TR/APS von Avira Antivir gefunden

Taru · 26.10.2013, 21:44

Hallo,
mir hatte mein Avira Firewall wiederholt gemeldet, dass ein verdächtiges Progrann TR/APS.gen2 gefunden wurde, obwohl ich auf entfernen geklickt hatte, kam die meldung immer wieder. Ich habe daraufhin Anti-Malware von Malwarebytes installiert und einen kompletten Scan durchgeführt, Es wurde eine Infizierte Datei gefunden, ich habe natürlich anschließend auf Entfernen geklickt und neugestartet. Ist mein Rechner mit dem Entfernen der infizierten Datei jetzt sauber?

EDIT: Ich hatte Avira natürlich deaktiviert, trotzdem kam nachdem ich auf Entfernen und Neustarten geklickt hatte von Avira die Meldung verdächtiger Zugriff auf die Registry verhindert.... Alles Nochmal und davor den Aviraprozess beenden?

Mit freundlichen Grüßen

Taru

cosinus · 27.10.2013, 02:32

Hallo und

Lesestoff:
Rootkit-Warnung
Dein Computer wurde mit einem besonderen Schädling infiziert, der sich vor herkömmlichen Virenscannern und dem Betriebssystem selbst verstecken kann. Zusätzlich hat so ein Schädling meist auch Backdoor-Funktionalität, reißt also ganz bewußt Löcher durch alle Schutzmaßnahmen, damit er weiteren Schadcode nachladen oder die Daten, die er so sammelt, an die "bösen Jungs" weiterleiten kann. Was heißt das jetzt für dich?

Entscheide bitte ganz bewußt, ob du mit der Bereinigung fortfahren möchtest. Ein einmal derartig kompromittiertes System kann man niemals mit 100%iger Sicherheit wieder absichern. Auch wenn wir gute Chancen haben, deinen Computer zu bereinigen, kann es dennoch möglich sein, dass uns am Ende nur die Neuinstallation bleibt.
Wenn du mit diesem Computer beispielsweise Onlinebanking machst, dann solltest du zumindest dein Passwort von deiner Bank ändern lassen, wenn du ein ansonsten sicheres Verfahren wie beispielsweise "chip-TAN-comfort" nutzt. Hast du noch alte TAN-Bögen auf Papierbasis? Dann ist es höchste Zeit dich bei deiner Bank zu melden und notfalls das Konto temporär sperren zu lassen. Der Sperrnotruf 116 116 von www.sperr-notruf.de kann Tag und Nacht dafür benutzt werden.
Hast du ansonsten sensible Daten auf deinem Computer, dann solltest du auch darüber nachdenken, wie du damit umgehst, dass sie sich praktisch "jeder" ansehen konnte.

Teile mir also mit, wie du dich entschieden hast.

Taru · 27.10.2013, 08:54

Hallo und Danke für die schnelle Antwort!

Ich will es auf jeden Fall erst mal probieren, ob es auch ohne Neuinstallation klappt; ich habe einen Dell-Notebook, und erfahrungsgemäß ist ein Neuaufsetzen bei denen schwieriger.
Ich habe mein Onlinebanking Passwort bereits von einem anderem Computer aus geändert und verwende mTan. Und wegen sonstiger sensibler Daten habe ich mir bereits Gedanken gemacht.

EDIT: Nach dem angeblichem entfernen durch Anti-Malware lieferte mein Firewall trotzdem noch eine weitere Warnmeldung. Ich habe daraufhin den kompletten Scan nochmal durchlaufen lassen, allerdings wurden keine Infizierungen gefunden; mein Firewall hat sich seitdem auch nicht mehr gemeldet.

Grüße
Taru

cosinus · 27.10.2013, 15:55

Zitat:

ich habe einen Dell-Notebook, und erfahrungsgemäß ist ein Neuaufsetzen bei denen schwieriger.

Ob Dell, Acer, Asus oder sonstwars für ein Notebook, das manuelle Neuinstallieren ist vom Prinzip her immer identisch. Aber schauen wir erstmal mit FRST:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Taru · 27.10.2013, 16:34

SO, hier sind die Scanergebnisse.

