 17:25 - 04244480 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-21 10:08 - 2014-02-06 17:25 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-21 10:08 - 2014-02-06 17:13 - 00524288 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-21 10:08 - 2014-02-06 17:09 - 01964032 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-21 10:08 - 2014-02-06 17:03 - 11266048 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-21 10:08 - 2014-02-06 16:41 - 01820160 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-21 10:08 - 2014-02-06 16:36 - 01156096 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-21 10:08 - 2014-02-06 16:34 - 00703488 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-21 09:53 - 2013-12-21 16:56 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-02-21 08:46 - 2013-12-25 07:09 - 01987584 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-02-21 08:46 - 2013-11-26 16:16 - 03419136 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-02-21 08:45 - 2013-12-04 10:03 - 00428032 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
2014-02-21 08:45 - 2013-12-04 10:03 - 00423936 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
2014-02-21 08:45 - 2013-12-04 10:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
2014-02-21 08:45 - 2013-12-04 10:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
2014-02-21 08:45 - 2013-12-04 10:02 - 00390144 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2014-02-21 08:45 - 2013-12-04 09:54 - 00594944 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
2014-02-21 08:45 - 2013-12-04 09:54 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
2014-02-21 08:45 - 2013-12-04 09:54 - 00510976 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
2014-02-21 08:45 - 2013-12-04 09:54 - 00508928 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
2014-02-21 08:37 - 2014-01-01 07:05 - 00420008 _____ () C:\windows\system32\locale.nls
2014-02-21 08:37 - 2013-09-25 09:57 - 00792576 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-02-21 08:36 - 2013-12-06 10:02 - 01237504 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-02-21 08:36 - 2013-12-06 10:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-02-21 08:32 - 2013-11-27 09:14 - 00258560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-02-21 08:32 - 2013-11-27 09:13 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-02-21 08:32 - 2013-11-27 09:13 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-02-21 08:32 - 2013-11-27 09:13 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-02-21 08:32 - 2013-11-27 09:13 - 00024064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-02-21 08:32 - 2013-11-27 09:13 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2014-02-21 08:32 - 2013-11-27 09:13 - 00006016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-02-11 19:59 - 2014-02-11 19:59 - 00016128 _____ (Windows (R) Win 7 DDK provider) C:\windows\system32\Drivers\gtkdrv.sys

==================== One Month Modified Files and Folders =======

2014-02-24 15:06 - 2014-02-24 08:25 - 00000000 ____D () C:\FRST
2014-02-24 15:06 - 2013-04-17 10:14 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2638138946-3830281041-644157228-1001UA.job
2014-02-24 15:06 - 2013-04-17 10:14 - 00000868 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2638138946-3830281041-644157228-1001Core.job
2014-02-24 15:06 - 2012-10-30 15:59 - 00000000 ____D () C:\Users\netbook\AppData\Roaming\Skype
2014-02-24 15:04 - 2013-06-03 16:19 - 00000350 _____ () C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-02-24 15:04 - 2012-05-26 08:18 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-24 14:48 - 2012-05-26 08:18 - 00000900 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-24 14:27 - 2012-11-09 05:56 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-02-24 13:32 - 2009-07-14 12:34 - 00016752 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-24 13:32 - 2009-07-14 12:34 - 00016752 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-24 13:24 - 2009-07-14 12:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-02-24 13:24 - 2009-07-14 12:39 - 00119972 _____ () C:\windows\setupact.log
2014-02-24 12:17 - 2012-05-26 07:27 - 01511494 _____ () C:\windows\WindowsUpdate.log
2014-02-24 09:16 - 2014-02-24 09:16 - 00076344 _____ () C:\Users\netbook\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-24 09:07 - 2014-02-24 09:07 - 00189672 _____ () C:\Users\netbook\Desktop\Gmer.txt
2014-02-24 08:23 - 2014-02-24 08:23 - 00000000 _____ () C:\Users\netbook\defogger_reenable
2014-02-24 08:23 - 2012-10-30 12:33 - 00000000 ____D () C:\Users\netbook
2014-02-23 10:21 - 2014-02-23 10:21 - 00000763 _____ () C:\Users\Public\Desktop\Trojan Killer.lnk
2014-02-23 10:21 - 2014-02-23 10:21 - 00000000 ____D () C:\ProgramData\GridinSoft
2014-02-23 09:55 - 2014-02-23 09:55 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Malwarebytes
2014-02-22 14:06 - 2009-07-14 10:37 - 00000000 ____D () C:\windows\system32\NDF
2014-02-22 09:06 - 2014-02-22 09:06 - 00000760 _____ () C:\windows\DCEBOOT.RST
2014-02-22 09:06 - 2014-02-22 09:06 - 00000000 _____ () C:\windows\DCEBOOT.LOG
2014-02-22 09:06 - 2010-11-21 05:48 - 00208038 _____ () C:\windows\PFRO.log
2014-02-22 09:02 - 2014-02-22 08:55 - 00181776 _____ () C:\windows\RegBootClean.exe
2014-02-22 08:58 - 2014-02-22 08:55 - 00022032 _____ () C:\windows\DCEBoot.exe
2014-02-22 08:58 - 2012-05-26 08:08 - 00000000 ___HD () C:\QuickStartUtil
2014-02-22 08:21 - 2014-02-22 08:21 - 00257928 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys
2014-02-22 08:21 - 2014-02-22 08:21 - 00000036 _____ () C:\Users\netbook\AppData\Local\housecall.guid.cache
2014-02-21 18:05 - 2014-02-21 17:39 - 00001067 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-21 18:05 - 2014-02-21 17:39 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-21 17:40 - 2014-02-21 17:40 - 00000000 ____D () C:\Users\netbook\AppData\Roaming\Malwarebytes
2014-02-21 17:39 - 2014-02-21 17:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-21 16:08 - 2009-07-14 10:37 - 00000000 ____D () C:\windows\rescache
2014-02-21 11:57 - 2009-07-14 10:37 - 00000000 ____D () C:\windows\Microsoft.NET
2014-02-21 11:30 - 2012-10-30 19:17 - 00000000 ____D () C:\Users\internet\AppData\Roaming\vlc
2014-02-21 10:07 - 2013-07-16 07:14 - 00000000 ____D () C:\windows\system32\MRT
2014-02-21 09:58 - 2012-11-01 09:31 - 85946576 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-02-21 09:51 - 2010-11-21 05:01 - 00789298 _____ () C:\windows\system32\PerfStringBackup.INI
2014-02-19 15:35 - 2012-11-02 19:59 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Mozilla
2014-02-19 15:15 - 2013-10-19 12:52 - 00002047 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-19 15:14 - 2013-12-29 18:21 - 00064168 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys
2014-02-19 15:14 - 2012-11-03 08:02 - 00775952 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2014-02-19 15:14 - 2012-11-03 08:02 - 00410784 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-02-19 15:14 - 2012-11-03 08:02 - 00270240 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-02-19 15:14 - 2012-11-03 08:02 - 00067824 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-02-19 15:14 - 2012-11-03 08:02 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-02-16 09:40 - 2009-07-14 12:53 - 00032642 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-02-11 19:59 - 2014-02-11 19:59 - 00016128 _____ (Windows (R) Win 7 DDK provider) C:\windows\system32\Drivers\gtkdrv.sys
2014-02-10 11:30 - 2012-11-09 05:56 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-02-10 11:30 - 2012-11-09 05:56 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-06 18:38 - 2014-02-21 10:08 - 17103872 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-06 18:20 - 2014-02-21 10:08 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-06 18:19 - 2014-02-21 10:08 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-06 18:01 - 2014-02-21 10:08 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-06 18:00 - 2014-02-21 10:08 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-06 17:57 - 2014-02-21 10:08 - 02168320 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-06 17:52 - 2014-02-21 10:08 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-06 17:52 - 2014-02-21 10:08 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-06 17:49 - 2014-02-21 10:08 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-06 17:47 - 2014-02-21 10:08 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-06 17:47 - 2014-02-21 10:08 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-06 17:46 - 2014-02-21 10:08 - 00553472 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-06 17:34 - 2014-02-21 10:08 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-06 17:25 - 2014-02-21 10:08 - 04244480 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-06 17:25 - 2014-02-21 10:08 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-06 17:13 - 2014-02-21 10:08 - 00524288 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-06 17:09 - 2014-02-21 10:08 - 01964032 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-06 17:03 - 2014-02-21 10:08 - 11266048 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-06 16:41 - 2014-02-21 10:08 - 01820160 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-06 16:36 - 2014-02-21 10:08 - 01156096 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-06 16:34 - 2014-02-21 10:08 - 00703488 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-03 17:23 - 2012-10-30 18:36 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Skype

==================== Bamital & volsnap Check =================

C:\windows\explorer.exe => MD5 is legit
C:\windows\system32\winlogon.exe => MD5 is legit
C:\windows\system32\wininit.exe => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\services.exe => MD5 is legit
C:\windows\system32\User32.dll => MD5 is legit
C:\windows\system32\userinit.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-21 15:59

==================== End Of Log ============================

--- --- ---

Die Datei Addition.txt wurde aber nicht erneut erstellt.

