TR/APS von Avira Antivir gefunden

cosinus · 30.10.2013, 00:45

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
C:\Users\Ruben Alemán\AppData\Local\Google\Desktop\Install
C:\Users\Ruben Alemán\ijl15.dll
C:\Users\Ruben Alemán\JPGI.dll
C:\Users\Ruben Alemán\unicows.dll

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Taru · 30.10.2013, 07:35

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-10-2013
Ran by Ruben Alemán at 2013-10-30 07:33:59 Run:1
Running from C:\Users\Ruben Alemán\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
C:\Users\Ruben Alemán\AppData\Local\Google\Desktop\Install
C:\Users\Ruben Alemán\ijl15.dll
C:\Users\Ruben Alemán\JPGI.dll
C:\Users\Ruben Alemán\unicows.dll
*****************

Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
C:\Users\Ruben Alemán\AppData\Local\Google\Desktop\Install => Moved successfully.
C:\Users\Ruben Alemán\ijl15.dll => Moved successfully.
C:\Users\Ruben Alemán\JPGI.dll => Moved successfully.
C:\Users\Ruben Alemán\unicows.dll => Moved successfully.

==== End of Fixlog ====

cosinus · 30.10.2013, 13:38

Neue Logs mit FRST machen, FRST neu runterladen

Taru · 30.10.2013, 18:13

Diesmal taucht "ZeroAccess" nicht im log auf....

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2013
Ran by Ruben Alemán (administrator) on RUBEN-PC on 30-10-2013 18:10:03
Running from C:\Users\Ruben Alemán\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Dienstprogramme\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Telefónica) C:\Dienstprogramme\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Sony Corporation) C:\Dienstprogramme\ReaderDesktop\appHelper\ReaderAppHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard) C:\Dienstprogramme\HP Software Update\hpwuschd2.exe
(Geek Software GmbH) C:\Dienstprogramme\PDF24\pdf24.exe
(AVAST Software) C:\Dienstprogramme\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Valve Corporation) C:\Dienstprogramme\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Spiele\League of Legends\RADS\system\rads_user_kernel.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Telefónica) C:\Dienstprogramme\o2\Mobile Connection Manager\EMMSN.exe
(Indra Sistemas, S.A.) C:\Dienstprogramme\o2\Nori\TGCMLog.exe
(Telefónica) C:\Dienstprogramme\o2\Nori\Nori.exe
(Mozilla Corporation) C:\Dienstprogramme\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Dienstprogramme\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Mozilla Corporation) C:\Dienstprogramme\Mozilla Thunderbird\thunderbird.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2370856 2010-09-24] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6560360 2010-12-08] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2010-12-01] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel(R) Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Steam] - C:\Dienstprogramme\Steam\Steam.exe [1813928 2013-10-09] (Valve Corporation)
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Ruben Alemán\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKCU\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKCU\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Reader Application Helper] - C:\Dienstprogramme\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2013-03-18] (Sony Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [HP Software Update] - C:\Dienstprogramme\HP Software Update\hpwuschd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM-x32\...\Run: [PDFPrint] - C:\Dienstprogramme\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Dienstprogramme\AVAST Software\Avast\avastui.exe [3567800 2013-10-27] (AVAST Software)
Startup: C:\Users\Ruben Alemán\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {943D163A-270E-4A9A-930E-42D90591EFAD} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope {43542C3D-EA61-4E38-B9D0-78A37B254BE5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {43542C3D-EA61-4E38-B9D0-78A37B254BE5} URL = 
SearchScopes: HKCU - {43542C3D-EA61-4E38-B9D0-78A37B254BE5} URL = 
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {943D163A-270E-4A9A-930E-42D90591EFAD} URL = 
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Dienstprogramme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Dienstprogramme\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Dienstprogramme\Java\bin\ssv.dll No File
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Dienstprogramme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Dienstprogramme\Free Download Manager\iefdm2.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Dienstprogramme\Java\bin\jp2ssv.dll No File
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Dienstprogramme\Digital Imaging\Smart Web Printing\hpswp_BHO.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Dienstprogramme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Dienstprogramme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM {682C59F5-478C-4421-9070-AD170D143B77} hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd64.cab
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{F433210C-2A7E-49D8-A920-E593D60218C6}: [NameServer]212.23.115.148 212.23.115.132

FireFox:
========
FF ProfilePath: C:\Users\Ruben Alemán\AppData\Roaming\Mozilla\Firefox\Profiles\iwgkyse6.default
FF user.js: detected! => C:\Users\Ruben Alemán\AppData\Roaming\Mozilla\Firefox\Profiles\iwgkyse6.default\user.js
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Dienstprogramme\Java\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @sony.com/ReaderDesktop - C:\Dienstprogramme\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Dienstprogramme\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @bittorrent.com/BitTorrentDNA - C:\Users\Ruben Alemán\Program Files (x86)\DNA\plugins\npbtdna.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Ruben Alemán\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Ruben Alemán\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Ruben Alemán\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Ruben Alemán\AppData\Roaming\Mozilla\Firefox\Profiles\iwgkyse6.default\searchplugins\ixquick.xml
FF Extension: General Crawler - C:\Users\Ruben Alemán\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
FF Extension: HTTPS-Everywhere - C:\Users\Ruben Alemán\AppData\Roaming\Mozilla\Firefox\Profiles\iwgkyse6.default\Extensions\https-everywhere@eff.org
FF Extension: fdm_ffext - C:\Users\Ruben Alemán\AppData\Roaming\Mozilla\Firefox\Profiles\iwgkyse6.default\Extensions\fdm_ffext@freedownloadmanager.org
FF Extension: firefox - C:\Users\Ruben Alemán\AppData\Roaming\Mozilla\Firefox\Profiles\iwgkyse6.default\Extensions\firefox@ghostery.com.xpi
FF Extension: Adblock Plus - C:\Users\Ruben Alemán\AppData\Roaming\Mozilla\Firefox\Profiles\iwgkyse6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF HKLM-x32\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Dienstprogramme\Steganos Password Manager 12\spmplugin3
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Dienstprogramme\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Dienstprogramme\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Dienstprogramme\AVAST Software\Avast\WebRep\FF
FF HKCU\...\Firefox\Extensions: [{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}] - C:\Users\Ruben Alemán\Program Files (x86)\DNA
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Dienstprogramme\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF StartMenuInternet: FIREFOX.EXE - C:\Dienstprogramme\Mozilla Firefox\firefox.exe

Chrome: 
=======
CHR HomePage: https://ixquick.com/deu/
CHR RestoreOnStartup: "https://ixquick.com/deu/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Ruben Alem\u00E1n\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ruben Alem\u00E1n\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Ruben Alem\u00E1n\AppData\Local\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Mixesoft Click&Clean Plug-In) - C:\Users\Ruben Alem\u00E1n\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin/npccch32.dll No File
CHR Plugin: (Bitdefender QuickScan) - C:\Users\Ruben Alem\u00E1n\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin/npqscan.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Musicnotes) - C:\Dienstprogramme\Musicnotes\npmusicn.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Dienstprogramme\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Reader Application Detector) - C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (Google Update) - C:\Users\Ruben Alem\u00E1n\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (YouTube) - C:\Users\RUBENA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\RUBENA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0
CHR Extension: (Google Search) - C:\Users\RUBENA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Facebook Disconnect) - C:\Users\RUBENA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0
CHR Extension: (IBA Opt-out (by Google)) - C:\Users\RUBENA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb\1.5_0
CHR Extension: (Click&Clean) - C:\Users\RUBENA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\8.3_0
CHR Extension: (AdBlock) - C:\Users\RUBENA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0
CHR Extension: (avast! Online Security) - C:\Users\RUBENA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\RUBENA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Minecraft Origins) - C:\Users\RUBENA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooemofofigijedhcifaimglnncjmckaa\1.0.2_0
CHR Extension: (Gmail) - C:\Users\RUBENA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Users\Ruben Alemán\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Dienstprogramme\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM-x32\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Users\Ruben Alemán\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Ruben Alemán\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 avast! Antivirus; C:\Dienstprogramme\AVAST Software\Avast\AvastSvc.exe [50344 2013-10-27] (AVAST Software)
S2 C2TNServer; C:\Dienstprogramme\C2TN\C2TN\wrapper.exe [204800 2011-08-18] ()
S3 DAUpdaterSvc; C:\Spiele\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-12-15] (BioWare)
R2 HPSLPSVC; C:\Dienstprogramme\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-23] (Hewlett-Packard Co.)
S2 MBAMScheduler; C:\Dienstprogramme)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Dienstprogramme)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4264632 2011-05-15] (INCA Internet Co., Ltd.)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] ()
S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 TGCM_ImportWiFiSvc; C:\Dienstprogramme\o2\Mobile Connection Manager\ImpWiFiSvc.exe [201080 2011-06-14] (Telefónica)
S3 hpqcxs08; C:\Dienstprogramme\Digital Imaging\bin\hpqcxs08.dll [x]