Das mit dem Laptop meinte ich, weil man auf Dellsystemen kein "normales" windows installiert hat, und ich von diesem System keine DVD zum neuinstallieren habe.

cosinus · 27.10.2013, 16:42

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Taru · 27.10.2013, 16:45

Code:

ATTFilter

 Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-10-2013 01
Ran by Ruben Alemán at 2013-10-27 16:24:26
Running from C:\Users\Ruben Alemán\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32)
µTorrent (x32 Version: 3.3.0.29625)
64 Bit HP CIO Components Installer (Version: 6.2.2)
6500_E709_eDocs (x32 Version: 1.00.0000)
7-PDF Website Converter Version 1.0.6 (Build 164) (x32 Version: 7-PDF Website Converter - Version 1.0.6 (Build 164))
7-Zip 9.22 (x64 edition) (Version: 9.22.00.0)
7-Zip 9.30 alpha (x32)
AccelerometerP11 (x32 Version: 2.00.11.22)
ActivePerl 5.16.3 Build 1603 (64-bit) (Version: 5.16.1603)
Adobe AIR (x32 Version: 3.2.0.2070)
Adobe Download Assistant (x32 Version: 1.2.3)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader X (10.0.1) - Deutsch (x32 Version: 10.0.1)
Adobe Reader X (10.1.8) MUI (x32 Version: 10.1.8)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.5.635)
Advanced Audio FX Engine (x32 Version: 1.12.05)
Akamai NetSession Interface (HKCU)
Akamai NetSession Interface Service (x32)
Amazon MP3-Downloader 1.0.18 (HKCU Version: 1.0.18)
avast! Free Antivirus (x32 Version: 9.0.2006)
Blood Bowl: Legendary Edition (x32)
bpd_scan (x32 Version: 3.00.0000)
BPDSoftware (x32 Version: 50.0.165.000)
BPDSoftware_Ini (x32 Version: 1.00.0000)
BufferChm (x32 Version: 130.0.331.000)
C2TN (x32 Version: 1.12)
calibre (x32 Version: 0.9.10)
CDBurnerXP (x32 Version: 4.5.2.4214)
Cisco Connect (x32 Version: 1.2.10237.2)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (x32 Version: 1.00.0000)
Dell MusicStage (x32 Version: 1.4.162.0)
Dell PhotoStage (x32 Version: 1.5.0.30)
Dell Stage (x32 Version: 1.4.173.0)
Dell Support Center (Version: 3.1.5907.29)
Dell VideoStage (x32 Version: 1.1.1.1303)
Dell Webcam Central (x32 Version: 2.00.35)
DNA (HKCU Version: 2.2.4 (16502))
Dota 2 (x32)
Dragon Age: Origins (x32 Version: 1.05)
Dropbox (HKCU Version: 2.0.26)
FILEminimizer Pictures (x32)
Free M4a to MP3 Converter 7.1 (x32)
Free YouTube to MP3 Converter version 3.11.34.1015 (x32 Version: 3.11.34.1015)
GIMP 2.6.8
Google Chrome (HKCU Version: 30.0.1599.101)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.165)
GPBaseService2 (x32 Version: 140.0.212.000)
HP Officejet 6500 E709 Series (Version: 13.0)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Solution Center 14.0 (Version: 14.0)
HP Update (x32 Version: 5.002.002.002)
HPProductAssistant (x32 Version: 140.0.213.000)
HTC BMP USB Driver (x32 Version: 1.0.5375)