Danke und bis denn
Andreas

schrauber · 25.02.2014, 09:43

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

wbtroj · 25.02.2014, 11:45

Hallo,
hier de geforderten Log's
AdwCleaner:

Code:

ATTFilter

# AdwCleaner v3.019 - Report created 25/02/2014 at 17:35:22
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)
# Username : netbook - NETBOOK-PC
# Running from : D:\AntiVr\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\netbook\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v16.0.2 (de)

[ File : C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\prefs.js ]


[ File : C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\prefs.js ]

Line Deleted : user_pref("extensions.xnotifier.accounts.[gmail#wiedeia@google.mail].inboxOnly", true);
Line Deleted : user_pref("extensions.xnotifier.accounts.[gmail#wiedeia].inboxOnly", true);
Line Deleted : user_pref("extensions.xnotifier.accounts.[yahoo#arthur1899@yahoo.com].inboxOnly", true);
Line Deleted : user_pref("extensions.xnotifier.accounts.[yahoo#sanduganbeach@yahoo.com].inboxOnly", true);
Line Deleted : user_pref("extensions.xnotifier.accounts.gmail.wiedeia.inboxOnly", true);
Line Deleted : user_pref("extensions.xnotifier.accounts.gmail.wiedeir.inboxOnly", true);
Line Deleted : user_pref("extensions.xnotifier.accounts.yahoo.makunemulit@yahoo.com.inboxOnly", true);

[ File : C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default - Copy\prefs.js ]


[ File : C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.old\prefs.js ]


-\\ Google Chrome v32.0.1700.107

[ File : C:\Users\netbook\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R1].txt - [2087 octets] - [25/02/2014 17:30:26]
AdwCleaner[S1].txt - [2024 octets] - [25/02/2014 17:35:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2084 octets] ##########

JRT

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Starter x86
Ran by netbook on Tue 02/25/2014 at 17:55:56.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Suspicious HKLM\..\Run entries found. Trojan:JS/Medfos.B?

    Value Name          Type                             Value Data                     
========================================================================================
    BTMTrayAgent    REG_SZ    rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp




~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\windows\system32\sho1A29.tmp
Successfully deleted: [File] C:\windows\system32\sho1E2D.tmp
Successfully deleted: [File] C:\windows\system32\sho1FCB.tmp
Successfully deleted: [File] C:\windows\system32\sho2390.tmp
Successfully deleted: [File] C:\windows\system32\sho2C51.tmp
Successfully deleted: [File] C:\windows\system32\sho378E.tmp
Successfully deleted: [File] C:\windows\system32\sho3DA.tmp
Successfully deleted: [File] C:\windows\system32\sho43F6.tmp
Successfully deleted: [File] C:\windows\system32\sho4AB9.tmp
Successfully deleted: [File] C:\windows\system32\sho50C0.tmp
Successfully deleted: [File] C:\windows\system32\sho59BB.tmp
Successfully deleted: [File] C:\windows\system32\sho5A0A.tmp
Successfully deleted: [File] C:\windows\system32\sho6542.tmp
Successfully deleted: [File] C:\windows\system32\sho6CC0.tmp
Successfully deleted: [File] C:\windows\system32\sho6D39.tmp
Successfully deleted: [File] C:\windows\system32\sho7187.tmp
Successfully deleted: [File] C:\windows\system32\sho7679.tmp
Successfully deleted: [File] C:\windows\system32\sho7C0.tmp
Successfully deleted: [File] C:\windows\system32\sho7F14.tmp
Successfully deleted: [File] C:\windows\system32\sho89C9.tmp
Successfully deleted: [File] C:\windows\system32\sho8C37.tmp
Successfully deleted: [File] C:\windows\system32\sho8C3D.tmp
Successfully deleted: [File] C:\windows\system32\sho8D9F.tmp
Successfully deleted: [File] C:\windows\system32\sho910D.tmp
Successfully deleted: [File] C:\windows\system32\sho9535.tmp
Successfully deleted: [File] C:\windows\system32\sho9A21.tmp
Successfully deleted: [File] C:\windows\system32\shoA0C2.tmp
Successfully deleted: [File] C:\windows\system32\shoA36F.tmp
Successfully deleted: [File] C:\windows\system32\shoA64C.tmp
Successfully deleted: [File] C:\windows\system32\shoA73F.tmp
Successfully deleted: [File] C:\windows\system32\shoA8E2.tmp
Successfully deleted: [File] C:\windows\system32\shoAB9E.tmp
Successfully deleted: [File] C:\windows\system32\shoAE30.tmp
Successfully deleted: [File] C:\windows\system32\shoBD09.tmp
Successfully deleted: [File] C:\windows\system32\shoC0F9.tmp
Successfully deleted: [File] C:\windows\system32\shoC54B.tmp
Successfully deleted: [File] C:\windows\system32\shoDCD8.tmp
Successfully deleted: [File] C:\windows\system32\shoE077.tmp
Successfully deleted: [File] C:\windows\system32\shoE3B9.tmp
Successfully deleted: [File] C:\windows\system32\shoEEDB.tmp



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/25/2014 at 18:13:20.45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-02-2014 01
Ran by netbook (administrator) on NETBOOK-PC on 25-02-2014 18:36:38
Running from D:\AntiVr\TrojaneroardSoftware
Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) D:\AntiVr\Superspyware\SASCORE.EXE
(Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
() C:\Program Files\cnosd\cnosdsrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Motorola Solutions, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\windows\system32\wbem\unsecapp.exe
(Samsung Electronics Co., Ltd.) E:\Samsung PC Studio\NPSAgent.exe
(NTeWORKS) E:\Imaging\PicPick\picpick.exe
(Microsoft Corporation) E:\Program Files\Microsoft Office\Office10\msoffice.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM\...\Run: [GfxServiceInstall] - C:\windows\system32\GfxCUIServiceInstall.vbs [131 2012-02-27] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10025576 2011-02-14] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [1813800 2011-05-17] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files\Motorola\Bluetooth\btmshell.dll [24868696 2011-04-22] (Motorola Solutions, Inc.)
HKLM\...\Run: [Energy Management] - C:\Program Files\Lenovo\Energy Management\Energy Management.exe [8972224 2011-04-01] (Lenovo (Beijing) Limited)
HKLM\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-14] (CyberLink Corp.)
HKLM\...\Run: [Lenovo Registration] - C:\Program Files\Lenovo Registration\LenovoReg.exe [4351712 2012-01-26] (Lenovo, Inc.)
HKLM\...\Run: [NetFxUpdate_v1.1.4322] - C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [106496 2004-08-10] (Microsoft)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-19] (AVAST Software)
HKU\S-1-5-21-2638138946-3830281041-644157228-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20587168 2013-11-18] (Skype Technologies S.A.)
HKU\S-1-5-21-2638138946-3830281041-644157228-1000\...\Run: [AutoStartNPSAgent] - E:\Samsung PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-2638138946-3830281041-644157228-1000\...\Run: [PicPick Start] - E:\Imaging\PicPick\picpick.exe [13229912 2014-01-16] (NTeWORKS)
AppInit_DLLs: C:\windows\system32\guard32.dll => C:\windows\system32\guard32.dll [301264 2012-11-08] (COMODO)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENE&bmod=LENE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {1345153D-84A3-4DF1-A314-495C5CF015C5} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENE
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\java\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\java\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\AntiVr\Superspyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com)
Tcpip\..\Interfaces\{8D9DBDAF-6B79-4E33-B3FB-E5D99ED809E5}: [NameServer]192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default
FF Homepage: https://www.gmx.net/|hxxp://speedtest.net
FF Keyword.URL: hxxp://ph.search.yahoo.com/search?fr=mcafee&p=
FF NetworkProxy: "http", "192.168.0.103"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - E:\Program Files\java\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - E:\Program Files\java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - E:\Program Files\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\searchplugins\ixquick.xml
FF SearchPlugin: C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\searchplugins\webde-suche.xml
FF Extension: German Dictionary - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2012-11-02]
FF Extension: Wörterbuch Deutsch (de-DE), Hunspell-unterstützt - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\de_DE@dicts.j3e.de [2013-10-18]
FF Extension: United States English Spellchecker - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\en-US@dictionaries.addons.mozilla.org [2013-05-21]
FF Extension: TV-Fox - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4} [2013-04-24]
FF Extension: Live HTTP Headers - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2012-11-01]
FF Extension: WOT - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-01-16]
FF Extension: DownloadHelper - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-10-18]
FF Extension: FoxClocks - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2013-12-10]
FF Extension: Firebug - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\firebug@software.joehewitt.com.xpi [2012-11-01]
FF Extension: Open RegEdit Key - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\openregeditkey@kashiif.com.xpi [2012-11-01]
FF Extension: YSlow - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\yslow@yahoo-inc.com.xpi [2012-11-01]
FF Extension: Facebook Phishing Protector - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi [2012-11-01]
FF Extension: X-notifier - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2012-11-01]
FF Extension: FireFTP - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012-11-01]
FF Extension: Greasemonkey - C:\Users\netbook\AppData\Roaming\Mozilla\Firefox\Profiles\uqpil8kf.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-11-01]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-03]
FF StartMenuInternet: FIREFOX.EXE - E:\Internet\FireFox\firefox.exe