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-10-27] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-10-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-10-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-10-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-10-27] ()
R3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284008 2012-10-08] (NVIDIA Corporation)
S3 NvStUSB; C:\Windows\system32\DRIVERS\nvstusb.sys [121960 2011-01-31] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S4 dump_wmimmc; \??\C:\Spiele\CABAL Online\GameGuard\dump_wmimmc.sys [x]
U5 MBAMSwissArmy; C:\Windows\System32\Drivers\MBAMSwissArmy.sys [116440 2013-10-29] (Malwarebytes Corporation)
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x]
S3 ZTEusbvoice; system32\DRIVERS\ZTEusbvoice.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-30 18:08 - 2013-10-30 18:08 - 01956614 _____ (Farbar) C:\Users\Ruben Alemán\Desktop\FRST64.exe
2013-10-29 18:32 - 2013-10-29 19:27 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-29 00:05 - 2013-10-29 00:05 - 00003676 _____ C:\Windows\PFRO.log
2013-10-28 23:13 - 2013-10-29 18:32 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-10-28 23:12 - 2013-10-29 18:16 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-28 23:11 - 2013-10-29 19:26 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\mbar
2013-10-28 18:45 - 2013-10-28 18:45 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Ruben Alemán\Desktop\mbar-1.07.0.1007.exe
2013-10-27 17:38 - 2013-10-27 17:38 - 00038009 _____ C:\ComboFix.txt
2013-10-27 17:09 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-27 17:09 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-27 17:09 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-27 17:09 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-27 17:09 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-27 17:09 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-27 17:09 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-27 17:09 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-27 17:05 - 2013-10-27 17:39 - 00000000 ____D C:\Qoobox
2013-10-27 17:04 - 2013-10-27 17:35 - 00000000 ____D C:\Windows\erdnt
2013-10-27 16:49 - 2013-10-27 16:49 - 05136694 ____R (Swearware) C:\Users\Ruben Alemán\Desktop\ComboFix.exe
2013-10-27 16:18 - 2013-10-27 16:18 - 00000000 ____D C:\FRST
2013-10-27 00:11 - 2013-10-27 00:11 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\AVAST Software
2013-10-27 00:09 - 2013-10-27 00:09 - 00001946 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-10-27 00:07 - 2013-10-27 00:07 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-10-27 00:07 - 2013-10-27 00:07 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-10-27 00:07 - 2013-10-27 00:07 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-10-27 00:07 - 2013-10-27 00:07 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-10-27 00:07 - 2013-10-27 00:07 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-10-27 00:07 - 2013-10-27 00:07 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-10-27 00:07 - 2013-10-27 00:07 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-10-27 00:07 - 2013-10-27 00:07 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-10-26 23:59 - 2013-10-27 00:00 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-26 19:22 - 2013-10-26 19:22 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\Malwarebytes
2013-10-26 19:21 - 2013-10-26 19:21 - 00000897 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-26 19:21 - 2013-10-26 19:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-26 19:20 - 2013-10-26 19:20 - 00000000 ____D C:\Dienstprogramme)
2013-10-26 19:20 - 2013-04-04 13:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-26 19:17 - 2013-10-26 19:18 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Ruben Alemán\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-26 14:40 - 2013-10-26 14:40 - 103108672 _____ C:\Windows\SysWOW64\鬎͞Ž
2013-10-23 12:18 - 2013-10-23 16:08 - 102551358 _____ C:\Windows\SysWOW64\皜퀜™
2013-10-22 17:12 - 2013-10-22 18:23 - 00000000 ____D C:\Users\Ruben Alemán\Documents\BloodBowlLegendary
2013-10-22 13:04 - 2013-10-22 13:04 - 00000217 _____ C:\Users\Ruben Alemán\Desktop\Blood Bowl Legendary Edition.url
2013-10-19 12:54 - 2013-10-19 12:53 - 01017344 _____ C:\Users\Ruben Alemán\Desktop\Anima_Base_Templates_2nd_Gen.xls
2013-10-18 19:55 - 2013-10-20 15:02 - 102068998 _____ C:\Windows\SysWOW64\妲⪋
2013-10-17 13:42 - 2013-10-17 13:43 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\Material Erstis
2013-10-13 16:12 - 2013-10-13 16:12 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\Fotos Album
2013-10-13 16:12 - 2013-10-13 16:12 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\Bilder Urlaub
2013-10-13 16:03 - 2013-10-13 16:11 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\fotos choza 12_13
2013-10-13 16:00 - 2013-10-13 16:03 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\argentinien12-13
2013-10-13 15:03 - 2013-10-13 15:03 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\Studium
2013-10-12 19:56 - 2013-10-12 19:56 - 100651105 _____ C:\Windows\SysWOW64\濮坑›
2013-10-12 13:57 - 2013-10-12 16:40 - 100615351 _____ C:\Windows\SysWOW64\컦禶
2013-10-11 20:42 - 2013-10-11 20:47 - 72166699 _____ C:\Users\Ruben Alemán\Desktop\dtrpg-2013-10-11_02-43pm.zip
2013-10-11 12:07 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-11 12:07 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-11 12:07 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-11 12:07 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-11 12:07 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-11 12:07 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-11 12:07 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-11 11:14 - 2013-10-11 11:17 - 00003741 _____ C:\Users\Ruben Alemán\Documents\Dragon Age Origins 1.05.log
2013-10-11 00:14 - 2013-09-22 15:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-11 00:14 - 2013-09-22 15:15 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-11 00:14 - 2013-09-22 11:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-10-11 00:14 - 2013-09-22 11:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-11 00:14 - 2013-09-22 11:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-10-11 00:13 - 2013-09-22 16:43 - 17833984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-11 00:13 - 2013-09-22 16:01 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-11 00:13 - 2013-09-22 15:42 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-11 00:13 - 2013-09-22 15:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-11 00:13 - 2013-09-22 15:33 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-11 00:13 - 2013-09-22 15:33 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-11 00:13 - 2013-09-22 15:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-11 00:13 - 2013-09-22 15:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-11 00:13 - 2013-09-22 15:23 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-11 00:13 - 2013-09-22 15:22 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-11 00:13 - 2013-09-22 15:21 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-11 00:13 - 2013-09-22 15:19 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-11 00:13 - 2013-09-22 15:19 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-11 00:13 - 2013-09-22 15:07 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-11 00:13 - 2013-09-22 11:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-11 00:13 - 2013-09-22 11:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-11 00:13 - 2013-09-22 11:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-11 00:13 - 2013-09-22 11:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-10-11 00:13 - 2013-09-22 11:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-11 00:13 - 2013-09-22 11:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-11 00:13 - 2013-09-22 11:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-10-11 00:13 - 2013-09-22 11:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-11 00:13 - 2013-09-22 11:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-10-11 00:13 - 2013-09-22 11:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-11 00:13 - 2013-09-22 11:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-11 00:13 - 2013-09-22 11:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-11 00:13 - 2013-09-22 10:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-10 17:26 - 2013-10-10 17:26 - 00000000 ____D C:\Users\Ruben Alemán\Documents\BioWare
2013-10-10 17:16 - 2013-10-29 00:05 - 00000000 ____D C:\Windows\1C4551A64743409391E41477CD655043.TMP
2013-10-10 17:15 - 2013-10-10 17:15 - 00000782 _____ C:\Users\Public\Desktop\Dragon Age Origins.lnk
2013-10-10 16:46 - 2013-10-10 17:16 - 00021568 _____ C:\Users\Ruben Alemán\Documents\Install Dragon Age Origins.log
2013-10-10 14:42 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 14:42 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-10 14:41 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-10 14:41 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 14:41 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 14:41 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 14:41 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-10 14:41 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-10 14:41 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-10 14:41 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-10 14:41 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 14:41 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-10 14:41 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-10 14:40 - 2013-07-12 11:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-10 14:40 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 14:36 - 2013-07-03 05:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-10 14:36 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 14:36 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 14:35 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-10 14:35 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-10 14:35 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-10 14:35 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-10 14:35 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-10 14:35 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-10 14:35 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-10 14:35 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-10 14:35 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-10 14:35 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-10 14:35 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-10 14:35 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-10 14:35 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-10 14:35 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-10 14:35 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-10 14:35 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-10 14:35 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-10 14:35 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-10 14:35 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-10 14:35 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 14:35 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-10 14:35 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 14:35 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 14:35 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 14:35 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-10 14:35 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-10 14:35 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-10 14:35 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-10 14:35 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 12:51 - 2013-10-10 19:28 - 100305510 _____ C:\Windows\SysWOW64\扙湙3
2013-10-08 21:02 - 2013-10-08 21:02 - 99859239 _____ C:\Windows\SysWOW64\禯燺¢
2013-10-03 11:58 - 2013-10-03 11:58 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Local\ActiveState
2013-10-02 21:33 - 2013-10-02 21:38 - 00000000 ____D C:\Perl64
2013-10-02 21:08 - 2013-10-02 21:08 - 00001885 _____ C:\Users\Public\Desktop\Mobile Connection Manager.lnk
2013-10-02 21:08 - 2013-10-02 21:08 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-10-02 21:08 - 2013-10-02 21:08 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\TGCMLog
2013-10-02 21:08 - 2013-10-02 21:08 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\Telefónica
2013-10-02 21:08 - 2010-11-04 10:52 - 00093696 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys
2013-10-02 21:08 - 2010-10-09 07:49 - 00085504 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2013-10-02 21:08 - 2010-09-26 11:01 - 00055296 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys
2013-10-02 21:08 - 2010-09-26 11:01 - 00029184 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys
2013-10-02 21:08 - 2010-09-03 10:36 - 00196608 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys
2013-10-02 21:08 - 2010-08-31 11:09 - 00256000 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbnet.sys
2013-10-02 21:08 - 2010-08-07 10:49 - 00121600 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2013-10-02 21:08 - 2010-07-27 02:52 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
2013-10-02 21:08 - 2010-05-10 07:22 - 00999936 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys
2013-10-02 21:08 - 2010-03-20 05:06 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2013-10-02 21:08 - 2010-01-18 11:48 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
2013-10-02 21:08 - 2008-03-27 09:51 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01007.dll
2013-10-02 21:07 - 2013-10-02 21:08 - 00000000 ____D C:\Program Files (x86)\HUAWEI Modem Driver
2013-10-02 09:13 - 2013-10-02 09:13 - 00000000 ____D C:\Diensttprogramme
2013-10-02 09:12 - 2013-03-11 13:23 - 08065978 _____ (Goretzki Software Lösungen                                  ) C:\Users\Ruben Alemán\Desktop\Setup Savage-Gen 1.5.1.exe
2013-10-01 17:38 - 2013-10-26 10:08 - 00000047 _____ C:\Users\Ruben Alemán\Desktop\Neues Textdokument (3).txt