HTC Driver Installer (x32 Version: 3.0.0.021)
HTC Sync (x32 Version: 3.2.20)
HUAWEI DataCard Driver 4.20.12.00 (x32 Version: 4.20.12.00)
ICQ7.5 (x32 Version: 7.5)
Intel PROSet Wireless
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2272)
Intel(R) PROSet/Wireless WiFi-Software (Version: 14.00.1000)
Intel(R) Wireless Display
Intel(R) Wireless Display (x32 Version: 2.0.27.0)
Java 7 Update 17 (x32 Version: 7.0.170)
Java Auto Updater (x32 Version: 2.1.9.0)
League of Legends (x32 Version: 3.0.1)
Legend of the Five Rings: Character Manager 3.9.1 (x32 Version: 3.9.1)
Magic Workstation 0.94f (x32)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0)
Mobile Connection Manager (x32 Version: 8.7.6.756)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Firefox 24.0 (x86 de) (HKCU Version: 24.0)
Mozilla Maintenance Service (x32 Version: 17.0.7)
Mozilla Thunderbird 17.0.7 (x86 de) (x32 Version: 17.0.7)
Mozilla Thunderbird 24.0.1 (x86 de) (HKCU Version: 24.0.1)
Mp3tag v2.53 (x32 Version: v2.53)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Network64 (Version: 130.0.579.000)
Neverwinter Nights (x32)
NVIDIA 3D Vision Treiber 306.97 (Version: 306.97)
NVIDIA Grafiktreiber 306.97 (Version: 306.97)
NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA Optimus 1.10.8 (Version: 1.10.8)
NVIDIA PhysX (x32 Version: 9.12.0604)
NVIDIA PhysX-Systemsoftware 9.12.0604 (Version: 9.12.0604)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.0697)
NVIDIA Systemsteuerung 306.97 (Version: 306.97)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
Opera 12.14 (x32 Version: 12.14.1738)
Pando Media Booster (x32 Version: 2.6.0.7)
PDF24 Creator 5.7.0 (x32)
pdfsam (HKCU Version: 2.2.1)
Quickset64 (Version: 11.0.10)
Reader for PC (x32 Version: 2.0.02.15180)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6263)
Savage-Gen 1.5.1 (x32)
Scan (x32 Version: 13.0.0.0)
Skype™ 6.6 (x32 Version: 6.6.106)
SmartWebPrinting (x32 Version: 130.0.457.000)
SolutionCenter (x32 Version: 140.0.214.000)
Spybot - Search & Destroy (x32 Version: 2.1.19)
Steam (x32 Version: 1.0.0.0)
swMSM (x32 Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 15.1.15.0)
TeamSpeak 3 Client
The Witcher 2 Enhanced Edition version 3.0 (x32 Version: 3.0)
TIPP10 Version 2.1.0 (x32)
Toolbox (x32 Version: 130.0.648.000)
Torchlight 2 (x32 Version: 1.1.1.1)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2827325) 32-Bit Edition (x32)
Update für Microsoft Office Excel 2007 Help (KB963678) (x32)
Update für Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update für Microsoft Office Word 2007 Help (KB963665) (x32)
VLC media player 2.0.5 (x32 Version: 2.0.5)
WebReg (x32 Version: 130.0.132.017)
Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2)
xp-AntiSpy 3.98-1 (x32)