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=LENE&bmod=LENE
CHR DefaultSearchKeyword: google.com.ph
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\netbook\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~1\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (Google Wallet) - C:\Users\netbook\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-21]

========================== Services (Whitelisted) =================

R2 !SASCORE; D:\AntiVr\Superspyware\SASCORE.EXE [119056 2013-05-24] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-19] (AVAST Software)
R3 Bluetooth Device Manager; C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [3533656 2011-04-16] (Motorola Solutions, Inc.)
R2 Bluetooth Media Service; C:\Program Files\Motorola\Bluetooth\audiosrv.exe [904272 2011-03-18] (Motorola Solutions, Inc.)
R2 Bluetooth OBEX Service; C:\Program Files\Motorola\Bluetooth\obexsrv.exe [564056 2011-05-05] (Motorola Solutions, Inc.)
R2 cnosdsrv; C:\Program Files\cnosd\cnosdsrv.exe [49152 2011-01-21] ()
S3 Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2012-11-08] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 wampapache; F:\wamp\bin\apache\apache2.2.22\bin\httpd.exe [18432 2012-05-13] (Apache Software Foundation)
S3 wampmysqld; F:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe [8177664 2012-04-19] ()
S4 cmdAgent;  [X]
S4 FsUsbExService;  [X]
S4 VideAceWindowsService;  [X]

==================== Drivers (Whitelisted) ====================

R3 ACPIVPC; C:\windows\System32\DRIVERS\AcpiVpc.sys [23136 2011-01-28] (Lenovo Corporation)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [67824 2014-02-19] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [79720 2013-10-19] (AVAST Software)
R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [49944 2013-10-19] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [775952 2014-02-19] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [410784 2014-02-19] (AVAST Software)
R3 aswStm; C:\windows\system32\drivers\aswStm.sys [64168 2014-02-19] (AVAST Software)
R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [180248 2013-12-29] ()
R1 avgtp; C:\windows\system32\drivers\avgtpx86.sys [37664 2013-11-12] (AVG Technologies)
S3 btmaudio; C:\windows\System32\drivers\btmaud.sys [33920 2011-02-23] (Motorola Solutions, Inc.)
R3 BTMCOM; C:\windows\System32\Drivers\btmcom.sys [41472 2011-02-23] (Motorola Solutions, Inc.)
R3 BTMNET; C:\windows\System32\DRIVERS\btmnet.sys [21760 2011-02-23] (Motorola Solutions, Inc.)
R3 BTMUSB; C:\windows\System32\Drivers\btmusb.sys [547328 2011-03-23] (Motorola Solutions, Inc.)
R1 cmdGuard; C:\windows\System32\DRIVERS\cmdguard.sys [494416 2012-11-08] (COMODO)
R1 cmdHlp; C:\windows\System32\DRIVERS\cmdhlp.sys [36072 2012-11-08] (COMODO)
S3 epmntdrv; C:\windows\system32\epmntdrv.sys [14216 2009-08-26] ()
R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [120104 2011-05-17] (ELAN Microelectronics Corp.)
S3 EuGdiDrv; C:\windows\system32\EuGdiDrv.sys [8456 2009-09-16] ()
S3 FsUsbExDisk; C:\windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
R1 funfrm; C:\windows\system32\Drivers\funfrm.sys [53136 2012-11-15] ()
S3 gdrv; C:\windows\gdrv.sys [17488 2013-06-14] (Windows (R) 2000 DDK provider)
R1 inspect; C:\windows\System32\DRIVERS\inspect.sys [82952 2012-11-08] (COMODO)
R0 LHDmgr; C:\windows\System32\DRIVERS\LhdX86.sys [32352 2010-01-16] (Lenovo.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 networx; C:\windows\System32\drivers\networx.sys [52728 2013-01-25] (NetFilterSDK.com)
R3 RTL8192Ce; C:\windows\System32\DRIVERS\rtl8192Ce.sys [760936 2011-12-22] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; D:\AntiVr\Superspyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; D:\AntiVr\Superspyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 StarOpen; C:\windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 TrojanKillerDriver; C:\windows\System32\DRIVERS\gtkdrv.sys [16128 2014-02-11] (Windows (R) Win 7 DDK provider)
S3 wsvd; C:\windows\System32\DRIVERS\wsvd.sys [81704 2009-07-22] (CyberLink)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-25 18:13 - 2014-02-25 18:13 - 00003458 _____ () C:\Users\netbook\Desktop\JRT.txt
2014-02-25 17:55 - 2014-02-25 17:55 - 00000000 ____D () C:\windows\ERUNT
2014-02-25 17:26 - 2014-02-25 17:36 - 00000000 ____D () C:\AdwCleaner
2014-02-25 17:23 - 2014-02-25 17:23 - 00000000 ____D () C:\Users\netbook\AppData\Roaming\Adobe
2014-02-24 09:16 - 2014-02-24 09:16 - 00076344 _____ () C:\Users\netbook\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-24 09:07 - 2014-02-24 09:07 - 00189672 _____ () C:\Users\netbook\Desktop\Gmer.txt
2014-02-24 08:25 - 2014-02-25 18:36 - 00000000 ____D () C:\FRST
2014-02-24 08:23 - 2014-02-24 08:23 - 00000000 _____ () C:\Users\netbook\defogger_reenable
2014-02-23 10:21 - 2014-02-23 10:21 - 00000763 _____ () C:\Users\Public\Desktop\Trojan Killer.lnk
2014-02-23 10:21 - 2014-02-23 10:21 - 00000000 ____D () C:\ProgramData\GridinSoft
2014-02-23 09:55 - 2014-02-23 09:55 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Malwarebytes
2014-02-22 13:07 - 2013-11-27 07:29 - 05693440 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-02-22 09:06 - 2014-02-22 09:06 - 00000760 _____ () C:\windows\DCEBOOT.RST
2014-02-22 09:06 - 2014-02-22 09:06 - 00000000 _____ () C:\windows\DCEBOOT.LOG
2014-02-22 08:55 - 2014-02-22 09:02 - 00181776 _____ () C:\windows\RegBootClean.exe
2014-02-22 08:55 - 2014-02-22 08:58 - 00022032 _____ () C:\windows\DCEBoot.exe
2014-02-22 08:21 - 2014-02-22 08:21 - 00257928 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys
2014-02-22 08:21 - 2014-02-22 08:21 - 00000036 _____ () C:\Users\netbook\AppData\Local\housecall.guid.cache
2014-02-21 17:40 - 2014-02-21 17:40 - 00000000 ____D () C:\Users\netbook\AppData\Roaming\Malwarebytes
2014-02-21 17:39 - 2014-02-21 18:05 - 00001067 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-21 17:39 - 2014-02-21 18:05 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-21 17:39 - 2014-02-21 17:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-21 17:39 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-02-21 10:10 - 2013-10-02 08:42 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-02-21 10:10 - 2013-10-02 08:32 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-21 10:10 - 2013-10-02 08:30 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-21 10:10 - 2013-10-02 08:14 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-02-21 10:10 - 2013-10-02 08:14 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-02-21 10:10 - 2013-10-02 07:58 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-02-21 10:10 - 2013-10-02 07:45 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-02-21 10:10 - 2013-10-02 07:08 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-02-21 10:10 - 2013-10-02 07:00 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-02-21 10:10 - 2013-10-02 06:53 - 00350208 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-02-21 10:10 - 2013-10-02 06:34 - 01068544 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-02-21 10:08 - 2014-02-06 18:38 - 17103872 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-21 10:08 - 2014-02-06 18:20 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-21 10:08 - 2014-02-06 18:19 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-21 10:08 - 2014-02-06 18:01 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-21 10:08 - 2014-02-06 18:00 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-21 10:08 - 2014-02-06 17:57 - 02168320 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-21 10:08 - 2014-02-06 17:52 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-21 10:08 - 2014-02-06 17:52 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-21 10:08 - 2014-02-06 17:49 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-21 10:08 - 2014-02-06 17:47 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-21 10:08 - 2014-02-06 17:47 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-21 10:08 - 2014-02-06 17:46 - 00553472 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-21 10:08 - 2014-02-06 17:34 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-21 10:08 - 2014-02-06 17:25 - 04244480 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-21 10:08 - 2014-02-06 17:25 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-21 10:08 - 2014-02-06 17:13 - 00524288 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-21 10:08 - 2014-02-06 17:09 - 01964032 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-21 10:08 - 2014-02-06 17:03 - 11266048 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-21 10:08 - 2014-02-06 16:41 - 01820160 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-21 10:08 - 2014-02-06 16:36 - 01156096 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-21 10:08 - 2014-02-06 16:34 - 00703488 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-21 09:53 - 2013-12-21 16:56 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-02-21 08:46 - 2013-12-25 07:09 - 01987584 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-02-21 08:46 - 2013-11-26 16:16 - 03419136 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-02-21 08:45 - 2013-12-04 10:03 - 00428032 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
2014-02-21 08:45 - 2013-12-04 10:03 - 00423936 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
2014-02-21 08:45 - 2013-12-04 10:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
2014-02-21 08:45 - 2013-12-04 10:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
2014-02-21 08:45 - 2013-12-04 10:02 - 00390144 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2014-02-21 08:45 - 2013-12-04 09:54 - 00594944 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
2014-02-21 08:45 - 2013-12-04 09:54 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
2014-02-21 08:45 - 2013-12-04 09:54 - 00510976 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
2014-02-21 08:45 - 2013-12-04 09:54 - 00508928 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
2014-02-21 08:37 - 2014-01-01 07:05 - 00420008 _____ () C:\windows\system32\locale.nls
2014-02-21 08:37 - 2013-09-25 09:57 - 00792576 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-02-21 08:36 - 2013-12-06 10:02 - 01237504 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-02-21 08:36 - 2013-12-06 10:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-02-21 08:32 - 2013-11-27 09:14 - 00258560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-02-21 08:32 - 2013-11-27 09:13 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-02-21 08:32 - 2013-11-27 09:13 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-02-21 08:32 - 2013-11-27 09:13 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-02-21 08:32 - 2013-11-27 09:13 - 00024064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-02-21 08:32 - 2013-11-27 09:13 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2014-02-21 08:32 - 2013-11-27 09:13 - 00006016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-02-11 19:59 - 2014-02-11 19:59 - 00016128 _____ (Windows (R) Win 7 DDK provider) C:\windows\system32\Drivers\gtkdrv.sys