==================== One Month Modified Files and Folders =======

2013-10-30 18:12 - 2013-09-16 14:05 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-30 18:12 - 2013-08-08 21:51 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\Skype
2013-10-30 18:08 - 2013-10-30 18:08 - 01956614 _____ (Farbar) C:\Users\Ruben Alemán\Desktop\FRST64.exe
2013-10-30 18:03 - 2013-09-16 14:05 - 00001122 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-30 18:01 - 2012-07-21 02:48 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-30 12:14 - 2011-05-26 13:28 - 00000000 ____D C:\Dienstprogramme
2013-10-30 11:43 - 2009-07-14 06:10 - 02050785 _____ C:\Windows\WindowsUpdate.log
2013-10-30 07:34 - 2011-03-30 15:15 - 00000000 ____D C:\Users\Ruben Alemán
2013-10-29 19:27 - 2013-10-29 18:32 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-29 19:26 - 2013-10-28 23:11 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\mbar
2013-10-29 18:32 - 2013-10-28 23:13 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-10-29 18:28 - 2009-07-14 05:51 - 00140856 _____ C:\Windows\setupact.log
2013-10-29 18:16 - 2013-10-28 23:12 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-29 15:25 - 2009-07-14 18:58 - 00701098 _____ C:\Windows\system32\perfh007.dat
2013-10-29 15:25 - 2009-07-14 18:58 - 00149604 _____ C:\Windows\system32\perfc007.dat
2013-10-29 15:25 - 2009-07-14 06:13 - 01623360 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-29 13:34 - 2009-07-14 05:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-29 13:34 - 2009-07-14 05:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-29 13:25 - 2011-03-26 18:06 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-29 13:25 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-29 00:05 - 2013-10-29 00:05 - 00003676 _____ C:\Windows\PFRO.log
2013-10-29 00:05 - 2013-10-10 17:16 - 00000000 ____D C:\Windows\1C4551A64743409391E41477CD655043.TMP
2013-10-28 18:45 - 2013-10-28 18:45 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Ruben Alemán\Desktop\mbar-1.07.0.1007.exe
2013-10-27 17:39 - 2013-10-27 17:05 - 00000000 ____D C:\Qoobox
2013-10-27 17:39 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-10-27 17:38 - 2013-10-27 17:38 - 00038009 _____ C:\ComboFix.txt
2013-10-27 17:35 - 2013-10-27 17:04 - 00000000 ____D C:\Windows\erdnt
2013-10-27 17:30 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-10-27 17:05 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-27 16:49 - 2013-10-27 16:49 - 05136694 ____R (Swearware) C:\Users\Ruben Alemán\Desktop\ComboFix.exe
2013-10-27 16:18 - 2013-10-27 16:18 - 00000000 ____D C:\FRST
2013-10-27 08:51 - 2012-04-06 16:59 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\Sonstiges
2013-10-27 00:11 - 2013-10-27 00:11 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\AVAST Software
2013-10-27 00:09 - 2013-10-27 00:09 - 00001946 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-10-27 00:07 - 2013-10-27 00:07 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-10-27 00:07 - 2013-10-27 00:07 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-10-27 00:07 - 2013-10-27 00:07 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-10-27 00:07 - 2013-10-27 00:07 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-10-27 00:07 - 2013-10-27 00:07 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-10-27 00:07 - 2013-10-27 00:07 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-10-27 00:07 - 2013-10-27 00:07 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-10-27 00:07 - 2013-10-27 00:07 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-10-27 00:00 - 2013-10-26 23:59 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-26 19:22 - 2013-10-26 19:22 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\Malwarebytes
2013-10-26 19:21 - 2013-10-26 19:21 - 00000897 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-26 19:21 - 2013-10-26 19:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-26 19:20 - 2013-10-26 19:20 - 00000000 ____D C:\Dienstprogramme)
2013-10-26 19:18 - 2013-10-26 19:17 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Ruben Alemán\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-26 14:40 - 2013-10-26 14:40 - 103108672 _____ C:\Windows\SysWOW64\鬎͞Ž
2013-10-26 12:15 - 2013-07-06 01:52 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-26 10:08 - 2013-10-01 17:38 - 00000047 _____ C:\Users\Ruben Alemán\Desktop\Neues Textdokument (3).txt
2013-10-23 16:08 - 2013-10-23 12:18 - 102551358 _____ C:\Windows\SysWOW64\皜퀜™
2013-10-22 18:23 - 2013-10-22 17:12 - 00000000 ____D C:\Users\Ruben Alemán\Documents\BloodBowlLegendary
2013-10-22 17:10 - 2011-03-27 00:52 - 00364554 _____ C:\Windows\DirectX.log
2013-10-22 13:14 - 2012-10-04 22:09 - 00000000 ____D C:\Spiele
2013-10-22 13:04 - 2013-10-22 13:04 - 00000217 _____ C:\Users\Ruben Alemán\Desktop\Blood Bowl Legendary Edition.url
2013-10-22 12:50 - 2013-09-16 14:05 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-22 12:50 - 2012-01-10 22:45 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Local\Google
2013-10-22 12:15 - 2012-09-20 02:18 - 00000000 ____D C:\Filme
2013-10-20 15:02 - 2013-10-18 19:55 - 102068998 _____ C:\Windows\SysWOW64\妲⪋
2013-10-19 12:53 - 2013-10-19 12:54 - 01017344 _____ C:\Users\Ruben Alemán\Desktop\Anima_Base_Templates_2nd_Gen.xls
2013-10-17 13:43 - 2013-10-17 13:42 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\Material Erstis
2013-10-15 17:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-10-13 16:12 - 2013-10-13 16:12 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\Fotos Album
2013-10-13 16:12 - 2013-10-13 16:12 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\Bilder Urlaub
2013-10-13 16:11 - 2013-10-13 16:03 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\fotos choza 12_13
2013-10-13 16:03 - 2013-10-13 16:00 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\argentinien12-13
2013-10-13 15:03 - 2013-10-13 15:03 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\Studium
2013-10-12 19:56 - 2013-10-12 19:56 - 100651105 _____ C:\Windows\SysWOW64\濮坑›
2013-10-12 16:40 - 2013-10-12 13:57 - 100615351 _____ C:\Windows\SysWOW64\컦禶
2013-10-11 20:47 - 2013-10-11 20:42 - 72166699 _____ C:\Users\Ruben Alemán\Desktop\dtrpg-2013-10-11_02-43pm.zip