==================== One Month Modified Files and Folders =======

2014-02-25 18:36 - 2014-02-24 08:25 - 00000000 ____D () C:\FRST
2014-02-25 18:34 - 2012-11-09 05:56 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-02-25 18:34 - 2012-10-30 15:59 - 00000000 ____D () C:\Users\netbook\AppData\Roaming\Skype
2014-02-25 18:13 - 2014-02-25 18:13 - 00003458 _____ () C:\Users\netbook\Desktop\JRT.txt
2014-02-25 18:10 - 2012-05-26 08:18 - 00000900 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-25 18:06 - 2013-04-17 10:14 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2638138946-3830281041-644157228-1001UA.job
2014-02-25 17:58 - 2009-07-14 12:34 - 00016752 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-25 17:58 - 2009-07-14 12:34 - 00016752 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-25 17:55 - 2014-02-25 17:55 - 00000000 ____D () C:\windows\ERUNT
2014-02-25 17:51 - 2013-06-03 16:19 - 00000350 _____ () C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-02-25 17:51 - 2012-05-26 08:18 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-25 17:50 - 2009-07-14 12:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-02-25 17:50 - 2009-07-14 12:39 - 00120476 _____ () C:\windows\setupact.log
2014-02-25 17:49 - 2012-05-26 07:27 - 01561198 _____ () C:\windows\WindowsUpdate.log
2014-02-25 17:48 - 2012-11-02 08:20 - 00000000 ____D () C:\Users\netbook\AppData\Roaming\LibreOffice
2014-02-25 17:36 - 2014-02-25 17:26 - 00000000 ____D () C:\AdwCleaner
2014-02-25 17:23 - 2014-02-25 17:23 - 00000000 ____D () C:\Users\netbook\AppData\Roaming\Adobe
2014-02-25 17:19 - 2012-10-30 18:36 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Skype
2014-02-25 16:02 - 2009-07-14 10:37 - 00000000 ____D () C:\windows\system32\NDF
2014-02-25 13:36 - 2012-10-30 12:33 - 00000000 ____D () C:\Users\netbook
2014-02-25 12:23 - 2010-11-21 05:01 - 00796684 _____ () C:\windows\system32\PerfStringBackup.INI
2014-02-25 11:26 - 2012-11-09 05:56 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-02-25 11:26 - 2012-11-09 05:56 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-24 15:06 - 2013-04-17 10:14 - 00000868 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2638138946-3830281041-644157228-1001Core.job
2014-02-24 09:16 - 2014-02-24 09:16 - 00076344 _____ () C:\Users\netbook\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-24 09:07 - 2014-02-24 09:07 - 00189672 _____ () C:\Users\netbook\Desktop\Gmer.txt
2014-02-24 08:23 - 2014-02-24 08:23 - 00000000 _____ () C:\Users\netbook\defogger_reenable
2014-02-23 10:21 - 2014-02-23 10:21 - 00000763 _____ () C:\Users\Public\Desktop\Trojan Killer.lnk
2014-02-23 10:21 - 2014-02-23 10:21 - 00000000 ____D () C:\ProgramData\GridinSoft
2014-02-23 09:55 - 2014-02-23 09:55 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Malwarebytes
2014-02-22 09:06 - 2014-02-22 09:06 - 00000760 _____ () C:\windows\DCEBOOT.RST
2014-02-22 09:06 - 2014-02-22 09:06 - 00000000 _____ () C:\windows\DCEBOOT.LOG
2014-02-22 09:06 - 2010-11-21 05:48 - 00208038 _____ () C:\windows\PFRO.log
2014-02-22 09:02 - 2014-02-22 08:55 - 00181776 _____ () C:\windows\RegBootClean.exe
2014-02-22 08:58 - 2014-02-22 08:55 - 00022032 _____ () C:\windows\DCEBoot.exe
2014-02-22 08:58 - 2012-05-26 08:08 - 00000000 ___HD () C:\QuickStartUtil
2014-02-22 08:21 - 2014-02-22 08:21 - 00257928 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys
2014-02-22 08:21 - 2014-02-22 08:21 - 00000036 _____ () C:\Users\netbook\AppData\Local\housecall.guid.cache
2014-02-21 18:05 - 2014-02-21 17:39 - 00001067 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-21 18:05 - 2014-02-21 17:39 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-21 17:40 - 2014-02-21 17:40 - 00000000 ____D () C:\Users\netbook\AppData\Roaming\Malwarebytes
2014-02-21 17:39 - 2014-02-21 17:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-21 16:08 - 2009-07-14 10:37 - 00000000 ____D () C:\windows\rescache
2014-02-21 11:57 - 2009-07-14 10:37 - 00000000 ____D () C:\windows\Microsoft.NET
2014-02-21 11:30 - 2012-10-30 19:17 - 00000000 ____D () C:\Users\internet\AppData\Roaming\vlc
2014-02-21 10:07 - 2013-07-16 07:14 - 00000000 ____D () C:\windows\system32\MRT
2014-02-21 09:58 - 2012-11-01 09:31 - 85946576 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-02-19 15:35 - 2012-11-02 19:59 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Mozilla
2014-02-19 15:15 - 2013-10-19 12:52 - 00002047 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-19 15:14 - 2013-12-29 18:21 - 00064168 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys
2014-02-19 15:14 - 2012-11-03 08:02 - 00775952 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2014-02-19 15:14 - 2012-11-03 08:02 - 00410784 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-02-19 15:14 - 2012-11-03 08:02 - 00270240 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-02-19 15:14 - 2012-11-03 08:02 - 00067824 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-02-19 15:14 - 2012-11-03 08:02 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-02-16 09:40 - 2009-07-14 12:53 - 00032642 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-02-11 19:59 - 2014-02-11 19:59 - 00016128 _____ (Windows (R) Win 7 DDK provider) C:\windows\system32\Drivers\gtkdrv.sys
2014-02-06 18:38 - 2014-02-21 10:08 - 17103872 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-06 18:20 - 2014-02-21 10:08 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-06 18:19 - 2014-02-21 10:08 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-06 18:01 - 2014-02-21 10:08 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-06 18:00 - 2014-02-21 10:08 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-06 17:57 - 2014-02-21 10:08 - 02168320 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-06 17:52 - 2014-02-21 10:08 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-06 17:52 - 2014-02-21 10:08 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-06 17:49 - 2014-02-21 10:08 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-06 17:47 - 2014-02-21 10:08 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-06 17:47 - 2014-02-21 10:08 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-06 17:46 - 2014-02-21 10:08 - 00553472 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-06 17:34 - 2014-02-21 10:08 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-06 17:25 - 2014-02-21 10:08 - 04244480 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-06 17:25 - 2014-02-21 10:08 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-06 17:13 - 2014-02-21 10:08 - 00524288 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-06 17:09 - 2014-02-21 10:08 - 01964032 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-06 17:03 - 2014-02-21 10:08 - 11266048 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-06 16:41 - 2014-02-21 10:08 - 01820160 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-06 16:36 - 2014-02-21 10:08 - 01156096 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-06 16:34 - 2014-02-21 10:08 - 00703488 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\netbook\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\windows\explorer.exe => MD5 is legit
C:\windows\system32\winlogon.exe => MD5 is legit
C:\windows\system32\wininit.exe => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\services.exe => MD5 is legit
C:\windows\system32\User32.dll => MD5 is legit
C:\windows\system32\userinit.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-21 15:59

==================== End Of Log ============================

--- --- ---

Danke und bis denn
Andreas

schrauber · 26.02.2014, 10:57

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

wbtroj · 27.02.2014, 03:20

Hi Schrauber,
ich wollte gerade alles so machen, wie Du mir geschrieben hast. Aber ich bekomme mit dem Eset Smartinstaller ein Problem. Nach dem Start will das Programm ein paar Updates herunterladen und das klappt nicht. Ich bekomme die Meldung
"Can not get Updates. Is Proxy configured?"
Ich surfe aber ohne Proxy - allerdings mit Router (Laptop ist im WLAN).
Das komische ist auch, dass ich zwar einen Ping z.B. auf Google absetzen kann, der abere immer auf "request timed out" kommt.
Mit FireFox kann ich aber normal im Internet surfen. Ein Speedtest zeigt mir einen Ping von 33 ms und 1500 kbps an - also schnell genug bin ich.
Das Virenprogramm und die Firewall habe ich (wenn auch mit unguten Gefühlen) wie gefordert abgeschaltet.

Ich weiß im Moment nicht, wie ich das Programm Eset Smartinstaller laufen lassen soll. Werkelt da etwa schon der Virus ?
Ist doch merkwürdig, dass das mit dem Ping nicht klappt. Oder muss ich mit dem Programm Eset Smartinstaller noch was machen?
Gruß
Andreas

schrauber · 27.02.2014, 18:41

Lass ESET weg, mach dafür bitte nen Vollscan mit deinem AV Programm.

wbtroj · 28.02.2014, 04:11

Hallo Schrauber,
hier die neuesten Ergebnisse inklusive einiger Anmerkungen:

A) Avast Startzeit Überprüfung über alle Laufwerken

Code:

ATTFilter

02/28/2014 07:21
Prüfung aller lokalen Laufwerke

Datei C:\Users\netbook\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\quarantine.db|>data Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei C:\Windows\SoftwareDistribution\Download\ba2e9f6aed71e4d78a0a46179542d6b0\BIT954C.tmp|>1.161.947.0_to_1.161.1215.0_mpasdlta.vdm._p Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei D:\portable servers\server2go_a22_psmp.zip|>server2go\server\mysql\bin\myisampack.exe Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei E:\Program Files\a95ae.msi|>libreoffice1.cab|>template7.bau|>+BBcEEQ-1+BCE-\Pictures\2000001B00000CD200000CED63AA5866.svm Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei E:\Program Files\a95ae.msi|>libreoffice1.cab|>template7.bau|>+BBcEEQQU-\Pictures\2000001B00000CD200000CED63AA5866.svm Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei E:\Setups\TurboDelphi\IE60SP1\ielpkpe.cab|>LARIALBI.TTF Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei E:\Setups\TurboDelphi\prereqs.zip|>IE60SP1\ielpkpe.cab|>LARIALBI.TTF Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei E:\Setups\TurboDelphi\prereqs.zip|>IE60SP1\ielpkpe.cab Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei F:\Tutorials\PHP\SELFPHP_5.5.4.chm|>SELFPHP_5.5.4\anbieterverzeichnis\images\2panels_IU4_IE7_300x238.png Fehler 42136 {CHM-Archiv ist beschädigt.}
Datei F:\wamp\www\WB_Bootstrap\wp-content\themes\twenty_child\Bootstrap\bootstrap-3.0.0.zip|>bootstrap-3.0.0\examples\screenshots\jumbotron.jpg Fehler 42125 {ZIP-Archiv ist beschädigt.}
Datei F:\Downloads\LibO_3.6.6_Win_x86_install_multi(1).msi.part|>libreoffice1.cab|>th_bg_BG_v2.dat Fehler 42127 {CAB-Archiv ist beschädigt.}
Datei F:\Downloads\LibO_3.6.6_Win_x86_install_multi(1).msi.part|>libreoffice1.cab Fehler 42144 {OLE-Archiv ist beschädigt.}
Datei G:\Tutorials\PHP\SELFPHP_5.5.4.chm|>SELFPHP_5.5.4\anbieterverzeichnis\images\2panels_IU4_IE7_300x238.png Fehler 42136 {CHM-Archiv ist beschädigt.}
Datei K:\wp_backups\Islanders\remote\backwpup_1_2012-11-14_22-20-15.zip|>wrd_ge745oh1gb.sql Fehler 42125 {ZIP-Archiv ist beschädigt.}
Anzahl durchsuchter Ordner: 55917
Anzahl der geprüften Dateien: 1905699
Anzahl infizierter Dateien: 0

B)Security Check

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 Windows Firewall Disabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 SUPERAntiSpyware     
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 CCleaner     
 Java 7 Update 51  
 Adobe Flash Player 	12.0.0.70  
 Mozilla Firefox 16.0.2 Firefox out of Date!  
 Google Chrome 32.0.1700.102  
 Google Chrome 32.0.1700.107  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log``````````````````````

Hier finde ich zwei Ding komisch:
A) Morzilla FireFox wird als Version 16.0.2 erkannt und ist damit out of Date.
Wenn ich im Browser die Version anzeigen lasse heißt es FireFox sei mit 27.0.1 up to date. Die ist auch gerade erst neulich über den automatichen Update heruntergeladen worden.

B) Meine Comodo Firewall sei nicht aktiv. Die Windows Firewall habe ich disabled Als ich dann die Comodo manuell starten wollten, bemerkte ich, dass die Datei "cfp.exe" nicht im normalen Verzeichnis vorhanden war. Ich fand sie in dem Verzeichnis "repair" und versuchte sie von dort zu starten. Da bekam ich diese Fehlermeldung:

Code:

ATTFilter

---------------------------
COMODO Firewall
---------------------------
Error while loading resources from "E:\Program Files\COMODO\COMODO Internet Security\repair\Themes\default.set". Aborting application.

Habe auch schon versucht Comodo in den installierten Programmen zu reparieren. Ging aber nicht. Werde sie wohl neu installieren müssen.

Ich hoffe, das hat nichts böses zu bedeuten!