2013-10-11 14:11 - 2013-09-16 14:05 - 00004118 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-11 14:11 - 2013-09-16 14:05 - 00003866 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-11 11:17 - 2013-10-11 11:14 - 00003741 _____ C:\Users\Ruben Alemán\Documents\Dragon Age Origins 1.05.log
2013-10-11 09:01 - 2009-07-14 05:45 - 00417888 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 00:22 - 2011-06-20 21:12 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-11 00:19 - 2013-03-16 04:16 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 00:19 - 2013-03-16 04:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-11 00:13 - 2011-03-30 15:23 - 01601618 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-11 00:07 - 2013-07-18 08:04 - 00000000 ____D C:\Windows\system32\MRT
2013-10-11 00:04 - 2011-05-28 10:06 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 19:28 - 2013-10-09 12:51 - 100305510 _____ C:\Windows\SysWOW64\扙湙3
2013-10-10 17:26 - 2013-10-10 17:26 - 00000000 ____D C:\Users\Ruben Alemán\Documents\BioWare
2013-10-10 17:16 - 2013-10-10 16:46 - 00021568 _____ C:\Users\Ruben Alemán\Documents\Install Dragon Age Origins.log
2013-10-10 17:15 - 2013-10-10 17:15 - 00000782 _____ C:\Users\Public\Desktop\Dragon Age Origins.lnk
2013-10-10 07:27 - 2012-07-21 02:48 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-10 00:16 - 2012-06-07 21:53 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-10 00:16 - 2011-05-26 12:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 12:49 - 2012-03-25 11:53 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\Dropbox
2013-10-09 12:49 - 2011-03-30 15:18 - 00000000 ___RD C:\Users\Ruben Alemán\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-08 21:02 - 2013-10-08 21:02 - 99859239 _____ C:\Windows\SysWOW64\禯燺¢
2013-10-07 07:46 - 2013-07-30 13:57 - 00000000 ___RD C:\Users\Ruben Alemán\Dropbox
2013-10-05 17:41 - 2011-06-02 17:50 - 00000000 ___RD C:\Users\Ruben Alemán\Desktop\Musik
2013-10-05 17:39 - 2013-04-21 17:42 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\P & P Rollenspiele
2013-10-04 06:49 - 2011-07-30 11:08 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Local\Mozilla
2013-10-03 12:50 - 2012-06-07 21:47 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Local\Microsoft Games
2013-10-03 12:49 - 2011-05-28 01:47 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-10-03 11:58 - 2013-10-03 11:58 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Local\ActiveState
2013-10-02 21:38 - 2013-10-02 21:33 - 00000000 ____D C:\Perl64
2013-10-02 21:08 - 2013-10-02 21:08 - 00001885 _____ C:\Users\Public\Desktop\Mobile Connection Manager.lnk
2013-10-02 21:08 - 2013-10-02 21:08 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-10-02 21:08 - 2013-10-02 21:08 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\TGCMLog
2013-10-02 21:08 - 2013-10-02 21:08 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\Telefónica
2013-10-02 21:08 - 2013-10-02 21:07 - 00000000 ____D C:\Program Files (x86)\HUAWEI Modem Driver
2013-10-02 09:13 - 2013-10-02 09:13 - 00000000 ____D C:\Diensttprogramme

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-26 17:51

==================== End Of Log ============================

--- --- ---

--- --- ---

cosinus · 30.10.2013, 21:52

Schön

Adware/Junkware/Toolbars entfernen

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Taru · 31.10.2013, 11:37

Code:

ATTFilter

# AdwCleaner v3.010 - Bericht erstellt am 31/10/2013 um 11:19:07
# Updated 20/10/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Ruben Alemán - RUBEN-PC
# Gestartet von : C:\Users\Ruben Alemán\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Plasmoo
Ordner Gelöscht : C:\Users\Ruben Alemán\AppData\LocalLow\facemoods.com
Ordner Gelöscht : C:\Users\Ruben Alemán\AppData\Roaming\Media Finder
Ordner Gelöscht : C:\Users\Ruben Alemán\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Datei Gelöscht : C:\Users\Ruben Alemán\AppData\Roaming\Mozilla\Firefox\Profiles\iwgkyse6.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{0C58B7D1-D415-492B-A149-E976156BD3B8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKCU\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\MediaFinder
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16514

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

-\\ Mozilla Firefox v22.0 (de)

[ Datei : C:\Users\Ruben Alemán\AppData\Roaming\Mozilla\Firefox\Profiles\iwgkyse6.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.facemoods.aflt", "_#ddrnw");
Zeile gelöscht : user_pref("extensions.facemoods.firstRun", false);
Zeile gelöscht : user_pref("extensions.facemoods.lastActv", "24");

[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\ixu9gia0.default\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\Ruben Alemán\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4796 octets] - [31/10/2013 11:16:42]
AdwCleaner[S0].txt - [4222 octets] - [31/10/2013 11:19:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4282 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Home Premium x64
Ran by Ruben Alem*n on 31.10.2013 at 11:26:20,23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\sho11DC.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho1521.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho1A5.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho5462.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho55B5.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6F91.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho6F9B.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8462.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho84D0.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho8D42.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoAC31.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB34F.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB521.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoB940.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoD7A0.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoE913.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoECF6.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoF03A.tmp



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Ruben Alem*n\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.10.2013 at 11:33:39,23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2013
Ran by Ruben Alemán (administrator) on RUBEN-PC on 31-10-2013 11:35:01
Running from C:\Users\Ruben Alemán\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Dienstprogramme\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Dienstprogramme)\Malwarebytes' Anti-Malware\mbamscheduler.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Telefónica) C:\Dienstprogramme\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Sony Corporation) C:\Dienstprogramme\ReaderDesktop\appHelper\ReaderAppHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard) C:\Dienstprogramme\HP Software Update\hpwuschd2.exe
(Geek Software GmbH) C:\Dienstprogramme\PDF24\pdf24.exe
(AVAST Software) C:\Dienstprogramme\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Valve Corporation) C:\Dienstprogramme\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Dienstprogramme\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Dienstprogramme\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2370856 2010-09-24] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6560360 2010-12-08] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2010-12-01] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel(R) Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Steam] - C:\Dienstprogramme\Steam\Steam.exe [1813928 2013-10-09] (Valve Corporation)
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Ruben Alemán\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKCU\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKCU\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Reader Application Helper] - C:\Dienstprogramme\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2013-03-18] (Sony Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [HP Software Update] - C:\Dienstprogramme\HP Software Update\hpwuschd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM-x32\...\Run: [PDFPrint] - C:\Dienstprogramme\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Dienstprogramme\AVAST Software\Avast\avastui.exe [3567800 2013-10-27] (AVAST Software)
Startup: C:\Users\Ruben Alemán\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:21320
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {943D163A-270E-4A9A-930E-42D90591EFAD} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {43542C3D-EA61-4E38-B9D0-78A37B254BE5} URL = 
SearchScopes: HKCU - {943D163A-270E-4A9A-930E-42D90591EFAD} URL = 
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Dienstprogramme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Dienstprogramme\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Dienstprogramme\Java\bin\ssv.dll No File
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Dienstprogramme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Dienstprogramme\Free Download Manager\iefdm2.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Dienstprogramme\Java\bin\jp2ssv.dll No File
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Dienstprogramme\Digital Imaging\Smart Web Printing\hpswp_BHO.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Dienstprogramme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Dienstprogramme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM {682C59F5-478C-4421-9070-AD170D143B77} hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd64.cab
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Ruben Alemán\AppData\Roaming\Mozilla\Firefox\Profiles\iwgkyse6.default
FF DefaultSearchEngine: Ixquick
FF SelectedSearchEngine: Ixquick
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Dienstprogramme\Java\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @sony.com/ReaderDesktop - C:\Dienstprogramme\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Dienstprogramme\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @bittorrent.com/BitTorrentDNA - C:\Users\Ruben Alemán\Program Files (x86)\DNA\plugins\npbtdna.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Ruben Alemán\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Ruben Alemán\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Ruben Alemán\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Ruben Alemán\AppData\Roaming\Mozilla\Firefox\Profiles\iwgkyse6.default\searchplugins\ixquick.xml
FF Extension: HTTPS-Everywhere - C:\Users\Ruben Alemán\AppData\Roaming\Mozilla\Firefox\Profiles\iwgkyse6.default\Extensions\https-everywhere@eff.org
FF Extension: fdm_ffext - C:\Users\Ruben Alemán\AppData\Roaming\Mozilla\Firefox\Profiles\iwgkyse6.default\Extensions\fdm_ffext@freedownloadmanager.org
FF Extension: firefox - C:\Users\Ruben Alemán\AppData\Roaming\Mozilla\Firefox\Profiles\iwgkyse6.default\Extensions\firefox@ghostery.com.xpi
FF Extension: Adblock Plus - C:\Users\Ruben Alemán\AppData\Roaming\Mozilla\Firefox\Profiles\iwgkyse6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Dienstprogramme\Steganos Password Manager 12\spmplugin3
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Dienstprogramme\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Dienstprogramme\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Dienstprogramme\AVAST Software\Avast\WebRep\FF
FF HKCU\...\Firefox\Extensions: [{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}] - C:\Users\Ruben Alemán\Program Files (x86)\DNA
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Dienstprogramme\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF StartMenuInternet: FIREFOX.EXE - C:\Dienstprogramme\Mozilla Firefox\firefox.exe

Chrome: 
=======
CHR HomePage: https://ixquick.com/deu/
CHR RestoreOnStartup: "https://ixquick.com/deu/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Ruben Alem\u00E1n\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ruben Alem\u00E1n\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Ruben Alem\u00E1n\AppData\Local\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Mixesoft Click&Clean Plug-In) - C:\Users\Ruben Alem\u00E1n\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin/npccch32.dll No File
CHR Plugin: (Bitdefender QuickScan) - C:\Users\Ruben Alem\u00E1n\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin/npqscan.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Musicnotes) - C:\Dienstprogramme\Musicnotes\npmusicn.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Dienstprogramme\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Reader Application Detector) - C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (Google Update) - C:\Users\Ruben Alem\u00E1n\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (YouTube) - C:\Users\RUBENA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\RUBENA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0
CHR Extension: (Google Search) - C:\Users\RUBENA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Facebook Disconnect) - C:\Users\RUBENA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0
CHR Extension: (IBA Opt-out (by Google)) - C:\Users\RUBENA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb\1.5_0
CHR Extension: (Click&Clean) - C:\Users\RUBENA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\8.3_0
CHR Extension: (AdBlock) - C:\Users\RUBENA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0
CHR Extension: (avast! Online Security) - C:\Users\RUBENA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0
CHR Extension: (Minecraft Origins) - C:\Users\RUBENA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooemofofigijedhcifaimglnncjmckaa\1.0.2_0
CHR Extension: (Gmail) - C:\Users\RUBENA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Dienstprogramme\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Ruben Alemán\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 avast! Antivirus; C:\Dienstprogramme\AVAST Software\Avast\AvastSvc.exe [50344 2013-10-27] (AVAST Software)
S2 C2TNServer; C:\Dienstprogramme\C2TN\C2TN\wrapper.exe [204800 2011-08-18] ()
S3 DAUpdaterSvc; C:\Spiele\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-12-15] (BioWare)
R2 HPSLPSVC; C:\Dienstprogramme\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-23] (Hewlett-Packard Co.)
R2 MBAMScheduler; C:\Dienstprogramme)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Dienstprogramme)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4264632 2011-05-15] (INCA Internet Co., Ltd.)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] ()
S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 TGCM_ImportWiFiSvc; C:\Dienstprogramme\o2\Mobile Connection Manager\ImpWiFiSvc.exe [201080 2011-06-14] (Telefónica)
S3 hpqcxs08; C:\Dienstprogramme\Digital Imaging\bin\hpqcxs08.dll [x]