C) Frisches FRST

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-02-2014 01
Ran by internet (ATTENTION: The logged in user is not administrator) on NETBOOK-PC on 28-02-2014 10:37:09
Running from D:\AntiVr\TrojaneroardSoftware
Microsoft Windows 7 Starter  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() D:\Programme\dsksve8\DeskSave.exe
(NTeWORKS) E:\Imaging\PicPick\picpick.exe
(Microsoft Corporation) E:\Program Files\Microsoft Office\Office10\msoffice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Mozilla Corporation) E:\Internet\FireFox\firefox.exe
(Mozilla Corporation) E:\Internet\FireFox\plugin-container.exe
(Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM\...\Run: [GfxServiceInstall] - C:\windows\system32\GfxCUIServiceInstall.vbs [131 2012-02-27] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10025576 2011-02-14] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [1813800 2011-05-17] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files\Motorola\Bluetooth\btmshell.dll [24868696 2011-04-22] (Motorola Solutions, Inc.)
HKLM\...\Run: [Energy Management] - C:\Program Files\Lenovo\Energy Management\Energy Management.exe [8972224 2011-04-01] (Lenovo (Beijing) Limited)
HKLM\...\Run: [UpdatePRCShortCut] - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-14] (CyberLink Corp.)
HKLM\...\Run: [Lenovo Registration] - C:\Program Files\Lenovo Registration\LenovoReg.exe [4351712 2012-01-26] (Lenovo, Inc.)
HKLM\...\Run: [NetFxUpdate_v1.1.4322] - C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [106496 2004-08-10] (Microsoft)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-19] (AVAST Software)
HKU\S-1-5-21-2638138946-3830281041-644157228-1001\...\Run: [Google Update] - C:\Users\internet\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-02-13] (Google Inc.)
HKU\S-1-5-21-2638138946-3830281041-644157228-1001\...\Run: [DeskSave] - D:\Programme\dsksve8\DeskSave.exe [82944 2008-07-26] ()
HKU\S-1-5-21-2638138946-3830281041-644157228-1001\...\Run: [SUPERAntiSpyware] - D:\AntiVr\Superspyware\SUPERAntiSpyware.ex_
HKU\S-1-5-21-2638138946-3830281041-644157228-1001\...\Run: [PicPick Start] - E:\Imaging\PicPick\picpick.exe [13229912 2014-01-16] (NTeWORKS)
AppInit_DLLs: C:\windows\system32\guard32.dll => C:\windows\system32\guard32.dll [301264 2012-11-08] (COMODO)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENE&bmod=LENE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENE&bmod=LENE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENE
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={A52C2B2D-E755-4837-BA84-049847A21828}&mid=e8c015351f7347d0bd7fd1553d990405-b0d4f81a8999f5981f04537c5ec8468fd5234593&lang=en&ds=bm013&pr=sa&d=2012-11-08 15:18:25&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\java\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\java\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\AntiVr\Superspyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com)
Tcpip\..\Interfaces\{8D9DBDAF-6B79-4E33-B3FB-E5D99ED809E5}: [NameServer]192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Homepage: https://www.gmx.net/|hxxp://speedtest.net
FF Keyword.URL: hxxp://ph.search.yahoo.com/search?fr=mcafee&p=
FF NetworkProxy: "http", "192.168.0.103"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - E:\Program Files\java\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - E:\Program Files\java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - E:\Program Files\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\internet\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\internet\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\internet\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\internet\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\internet\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\internet\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\internet\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\internet\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\searchplugins\ixquick.xml
FF SearchPlugin: C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\searchplugins\webde-suche.xml
FF Extension: German Dictionary - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2012-11-04]
FF Extension: Wörterbuch Deutsch (de-DE), Hunspell-unterstützt - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\de_DE@dicts.j3e.de [2013-09-14]
FF Extension: United States English Spellchecker - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\en-US@dictionaries.addons.mozilla.org [2013-03-24]
FF Extension: Free Download Manager plugin - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\fdm_ffext@freedownloadmanager.org [2013-03-18]
FF Extension: FireShot - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2014-01-30]
FF Extension: TV-Fox - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4} [2013-03-31]
FF Extension: Live HTTP Headers - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [2012-11-04]
FF Extension: WOT - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-01]
FF Extension: DownloadHelper - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-08-28]
FF Extension: FoxClocks - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2014-01-24]
FF Extension: Memory Fox - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} [2013-02-24]
FF Extension: Firebug - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\firebug@software.joehewitt.com.xpi [2012-11-04]
FF Extension: Open RegEdit Key - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\openregeditkey@kashiif.com.xpi [2012-11-04]
FF Extension: SQLite Manager - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2013-05-25]
FF Extension: GMX MailCheck - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\toolbar@gmx.net.xpi [2012-11-04]
FF Extension: YSlow - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\yslow@yahoo-inc.com.xpi [2012-11-04]
FF Extension: Facebook Phishing Protector - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi [2012-11-04]
FF Extension: X-notifier - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2012-11-04]
FF Extension: FireFTP - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2012-11-04]
FF Extension: Greasemonkey - C:\Users\internet\AppData\Roaming\Mozilla\Firefox\Profiles\misg72za.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-11-04]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-03]
FF StartMenuInternet: FIREFOX.EXE - E:\Internet\FireFox\firefox.exe

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/ig/redirectdomain?brand=LENE&bmod=LENE
CHR DefaultSearchKeyword: google.com.ph
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~1\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (YouTube) - C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-31]
CHR Extension: (Google Search) - C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-31]
CHR Extension: (avast! Online Security) - C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-05-19]
CHR Extension: (Mailvelope) - C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajibbejlbohfaggdiogboambcijhkke [2013-11-02]
CHR Extension: (Google Wallet) - C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-27]
CHR Extension: (Gmail) - C:\Users\internet\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-31]

========================== Services (Whitelisted) =================

R2 !SASCORE; D:\AntiVr\Superspyware\SASCORE.EXE [119056 2013-05-24] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-19] (AVAST Software)
R3 Bluetooth Device Manager; C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe [3533656 2011-04-16] (Motorola Solutions, Inc.)
R2 Bluetooth Media Service; C:\Program Files\Motorola\Bluetooth\audiosrv.exe [904272 2011-03-18] (Motorola Solutions, Inc.)
R2 Bluetooth OBEX Service; C:\Program Files\Motorola\Bluetooth\obexsrv.exe [564056 2011-05-05] (Motorola Solutions, Inc.)
R2 cnosdsrv; C:\Program Files\cnosd\cnosdsrv.exe [49152 2011-01-21] ()
R2 lmhosts; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2012-11-08] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NlaSvc; C:\windows\System32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 wampapache; F:\wamp\bin\apache\apache2.2.22\bin\httpd.exe [18432 2012-05-13] (Apache Software Foundation)
S3 wampmysqld; F:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe [8177664 2012-04-19] ()
S4 cmdAgent;  [X]
S4 FsUsbExService;  [X]
S4 VideAceWindowsService;  [X]