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-10-27] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-10-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-10-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-10-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-10-27] ()
R3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284008 2012-10-08] (NVIDIA Corporation)
S3 NvStUSB; C:\Windows\system32\DRIVERS\nvstusb.sys [121960 2011-01-31] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S4 dump_wmimmc; \??\C:\Spiele\CABAL Online\GameGuard\dump_wmimmc.sys [x]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x]
S3 ZTEusbvoice; system32\DRIVERS\ZTEusbvoice.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-31 11:33 - 2013-10-31 11:33 - 00001983 _____ C:\Users\Ruben Alemán\Desktop\JRT.txt
2013-10-31 11:26 - 2013-10-31 11:26 - 00000000 ____D C:\Windows\ERUNT
2013-10-31 11:25 - 2013-10-31 11:24 - 01033335 _____ (Thisisu) C:\Users\Ruben Alemán\Desktop\JRT.exe
2013-10-31 11:16 - 2013-10-31 11:19 - 00000000 ____D C:\AdwCleaner
2013-10-30 21:55 - 2013-10-31 11:15 - 01060070 _____ C:\Users\Ruben Alemán\Desktop\adwcleaner.exe
2013-10-30 18:08 - 2013-10-31 11:34 - 01956614 _____ (Farbar) C:\Users\Ruben Alemán\Desktop\FRST64.exe
2013-10-29 18:32 - 2013-10-29 19:27 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-29 00:05 - 2013-10-29 00:05 - 00003676 _____ C:\Windows\PFRO.log
2013-10-28 23:13 - 2013-10-29 18:32 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-10-28 23:12 - 2013-10-29 18:16 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-28 23:11 - 2013-10-29 19:26 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\mbar
2013-10-28 18:45 - 2013-10-28 18:45 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Ruben Alemán\Desktop\mbar-1.07.0.1007.exe
2013-10-27 17:38 - 2013-10-27 17:38 - 00038009 _____ C:\ComboFix.txt
2013-10-27 17:09 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-27 17:09 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-27 17:09 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-27 17:09 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-27 17:09 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-27 17:09 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-27 17:09 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-27 17:09 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-27 17:05 - 2013-10-27 17:39 - 00000000 ____D C:\Qoobox
2013-10-27 17:04 - 2013-10-27 17:35 - 00000000 ____D C:\Windows\erdnt
2013-10-27 16:49 - 2013-10-27 16:49 - 05136694 ____R (Swearware) C:\Users\Ruben Alemán\Desktop\ComboFix.exe
2013-10-27 16:18 - 2013-10-27 16:18 - 00000000 ____D C:\FRST
2013-10-27 00:11 - 2013-10-27 00:11 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\AVAST Software
2013-10-27 00:09 - 2013-10-27 00:09 - 00001946 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-10-27 00:07 - 2013-10-27 00:07 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-10-27 00:07 - 2013-10-27 00:07 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-10-27 00:07 - 2013-10-27 00:07 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-10-27 00:07 - 2013-10-27 00:07 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-10-27 00:07 - 2013-10-27 00:07 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-10-27 00:07 - 2013-10-27 00:07 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-10-27 00:07 - 2013-10-27 00:07 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-10-27 00:07 - 2013-10-27 00:07 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-10-26 23:59 - 2013-10-27 00:00 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-26 19:22 - 2013-10-26 19:22 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\Malwarebytes
2013-10-26 19:21 - 2013-10-26 19:21 - 00000897 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-26 19:21 - 2013-10-26 19:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-26 19:20 - 2013-10-26 19:20 - 00000000 ____D C:\Dienstprogramme)
2013-10-26 19:20 - 2013-04-04 13:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-26 19:17 - 2013-10-26 19:18 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Ruben Alemán\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-26 14:40 - 2013-10-26 14:40 - 103108672 _____ C:\Windows\SysWOW64\鬎͞Ž
2013-10-23 12:18 - 2013-10-23 16:08 - 102551358 _____ C:\Windows\SysWOW64\皜퀜™
2013-10-22 17:12 - 2013-10-22 18:23 - 00000000 ____D C:\Users\Ruben Alemán\Documents\BloodBowlLegendary
2013-10-22 13:04 - 2013-10-22 13:04 - 00000217 _____ C:\Users\Ruben Alemán\Desktop\Blood Bowl Legendary Edition.url
2013-10-19 12:54 - 2013-10-19 12:53 - 01017344 _____ C:\Users\Ruben Alemán\Desktop\Anima_Base_Templates_2nd_Gen.xls
2013-10-18 19:55 - 2013-10-20 15:02 - 102068998 _____ C:\Windows\SysWOW64\妲⪋
2013-10-17 13:42 - 2013-10-17 13:43 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\Material Erstis
2013-10-13 16:12 - 2013-10-13 16:12 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\Fotos Album
2013-10-13 16:12 - 2013-10-13 16:12 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\Bilder Urlaub
2013-10-13 16:03 - 2013-10-13 16:11 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\fotos choza 12_13
2013-10-13 16:00 - 2013-10-13 16:03 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\argentinien12-13
2013-10-13 15:03 - 2013-10-13 15:03 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\Studium
2013-10-12 19:56 - 2013-10-12 19:56 - 100651105 _____ C:\Windows\SysWOW64\濮坑›
2013-10-12 13:57 - 2013-10-12 16:40 - 100615351 _____ C:\Windows\SysWOW64\컦禶
2013-10-11 20:42 - 2013-10-11 20:47 - 72166699 _____ C:\Users\Ruben Alemán\Desktop\dtrpg-2013-10-11_02-43pm.zip
2013-10-11 12:07 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-11 12:07 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-11 12:07 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-11 12:07 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-11 12:07 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-11 12:07 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-11 12:07 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-11 11:14 - 2013-10-11 11:17 - 00003741 _____ C:\Users\Ruben Alemán\Documents\Dragon Age Origins 1.05.log
2013-10-11 00:14 - 2013-09-22 15:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-11 00:14 - 2013-09-22 15:15 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-11 00:14 - 2013-09-22 11:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-10-11 00:14 - 2013-09-22 11:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-11 00:14 - 2013-09-22 11:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-10-11 00:13 - 2013-09-22 16:43 - 17833984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-11 00:13 - 2013-09-22 16:01 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-11 00:13 - 2013-09-22 15:42 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-11 00:13 - 2013-09-22 15:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-11 00:13 - 2013-09-22 15:33 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-11 00:13 - 2013-09-22 15:33 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-11 00:13 - 2013-09-22 15:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-11 00:13 - 2013-09-22 15:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-11 00:13 - 2013-09-22 15:23 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-11 00:13 - 2013-09-22 15:22 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-11 00:13 - 2013-09-22 15:21 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-11 00:13 - 2013-09-22 15:19 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-11 00:13 - 2013-09-22 15:19 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-11 00:13 - 2013-09-22 15:07 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-11 00:13 - 2013-09-22 11:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-11 00:13 - 2013-09-22 11:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-11 00:13 - 2013-09-22 11:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-11 00:13 - 2013-09-22 11:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-10-11 00:13 - 2013-09-22 11:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-11 00:13 - 2013-09-22 11:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-11 00:13 - 2013-09-22 11:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-10-11 00:13 - 2013-09-22 11:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-11 00:13 - 2013-09-22 11:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-10-11 00:13 - 2013-09-22 11:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-11 00:13 - 2013-09-22 11:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-11 00:13 - 2013-09-22 11:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-11 00:13 - 2013-09-22 10:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-10 17:26 - 2013-10-10 17:26 - 00000000 ____D C:\Users\Ruben Alemán\Documents\BioWare
2013-10-10 17:16 - 2013-10-29 00:05 - 00000000 ____D C:\Windows\1C4551A64743409391E41477CD655043.TMP
2013-10-10 17:15 - 2013-10-10 17:15 - 00000782 _____ C:\Users\Public\Desktop\Dragon Age Origins.lnk
2013-10-10 16:46 - 2013-10-10 17:16 - 00021568 _____ C:\Users\Ruben Alemán\Documents\Install Dragon Age Origins.log
2013-10-10 14:42 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 14:42 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-10 14:41 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-10 14:41 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 14:41 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 14:41 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 14:41 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-10 14:41 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-10 14:41 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-10 14:41 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-10 14:41 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 14:41 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-10 14:41 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-10 14:40 - 2013-07-12 11:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-10 14:40 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 14:36 - 2013-07-03 05:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-10 14:36 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 14:36 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 14:35 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-10 14:35 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-10 14:35 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-10 14:35 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-10 14:35 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-10 14:35 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-10 14:35 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-10 14:35 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-10 14:35 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-10 14:35 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-10 14:35 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-10 14:35 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-10 14:35 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-10 14:35 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-10 14:35 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-10 14:35 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-10 14:35 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-10 14:35 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-10 14:35 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-10 14:35 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 14:35 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-10 14:35 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 14:35 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 14:35 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 14:35 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-10 14:35 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-10 14:35 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-10 14:35 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-10 14:35 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 12:51 - 2013-10-10 19:28 - 100305510 _____ C:\Windows\SysWOW64\扙湙3
2013-10-08 21:02 - 2013-10-08 21:02 - 99859239 _____ C:\Windows\SysWOW64\禯燺¢
2013-10-03 11:58 - 2013-10-03 11:58 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Local\ActiveState
2013-10-02 21:33 - 2013-10-02 21:38 - 00000000 ____D C:\Perl64
2013-10-02 21:08 - 2013-10-02 21:08 - 00001885 _____ C:\Users\Public\Desktop\Mobile Connection Manager.lnk
2013-10-02 21:08 - 2013-10-02 21:08 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-10-02 21:08 - 2013-10-02 21:08 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\TGCMLog
2013-10-02 21:08 - 2013-10-02 21:08 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\Telefónica
2013-10-02 21:08 - 2010-11-04 10:52 - 00093696 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys
2013-10-02 21:08 - 2010-10-09 07:49 - 00085504 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2013-10-02 21:08 - 2010-09-26 11:01 - 00055296 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys
2013-10-02 21:08 - 2010-09-26 11:01 - 00029184 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys
2013-10-02 21:08 - 2010-09-03 10:36 - 00196608 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys
2013-10-02 21:08 - 2010-08-31 11:09 - 00256000 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbnet.sys
2013-10-02 21:08 - 2010-08-07 10:49 - 00121600 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2013-10-02 21:08 - 2010-07-27 02:52 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
2013-10-02 21:08 - 2010-05-10 07:22 - 00999936 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys
2013-10-02 21:08 - 2010-03-20 05:06 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2013-10-02 21:08 - 2010-01-18 11:48 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
2013-10-02 21:08 - 2008-03-27 09:51 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01007.dll
2013-10-02 21:07 - 2013-10-02 21:08 - 00000000 ____D C:\Program Files (x86)\HUAWEI Modem Driver
2013-10-02 09:13 - 2013-10-02 09:13 - 00000000 ____D C:\Diensttprogramme
2013-10-02 09:12 - 2013-03-11 13:23 - 08065978 _____ (Goretzki Software Lösungen                                  ) C:\Users\Ruben Alemán\Desktop\Setup Savage-Gen 1.5.1.exe
2013-10-01 17:38 - 2013-10-26 10:08 - 00000047 _____ C:\Users\Ruben Alemán\Desktop\Neues Textdokument (3).txt

==================== One Month Modified Files and Folders =======

2013-10-31 11:34 - 2013-10-30 18:08 - 01956614 _____ (Farbar) C:\Users\Ruben Alemán\Desktop\FRST64.exe
2013-10-31 11:33 - 2013-10-31 11:33 - 00001983 _____ C:\Users\Ruben Alemán\Desktop\JRT.txt
2013-10-31 11:30 - 2009-07-14 05:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-31 11:30 - 2009-07-14 05:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-31 11:29 - 2009-07-14 18:58 - 00701098 _____ C:\Windows\system32\perfh007.dat
2013-10-31 11:29 - 2009-07-14 18:58 - 00149604 _____ C:\Windows\system32\perfc007.dat
2013-10-31 11:29 - 2009-07-14 06:13 - 01623360 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-31 11:26 - 2013-10-31 11:26 - 00000000 ____D C:\Windows\ERUNT
2013-10-31 11:25 - 2013-08-08 21:51 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\Skype
2013-10-31 11:24 - 2013-10-31 11:25 - 01033335 _____ (Thisisu) C:\Users\Ruben Alemán\Desktop\JRT.exe
2013-10-31 11:21 - 2013-09-16 14:05 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-31 11:21 - 2011-03-26 18:06 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-31 11:21 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-31 11:21 - 2009-07-14 05:51 - 00141024 _____ C:\Windows\setupact.log
2013-10-31 11:20 - 2009-07-14 06:10 - 02068553 _____ C:\Windows\WindowsUpdate.log
2013-10-31 11:19 - 2013-10-31 11:16 - 00000000 ____D C:\AdwCleaner
2013-10-31 11:16 - 2013-09-16 14:05 - 00001122 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-31 11:15 - 2013-10-30 21:55 - 01060070 _____ C:\Users\Ruben Alemán\Desktop\adwcleaner.exe
2013-10-31 11:15 - 2012-07-21 02:48 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-30 12:14 - 2011-05-26 13:28 - 00000000 ____D C:\Dienstprogramme
2013-10-30 07:34 - 2011-03-30 15:15 - 00000000 ____D C:\Users\Ruben Alemán
2013-10-29 19:27 - 2013-10-29 18:32 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-29 19:26 - 2013-10-28 23:11 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\mbar
2013-10-29 18:32 - 2013-10-28 23:13 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-10-29 18:16 - 2013-10-28 23:12 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-29 00:05 - 2013-10-29 00:05 - 00003676 _____ C:\Windows\PFRO.log
2013-10-29 00:05 - 2013-10-10 17:16 - 00000000 ____D C:\Windows\1C4551A64743409391E41477CD655043.TMP
2013-10-28 18:45 - 2013-10-28 18:45 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Ruben Alemán\Desktop\mbar-1.07.0.1007.exe
2013-10-27 17:39 - 2013-10-27 17:05 - 00000000 ____D C:\Qoobox
2013-10-27 17:39 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-10-27 17:38 - 2013-10-27 17:38 - 00038009 _____ C:\ComboFix.txt
2013-10-27 17:35 - 2013-10-27 17:04 - 00000000 ____D C:\Windows\erdnt
2013-10-27 17:30 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-10-27 17:05 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-27 16:49 - 2013-10-27 16:49 - 05136694 ____R (Swearware) C:\Users\Ruben Alemán\Desktop\ComboFix.exe
2013-10-27 16:18 - 2013-10-27 16:18 - 00000000 ____D C:\FRST
2013-10-27 08:51 - 2012-04-06 16:59 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\Sonstiges
2013-10-27 00:11 - 2013-10-27 00:11 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\AVAST Software
2013-10-27 00:09 - 2013-10-27 00:09 - 00001946 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-10-27 00:07 - 2013-10-27 00:07 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-10-27 00:07 - 2013-10-27 00:07 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-10-27 00:07 - 2013-10-27 00:07 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-10-27 00:07 - 2013-10-27 00:07 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-10-27 00:07 - 2013-10-27 00:07 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-10-27 00:07 - 2013-10-27 00:07 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-10-27 00:07 - 2013-10-27 00:07 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-10-27 00:07 - 2013-10-27 00:07 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-10-27 00:00 - 2013-10-26 23:59 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-26 19:22 - 2013-10-26 19:22 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\Malwarebytes
2013-10-26 19:21 - 2013-10-26 19:21 - 00000897 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-26 19:21 - 2013-10-26 19:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-26 19:20 - 2013-10-26 19:20 - 00000000 ____D C:\Dienstprogramme)
2013-10-26 19:18 - 2013-10-26 19:17 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Ruben Alemán\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-26 14:40 - 2013-10-26 14:40 - 103108672 _____ C:\Windows\SysWOW64\鬎͞Ž
2013-10-26 12:15 - 2013-07-06 01:52 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-26 10:08 - 2013-10-01 17:38 - 00000047 _____ C:\Users\Ruben Alemán\Desktop\Neues Textdokument (3).txt
2013-10-23 16:08 - 2013-10-23 12:18 - 102551358 _____ C:\Windows\SysWOW64\皜퀜™
2013-10-22 18:23 - 2013-10-22 17:12 - 00000000 ____D C:\Users\Ruben Alemán\Documents\BloodBowlLegendary
2013-10-22 17:10 - 2011-03-27 00:52 - 00364554 _____ C:\Windows\DirectX.log
2013-10-22 13:14 - 2012-10-04 22:09 - 00000000 ____D C:\Spiele
2013-10-22 13:04 - 2013-10-22 13:04 - 00000217 _____ C:\Users\Ruben Alemán\Desktop\Blood Bowl Legendary Edition.url
2013-10-22 12:50 - 2013-09-16 14:05 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-22 12:50 - 2012-01-10 22:45 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Local\Google
2013-10-22 12:15 - 2012-09-20 02:18 - 00000000 ____D C:\Filme
2013-10-20 15:02 - 2013-10-18 19:55 - 102068998 _____ C:\Windows\SysWOW64\妲⪋
2013-10-19 12:53 - 2013-10-19 12:54 - 01017344 _____ C:\Users\Ruben Alemán\Desktop\Anima_Base_Templates_2nd_Gen.xls
2013-10-17 13:43 - 2013-10-17 13:42 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\Material Erstis
2013-10-15 17:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-10-13 16:12 - 2013-10-13 16:12 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\Fotos Album
2013-10-13 16:12 - 2013-10-13 16:12 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\Bilder Urlaub
2013-10-13 16:11 - 2013-10-13 16:03 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\fotos choza 12_13
2013-10-13 16:03 - 2013-10-13 16:00 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\argentinien12-13
2013-10-13 15:03 - 2013-10-13 15:03 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\Studium
2013-10-12 19:56 - 2013-10-12 19:56 - 100651105 _____ C:\Windows\SysWOW64\濮坑›
2013-10-12 16:40 - 2013-10-12 13:57 - 100615351 _____ C:\Windows\SysWOW64\컦禶
2013-10-11 20:47 - 2013-10-11 20:42 - 72166699 _____ C:\Users\Ruben Alemán\Desktop\dtrpg-2013-10-11_02-43pm.zip
2013-10-11 14:11 - 2013-09-16 14:05 - 00004118 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-11 14:11 - 2013-09-16 14:05 - 00003866 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-11 11:17 - 2013-10-11 11:14 - 00003741 _____ C:\Users\Ruben Alemán\Documents\Dragon Age Origins 1.05.log
2013-10-11 09:01 - 2009-07-14 05:45 - 00417888 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 00:22 - 2011-06-20 21:12 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-11 00:19 - 2013-03-16 04:16 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 00:19 - 2013-03-16 04:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-11 00:13 - 2011-03-30 15:23 - 01601618 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-11 00:07 - 2013-07-18 08:04 - 00000000 ____D C:\Windows\system32\MRT
2013-10-11 00:04 - 2011-05-28 10:06 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 19:28 - 2013-10-09 12:51 - 100305510 _____ C:\Windows\SysWOW64\扙湙3
2013-10-10 17:26 - 2013-10-10 17:26 - 00000000 ____D C:\Users\Ruben Alemán\Documents\BioWare
2013-10-10 17:16 - 2013-10-10 16:46 - 00021568 _____ C:\Users\Ruben Alemán\Documents\Install Dragon Age Origins.log
2013-10-10 17:15 - 2013-10-10 17:15 - 00000782 _____ C:\Users\Public\Desktop\Dragon Age Origins.lnk
2013-10-10 07:27 - 2012-07-21 02:48 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-10 00:16 - 2012-06-07 21:53 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-10 00:16 - 2011-05-26 12:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 12:49 - 2012-03-25 11:53 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\Dropbox
2013-10-09 12:49 - 2011-03-30 15:18 - 00000000 ___RD C:\Users\Ruben Alemán\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-08 21:02 - 2013-10-08 21:02 - 99859239 _____ C:\Windows\SysWOW64\禯燺¢
2013-10-07 07:46 - 2013-07-30 13:57 - 00000000 ___RD C:\Users\Ruben Alemán\Dropbox
2013-10-05 17:41 - 2011-06-02 17:50 - 00000000 ___RD C:\Users\Ruben Alemán\Desktop\Musik
2013-10-05 17:39 - 2013-04-21 17:42 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\P & P Rollenspiele
2013-10-04 06:49 - 2011-07-30 11:08 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Local\Mozilla
2013-10-03 12:50 - 2012-06-07 21:47 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Local\Microsoft Games
2013-10-03 12:49 - 2011-05-28 01:47 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-10-03 11:58 - 2013-10-03 11:58 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Local\ActiveState
2013-10-02 21:38 - 2013-10-02 21:33 - 00000000 ____D C:\Perl64
2013-10-02 21:08 - 2013-10-02 21:08 - 00001885 _____ C:\Users\Public\Desktop\Mobile Connection Manager.lnk
2013-10-02 21:08 - 2013-10-02 21:08 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-10-02 21:08 - 2013-10-02 21:08 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\TGCMLog
2013-10-02 21:08 - 2013-10-02 21:08 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\Telefónica
2013-10-02 21:08 - 2013-10-02 21:07 - 00000000 ____D C:\Program Files (x86)\HUAWEI Modem Driver
2013-10-02 09:13 - 2013-10-02 09:13 - 00000000 ____D C:\Diensttprogramme