==================== Drivers (Whitelisted) ====================

R3 ACPIVPC; C:\windows\System32\DRIVERS\AcpiVpc.sys [23136 2011-01-28] (Lenovo Corporation)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [67824 2014-02-19] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [79720 2013-10-19] (AVAST Software)
R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [49944 2013-10-19] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [775952 2014-02-19] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [410784 2014-02-19] (AVAST Software)
R3 aswStm; C:\windows\system32\drivers\aswStm.sys [64168 2014-02-19] (AVAST Software)
R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [180248 2013-12-29] ()
R1 avgtp; C:\windows\system32\drivers\avgtpx86.sys [37664 2013-11-12] (AVG Technologies)
S3 btmaudio; C:\windows\System32\drivers\btmaud.sys [33920 2011-02-23] (Motorola Solutions, Inc.)
R3 BTMCOM; C:\windows\System32\Drivers\btmcom.sys [41472 2011-02-23] (Motorola Solutions, Inc.)
R3 BTMNET; C:\windows\System32\DRIVERS\btmnet.sys [21760 2011-02-23] (Motorola Solutions, Inc.)
R3 BTMUSB; C:\windows\System32\Drivers\btmusb.sys [547328 2011-03-23] (Motorola Solutions, Inc.)
R1 cmdGuard; C:\windows\System32\DRIVERS\cmdguard.sys [494416 2012-11-08] (COMODO)
R1 cmdHlp; C:\windows\System32\DRIVERS\cmdhlp.sys [36072 2012-11-08] (COMODO)
S3 epmntdrv; C:\windows\system32\epmntdrv.sys [14216 2009-08-26] ()
R3 ETD; C:\windows\System32\DRIVERS\ETD.sys [120104 2011-05-17] (ELAN Microelectronics Corp.)
S3 EuGdiDrv; C:\windows\system32\EuGdiDrv.sys [8456 2009-09-16] ()
S3 FsUsbExDisk; C:\windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] ()
R1 funfrm; C:\windows\system32\Drivers\funfrm.sys [53136 2012-11-15] ()
S3 gdrv; C:\windows\gdrv.sys [17488 2013-06-14] (Windows (R) 2000 DDK provider)
R1 inspect; C:\windows\System32\DRIVERS\inspect.sys [82952 2012-11-08] (COMODO)
R0 LHDmgr; C:\windows\System32\DRIVERS\LhdX86.sys [32352 2010-01-16] (Lenovo.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 networx; C:\windows\System32\drivers\networx.sys [52728 2013-01-25] (NetFilterSDK.com)
R3 RTL8192Ce; C:\windows\System32\DRIVERS\rtl8192Ce.sys [760936 2011-12-22] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; D:\AntiVr\Superspyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; D:\AntiVr\Superspyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 StarOpen; C:\windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 TrojanKillerDriver; C:\windows\System32\DRIVERS\gtkdrv.sys [16128 2014-02-11] (Windows (R) Win 7 DDK provider)
S3 wsvd; C:\windows\System32\DRIVERS\wsvd.sys [81704 2009-07-22] (CyberLink)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-27 09:54 - 2014-02-27 09:54 - 00000000 ____D () C:\Program Files\ESET
2014-02-26 09:21 - 2014-01-09 10:22 - 05694464 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-02-25 18:13 - 2014-02-25 18:13 - 00003458 _____ () C:\Users\netbook\Desktop\JRT.txt
2014-02-25 17:55 - 2014-02-25 17:55 - 00000000 ____D () C:\windows\ERUNT
2014-02-25 17:26 - 2014-02-25 17:36 - 00000000 ____D () C:\AdwCleaner
2014-02-25 17:23 - 2014-02-25 17:23 - 00000000 ____D () C:\Users\netbook\AppData\Roaming\Adobe
2014-02-24 09:16 - 2014-02-24 09:16 - 00076344 _____ () C:\Users\netbook\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-24 09:07 - 2014-02-24 09:07 - 00189672 _____ () C:\Users\netbook\Desktop\Gmer.txt
2014-02-24 08:25 - 2014-02-28 10:37 - 00000000 ____D () C:\FRST
2014-02-24 08:23 - 2014-02-24 08:23 - 00000000 _____ () C:\Users\netbook\defogger_reenable
2014-02-23 10:21 - 2014-02-23 10:21 - 00000763 _____ () C:\Users\Public\Desktop\Trojan Killer.lnk
2014-02-23 10:21 - 2014-02-23 10:21 - 00000000 ____D () C:\ProgramData\GridinSoft
2014-02-23 09:55 - 2014-02-23 09:55 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Malwarebytes
2014-02-22 09:06 - 2014-02-22 09:06 - 00000760 _____ () C:\windows\DCEBOOT.RST
2014-02-22 09:06 - 2014-02-22 09:06 - 00000000 _____ () C:\windows\DCEBOOT.LOG
2014-02-22 08:55 - 2014-02-22 09:02 - 00181776 _____ () C:\windows\RegBootClean.exe
2014-02-22 08:55 - 2014-02-22 08:58 - 00022032 _____ () C:\windows\DCEBoot.exe
2014-02-22 08:21 - 2014-02-22 08:21 - 00257928 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys
2014-02-22 08:21 - 2014-02-22 08:21 - 00000036 _____ () C:\Users\netbook\AppData\Local\housecall.guid.cache
2014-02-21 17:40 - 2014-02-21 17:40 - 00000000 ____D () C:\Users\netbook\AppData\Roaming\Malwarebytes
2014-02-21 17:39 - 2014-02-21 18:05 - 00001067 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-21 17:39 - 2014-02-21 18:05 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-21 17:39 - 2014-02-21 17:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-21 17:39 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-02-21 10:10 - 2013-10-02 08:42 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-02-21 10:10 - 2013-10-02 08:32 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-21 10:10 - 2013-10-02 08:30 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-21 10:10 - 2013-10-02 08:14 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-02-21 10:10 - 2013-10-02 08:14 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-02-21 10:10 - 2013-10-02 07:58 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-02-21 10:10 - 2013-10-02 07:45 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-02-21 10:10 - 2013-10-02 07:08 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-02-21 10:10 - 2013-10-02 07:00 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-02-21 10:10 - 2013-10-02 06:53 - 00350208 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-02-21 10:10 - 2013-10-02 06:34 - 01068544 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-02-21 10:08 - 2014-02-06 18:38 - 17103872 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-21 10:08 - 2014-02-06 18:20 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-21 10:08 - 2014-02-06 18:19 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-21 10:08 - 2014-02-06 18:01 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-21 10:08 - 2014-02-06 18:00 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-21 10:08 - 2014-02-06 17:57 - 02168320 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-21 10:08 - 2014-02-06 17:52 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-21 10:08 - 2014-02-06 17:52 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-21 10:08 - 2014-02-06 17:49 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-21 10:08 - 2014-02-06 17:47 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-21 10:08 - 2014-02-06 17:47 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-21 10:08 - 2014-02-06 17:46 - 00553472 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-21 10:08 - 2014-02-06 17:34 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-21 10:08 - 2014-02-06 17:25 - 04244480 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-21 10:08 - 2014-02-06 17:25 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-21 10:08 - 2014-02-06 17:13 - 00524288 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-21 10:08 - 2014-02-06 17:09 - 01964032 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-21 10:08 - 2014-02-06 17:03 - 11266048 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-21 10:08 - 2014-02-06 16:41 - 01820160 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-21 10:08 - 2014-02-06 16:36 - 01156096 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-21 10:08 - 2014-02-06 16:34 - 00703488 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-21 09:53 - 2013-12-21 16:56 - 00454656 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-02-21 08:46 - 2013-12-25 07:09 - 01987584 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-02-21 08:46 - 2013-11-26 16:16 - 03419136 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-02-21 08:45 - 2013-12-04 10:03 - 00428032 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
2014-02-21 08:45 - 2013-12-04 10:03 - 00423936 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
2014-02-21 08:45 - 2013-12-04 10:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
2014-02-21 08:45 - 2013-12-04 10:03 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
2014-02-21 08:45 - 2013-12-04 10:02 - 00390144 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2014-02-21 08:45 - 2013-12-04 09:54 - 00594944 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
2014-02-21 08:45 - 2013-12-04 09:54 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
2014-02-21 08:45 - 2013-12-04 09:54 - 00510976 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
2014-02-21 08:45 - 2013-12-04 09:54 - 00508928 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
2014-02-21 08:37 - 2014-01-01 07:05 - 00420008 _____ () C:\windows\system32\locale.nls
2014-02-21 08:37 - 2013-09-25 09:57 - 00792576 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-02-21 08:36 - 2013-12-06 10:02 - 01237504 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-02-21 08:36 - 2013-12-06 10:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-02-21 08:32 - 2013-11-27 09:14 - 00258560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-02-21 08:32 - 2013-11-27 09:13 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-02-21 08:32 - 2013-11-27 09:13 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-02-21 08:32 - 2013-11-27 09:13 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-02-21 08:32 - 2013-11-27 09:13 - 00024064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-02-21 08:32 - 2013-11-27 09:13 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2014-02-21 08:32 - 2013-11-27 09:13 - 00006016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-02-11 19:59 - 2014-02-11 19:59 - 00016128 _____ (Windows (R) Win 7 DDK provider) C:\windows\system32\Drivers\gtkdrv.sys