Some content of TEMP:
====================
C:\Users\Ruben Alemán\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-26 17:51

==================== End Of Log ============================

--- --- ---

cosinus · 01.11.2013, 00:10

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Taru · 01.11.2013, 00:44

ich habe jetzt Anti-Malware schon installiert gehabt, während der trojaner aktiv war; soll ich das programm neu installieren?

cosinus · 01.11.2013, 00:53

Mach es ruhig, schaden wird es nicht

Taru · 01.11.2013, 20:37

Gleich vier Funde...

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=e0b878a748ab344c80baed8c9633cd5d
# engine=15718
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-01 02:30:00
# local_time=2013-11-01 03:30:00 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 66 85 9600990 134902850 0 0
# scanned=270581
# found=4
# cleaned=0
# scan_time=9381
sh=46C1319EE38510C365A4226621DE30BDF7E462FF ft=1 fh=662930a683ab766b vn="Win64/Conedex.C trojan" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Google\Desktop\Install\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\9519~1\A535~1\E628~1\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\00000004.@.vir"
sh=A065922E48E274F827BC8A04091A44632D498373 ft=1 fh=f3684398a5f5cf1b vn="Win64/Conedex.I trojan" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Google\Desktop\Install\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\9519~1\A535~1\E628~1\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\00000008.@.vir"
sh=C7EA4E12ED380165FAC4E1AE2A8B764F6A61327E ft=1 fh=0daf92794ff3c3d1 vn="a variant of Win64/Sirefef.BJ trojan" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Google\Desktop\Install\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\9519~1\A535~1\E628~1\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\80000000.@.vir"
sh=9BD8ECE8181FA59934F263DD433E6F8043B52459 ft=1 fh=c2a5b334ddc1d0c1 vn="a variant of Win64/Sirefef.AZ trojan" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Google\Desktop\Install\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\9519~1\A535~1\E628~1\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\80000064.@.vir"

Anti-Malware hatte nichts gefunden

cosinus · 02.11.2013, 00:10

Log bitte trotzdem posten

Taru · 02.11.2013, 15:25

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.11.01.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ruben Alemán :: RUBEN-PC [Administrator]

Schutz: Deaktiviert

01.11.2013 20:24:28
mbam-log-2013-11-01 (20-24-28).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 268284
Laufzeit: 7 Minute(n), 

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus · 03.11.2013, 00:52

Sieht soweit ok aus die Funde beziehen sich nur auf Quarantänepfade

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Taru · 03.11.2013, 10:16

Also zu erst einmal ein großes Dankeschön für die geleistete Hilfe

! Ich bin echt froh, um ein Neuaufsetzen herumgekommen zu sein

Was Cookies angeht lebe ich momentan mit der Zwischenlösung, dass ich die Browsereinstellung so geändert habe, dass er imme rnachfragt, obich Cookies erlauben will, was ich in 95% der Fälle natürlich nur bis zum Ende der SItzung erlaube. Ansonsten habe ich natürlich noch Ghostery installiert, um Tracker usw. zu Blocken. Bringt MVPS da noch einen echten Mehrwert?
Sonst habe ich keinerlei Meldungen bezüglich irgendwelcher Funde bekommen, ich hoffe, dass sich das Thema damit erledigt hat

Edit: Wäre es vielleicht möglich, dass meine Posts mit den enthaltenen Logdateien gelöscht oder die Logs rauseditiert werden? Es findet sich mein echter Name und eine Auflistung meiner Dateien, die hier ja öffentlich einsehbar ist (ich hätte natürlich den Namen for dem reinstellen löschen können, da hatte ich aber nicht dran gedacht

).

cosinus · 03.11.2013, 14:42

Zitat:

Bringt MVPS da noch einen echten Mehrwert?

Ist nur optional, denn viele Werbezecken (als Adware-URLS) werden über MVPS blockiert, somit keine Cookies und du bekommst auch allein durch MVPS Hosts kaum Werbung zu Gesicht.

Zitat:

Edit: Wäre es vielleicht möglich, dass meine Posts mit den enthaltenen Logdateien gelöscht oder die Logs rauseditiert werden? Es findet sich mein echter Name und eine Auflistung meiner Dateien, die hier ja öffentlich einsehbar ist (ich hätte natürlich den Namen for dem reinstellen löschen können, da hatte ich aber nicht dran gedacht

Ich mach sowas nicht! Warte ab bis unser Admin Da GuRu dafür Zeit hat, er macht das über ein Skript wenn er davon weiß und Zeit dafür hat.

Siehe http://www.trojaner-board.de/108422-...tml#post758384

30.10.2013, 13:38	#18
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	TR/APS von Avira Antivir gefunden Neue Logs mit FRST machen, FRST neu runterladen __________________ __________________

01.11.2013, 00:53	#24
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	TR/APS von Avira Antivir gefunden Mach es ruhig, schaden wird es nicht __________________ Logfiles bitte immer in CODE-Tags posten

02.11.2013, 00:10	#26
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	TR/APS von Avira Antivir gefunden Log bitte trotzdem posten __________________ Logfiles bitte immer in CODE-Tags posten

TR/APS von Avira Antivir gefunden

Log-Analyse und Auswertung: TR/APS von Avira Antivir gefunden