==================== One Month Modified Files and Folders =======

2014-02-28 10:37 - 2014-02-24 08:25 - 00000000 ____D () C:\FRST
2014-02-28 10:27 - 2012-11-09 05:56 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-02-28 10:21 - 2009-07-14 12:34 - 00016752 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-28 10:21 - 2009-07-14 12:34 - 00016752 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-28 10:20 - 2012-05-26 07:27 - 01665851 _____ () C:\windows\WindowsUpdate.log
2014-02-28 10:11 - 2013-06-03 16:19 - 00000350 _____ () C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-02-28 10:11 - 2012-05-26 08:18 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-28 10:11 - 2009-07-14 12:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-02-28 10:11 - 2009-07-14 12:39 - 00120868 _____ () C:\windows\setupact.log
2014-02-28 07:17 - 2012-05-26 08:18 - 00000900 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-27 17:06 - 2013-04-17 10:14 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2638138946-3830281041-644157228-1001UA.job
2014-02-27 17:04 - 2010-11-21 05:01 - 00796684 _____ () C:\windows\system32\PerfStringBackup.INI
2014-02-27 15:11 - 2013-04-17 10:14 - 00000868 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2638138946-3830281041-644157228-1001Core.job
2014-02-27 09:54 - 2014-02-27 09:54 - 00000000 ____D () C:\Program Files\ESET
2014-02-27 09:50 - 2012-10-30 15:59 - 00000000 ____D () C:\Users\netbook\AppData\Roaming\Skype
2014-02-27 09:10 - 2009-07-14 10:37 - 00000000 ____D () C:\windows\rescache
2014-02-26 17:48 - 2012-10-30 18:36 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Skype
2014-02-25 18:13 - 2014-02-25 18:13 - 00003458 _____ () C:\Users\netbook\Desktop\JRT.txt
2014-02-25 17:55 - 2014-02-25 17:55 - 00000000 ____D () C:\windows\ERUNT
2014-02-25 17:48 - 2012-11-02 08:20 - 00000000 ____D () C:\Users\netbook\AppData\Roaming\LibreOffice
2014-02-25 17:36 - 2014-02-25 17:26 - 00000000 ____D () C:\AdwCleaner
2014-02-25 17:23 - 2014-02-25 17:23 - 00000000 ____D () C:\Users\netbook\AppData\Roaming\Adobe
2014-02-25 16:02 - 2009-07-14 10:37 - 00000000 ____D () C:\windows\system32\NDF
2014-02-25 13:36 - 2012-10-30 12:33 - 00000000 ____D () C:\Users\netbook
2014-02-25 11:26 - 2012-11-09 05:56 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-02-25 11:26 - 2012-11-09 05:56 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-24 09:16 - 2014-02-24 09:16 - 00076344 _____ () C:\Users\netbook\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-24 09:07 - 2014-02-24 09:07 - 00189672 _____ () C:\Users\netbook\Desktop\Gmer.txt
2014-02-24 08:23 - 2014-02-24 08:23 - 00000000 _____ () C:\Users\netbook\defogger_reenable
2014-02-23 10:21 - 2014-02-23 10:21 - 00000763 _____ () C:\Users\Public\Desktop\Trojan Killer.lnk
2014-02-23 10:21 - 2014-02-23 10:21 - 00000000 ____D () C:\ProgramData\GridinSoft
2014-02-23 09:55 - 2014-02-23 09:55 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Malwarebytes
2014-02-22 09:06 - 2014-02-22 09:06 - 00000760 _____ () C:\windows\DCEBOOT.RST
2014-02-22 09:06 - 2014-02-22 09:06 - 00000000 _____ () C:\windows\DCEBOOT.LOG
2014-02-22 09:06 - 2010-11-21 05:48 - 00208038 _____ () C:\windows\PFRO.log
2014-02-22 09:02 - 2014-02-22 08:55 - 00181776 _____ () C:\windows\RegBootClean.exe
2014-02-22 08:58 - 2014-02-22 08:55 - 00022032 _____ () C:\windows\DCEBoot.exe
2014-02-22 08:58 - 2012-05-26 08:08 - 00000000 ___HD () C:\QuickStartUtil
2014-02-22 08:21 - 2014-02-22 08:21 - 00257928 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys
2014-02-22 08:21 - 2014-02-22 08:21 - 00000036 _____ () C:\Users\netbook\AppData\Local\housecall.guid.cache
2014-02-21 18:05 - 2014-02-21 17:39 - 00001067 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-21 18:05 - 2014-02-21 17:39 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-21 17:40 - 2014-02-21 17:40 - 00000000 ____D () C:\Users\netbook\AppData\Roaming\Malwarebytes
2014-02-21 17:39 - 2014-02-21 17:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-21 11:57 - 2009-07-14 10:37 - 00000000 ____D () C:\windows\Microsoft.NET
2014-02-21 11:30 - 2012-10-30 19:17 - 00000000 ____D () C:\Users\internet\AppData\Roaming\vlc
2014-02-21 10:07 - 2013-07-16 07:14 - 00000000 ____D () C:\windows\system32\MRT
2014-02-21 09:58 - 2012-11-01 09:31 - 85946576 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-02-19 15:35 - 2012-11-02 19:59 - 00000000 ____D () C:\Users\internet\AppData\Roaming\Mozilla
2014-02-19 15:15 - 2013-10-19 12:52 - 00002047 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-19 15:14 - 2013-12-29 18:21 - 00064168 _____ (AVAST Software) C:\windows\system32\Drivers\aswstm.sys
2014-02-19 15:14 - 2012-11-03 08:02 - 00775952 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2014-02-19 15:14 - 2012-11-03 08:02 - 00410784 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-02-19 15:14 - 2012-11-03 08:02 - 00270240 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-02-19 15:14 - 2012-11-03 08:02 - 00067824 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-02-19 15:14 - 2012-11-03 08:02 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-02-16 09:40 - 2009-07-14 12:53 - 00032642 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-02-11 19:59 - 2014-02-11 19:59 - 00016128 _____ (Windows (R) Win 7 DDK provider) C:\windows\system32\Drivers\gtkdrv.sys
2014-02-06 18:38 - 2014-02-21 10:08 - 17103872 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-06 18:20 - 2014-02-21 10:08 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-06 18:19 - 2014-02-21 10:08 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-06 18:01 - 2014-02-21 10:08 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-06 18:00 - 2014-02-21 10:08 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-06 17:57 - 2014-02-21 10:08 - 02168320 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-06 17:52 - 2014-02-21 10:08 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-06 17:52 - 2014-02-21 10:08 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-06 17:49 - 2014-02-21 10:08 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-06 17:47 - 2014-02-21 10:08 - 00112128 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-06 17:47 - 2014-02-21 10:08 - 00108032 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-06 17:46 - 2014-02-21 10:08 - 00553472 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-06 17:34 - 2014-02-21 10:08 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-06 17:25 - 2014-02-21 10:08 - 04244480 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-06 17:25 - 2014-02-21 10:08 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-06 17:13 - 2014-02-21 10:08 - 00524288 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-06 17:09 - 2014-02-21 10:08 - 01964032 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-06 17:03 - 2014-02-21 10:08 - 11266048 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-06 16:41 - 2014-02-21 10:08 - 01820160 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-06 16:36 - 2014-02-21 10:08 - 01156096 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-06 16:34 - 2014-02-21 10:08 - 00703488 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\netbook\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\windows\explorer.exe => MD5 is legit
C:\windows\system32\winlogon.exe => MD5 is legit
C:\windows\system32\wininit.exe => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\services.exe => MD5 is legit
C:\windows\system32\User32.dll => MD5 is legit
C:\windows\system32\userinit.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Lieben Gruß und vielen Dank bis hierhin Andreas

schrauber · 01.03.2014, 10:33

Firefox ist ne Falschanzeige, Comodo mal neu installieren.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

wbtroj · 02.03.2014, 07:22

Hallo Schrauber,
also erst mal ganz herzlichen Dank für Deine Hilfe und die Zeit, die Du in mein Problem investiert hast. Das ist schon ein großartiger Service, den man hier bei Euch bekommt.

Werde ich gleich auch noch in den Link schreiben, den Du mir genannt hast.

Ist auch toll mit dem zusätzlichen Service über all die Sicherheitshinweise.
Ich bin zwar schon ein Sicherheitsfreak und daher war mir das meiste bekannt. Aber viele wissen ja nicht allzu viel darüber und hier war es sehr schön übersichtlich aufgelistet!

DelFix habe ich ausgeführt und es ist ohne Probleme zu Ende gekommen.

Ein wenig vermisse ich ein Fazit von der ganzen Sache.

Bin ich nun wirklich alles los?
War da eigentlich was oder sind nur infizierte Dateien gefunden worden?
Was ist mit dem anderen Befund, der in dem Avast Protikoll hochgekommen ist (Other:Malware-gen [Trj])?
Kann ich davon ausgehen, das der auch bereinigt ist?
Sorry, ich weiß, in meinem Titel stand nur was vom HTML:Incuder-AY[Trj] drin. Aber aus dem Avast Protokoll ging der andere ja auch hervor.

Vielleicht kannst Du ja dazu auch noch kurz was sagen.

Ansonsten wie gesagt: Vielen Dank und 'ne schöne Zeit noch
Andreas!

schrauber · 03.03.2014, 08:13

Zitat:

War da eigentlich was oder sind nur infizierte Dateien gefunden worden?

Ist das nicht das Gleiche?

Jetzt ist alles sauber, alle Funde wurden entfernt.

wbtroj · 03.03.2014, 11:27

Hallo Schrauber,
nee, ich glaube nicht, dass das das Gleiche ist. Das eine sind infizierte Dateien, die von dem Virus befallen sind und diesen dann auf andere Computer weiter tragen können (indem sie dort z. B. dann ausgeführt werden). Solche Dateien müssen dann auf Deinem System nicht unbedingt schädlich sein. Ich würde sie mal als sogenannte Schläfer bezeichnen.

Da andere - und ja wohl wesentlich gefährlichere - ist der Virus selber, wenn er denn durch die sog. Schläfer zum Leben erwacht ist und sich auf Deinem System eingenistet hat.

Dann findet man oft ja die verschiedensten Dateien und Orte, an denen sich der Virus verteilt hat und da nutzt es dann auch nichts, wenn ein Anti Viren Programm die befallenen Dateien in den Container stellt.

Und das habe ich gemeint.

Aber ich bin eigentlich davon ausgegangen, dass Dir dieser Sachverhalt bekannt ist.

Ich werde aber dann mal Deine Aussage, das jetzt alles sauber ist, mit Freuden aufnehmen und mir nicht mehr allzu viele Gedanken machen.

Danke nochmals und bis denn
Andreas!

schrauber · 04.03.2014, 09:41

Zitat:

Aber ich bin eigentlich davon ausgegangen, dass Dir dieser Sachverhalt bekannt ist.

Ist er, sonst wäre ich als Ausbilder in Malware Removal bissl fehl am Platz

Du musst nur eines wissen: Diesen Unterschied gibt es nicht / nicht mehr / nur bei speziellen Infektionen (File Infector). Im allgemeinen gibt es solche Schläfer nicht, erst recht nicht bei nerviger Adware und Co.

wbtroj · 04.03.2014, 10:08

Ok -Danke für die Antwort!
Von mir aus kann das Thema damit beendet werden. Werde vielleicht demnächst ein neues eröffnen müssen. Scanne gerade den Desktop und auch dort gab es wohl einige Befunde.

Aber das ist ja ein anderes Thema !
Schoene Tage noch
Andreas!

24.02.2014, 07:52	#2
schrauber /// the machine /// TB-Ausbilder	Wie werde ich HTML:Incuder-AY[Trj] los? Hi, FRST bitte nochmal, unsere Tools brauchen immer Adminrechte. __________________ __________________

27.02.2014, 18:41	#8
schrauber /// the machine /// TB-Ausbilder	Wie werde ich HTML:Incuder-AY[Trj] los? Lass ESET weg, mach dafür bitte nen Vollscan mit deinem AV Programm. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Wie werde ich HTML:Incuder-AY[Trj] los?

Log-Analyse und Auswertung: Wie werde ich HTML:Incuder-AY[Trj] los?