==================== Restore Points  =========================

22-10-2013 16:07:00 DirectX wurde installiert
26-10-2013 23:02:31 avast! antivirus system restore point

==================== Hosts content: ==========================

2009-07-14 03:34 - 2013-07-06 11:38 - 00449438 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {0784212C-C9AB-4147-8AE9-B1327369A663} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {14FE3086-8533-476F-8000-44DF8E2238B9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-16] (Google Inc.)
Task: {35A35684-316F-4E35-A1F8-98B88202B0A0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {50EFC276-8CA4-4469-A331-7E98FB21B333} - System32\Tasks\{2D45FB89-A56D-4299-B336-59432ACEA014} => c:\program files (x86)\opera\opera.exe [2013-03-13] (Opera Software)
Task: {5DFCE36A-5153-4994-A920-1AB94F272D6D} - System32\Tasks\{93E2532E-0E00-4B3C-95E0-4000823EBA50} => c:\program files (x86)\opera\opera.exe [2013-03-13] (Opera Software)
Task: {6FF3635A-132F-4A8A-886B-C843BEC1D532} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-10] (Adobe Systems Incorporated)
Task: {7251BDCF-9FA8-45CB-A7CB-FA60660A2D8D} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-03-29] (PC-Doctor, Inc.)
Task: {868F771E-BCC8-48A6-9495-0740902673CC} - System32\Tasks\{1D5AB86D-2C29-4F76-849A-E990824D7E90} => c:\program files (x86)\opera\opera.exe [2013-03-13] (Opera Software)
Task: {92097FD0-88B8-4509-AA84-01EA4F87A02F} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-03-29] (PC-Doctor, Inc.)
Task: {949E6888-26FE-439D-BC9D-FC6E7D1AD27C} - System32\Tasks\{ED8B575B-A668-45B4-BA25-CDE5A938B14B} => C:\Spiele\Absolute Blue 1.5\AbsoluteBlue.exe
Task: {ABF173A2-B979-4FAA-AAA6-15B510E89B87} - System32\Tasks\Launch HTC Sync Loader => C:\Dienstprogramme\HTC Sync 3.0\htcUPCTLoader.exe
Task: {AF10B3F6-DC76-4874-A962-9B3E6190D985} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-345474495-164905778-512996065-1001UA => C:\Users\Ruben Alemán\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-10] (Google Inc.)
Task: {C5587CA6-71B8-4FC2-A33D-799E08092215} - System32\Tasks\Games\UpdateCheck_S-1-5-21-345474495-164905778-512996065-1001
Task: {CD1F8918-F1DA-43B7-80C6-4CD9C12D18FF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-345474495-164905778-512996065-1001Core1cec6aee382b2e3 => C:\Users\Ruben Alemán\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-10] (Google Inc.)
Task: {E0E45FC0-40D9-4FE7-8AB2-75F3888D080E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {E87E5EE3-DEC9-428C-90BC-FFCF5E853275} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {F1E47CD4-1789-4430-910A-2DB11078F630} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-03-29] (PC-Doctor, Inc.)
Task: {F923C5B8-2695-42F4-BADF-2AE132AE30A3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-16] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-345474495-164905778-512996065-1001Core1cec6aee382b2e3.job => C:\Users\Ruben Alemán\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-345474495-164905778-512996065-1001UA.job => C:\Users\Ruben Alemán\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\uaclauncher.exe

==================== Loaded Modules (whitelisted) =============

2011-03-27 02:43 - 2010-12-23 18:00 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-12-17 19:53 - 2010-12-17 19:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2013-07-06 01:51 - 2013-05-16 09:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-07-06 01:51 - 2013-05-16 09:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-07-06 01:51 - 2013-05-16 09:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-07-06 01:51 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-07-06 01:51 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-03-18 17:56 - 2013-03-18 17:56 - 00880640 _____ () C:\Dienstprogramme\ReaderDesktop\appHelper\fsk.dll
2013-03-18 17:58 - 2013-03-18 17:58 - 00040264 _____ () C:\Dienstprogramme\ReaderDesktop\appHelper\FskMediaPlayers.dll
2013-03-18 17:58 - 2013-03-18 17:58 - 00239944 _____ () C:\Dienstprogramme\ReaderDesktop\appHelper\Fskin.dll
2013-03-18 17:58 - 2013-03-18 17:58 - 00026952 _____ () C:\Dienstprogramme\ReaderDesktop\appHelper\FskinLocalize.dll
2013-02-15 16:17 - 2013-02-15 16:17 - 00798720 _____ () C:\Dienstprogramme\ReaderDesktop\appHelper\FskSecurity.dll
2013-03-18 17:58 - 2013-03-18 17:58 - 00125256 _____ () C:\Dienstprogramme\ReaderDesktop\appHelper\FskDocumentViewer.dll
2013-03-18 17:58 - 2013-03-18 17:58 - 00016200 _____ () C:\Dienstprogramme\ReaderDesktop\appHelper\FskPower.dll
2013-03-18 17:58 - 2013-03-18 17:58 - 00024904 _____ () C:\Dienstprogramme\ReaderDesktop\appHelper\FskNetInterface.dll
2013-03-18 17:58 - 2013-03-18 17:58 - 00017224 _____ () C:\Dienstprogramme\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
2013-03-18 17:58 - 2013-03-18 17:58 - 00015176 _____ () C:\Dienstprogramme\ReaderDesktop\appHelper\FskTimeHardware.dll
2013-03-18 17:58 - 2013-03-18 17:58 - 00034632 _____ () C:\Dienstprogramme\ReaderDesktop\appHelper\ticket.dll
2013-03-18 17:58 - 2013-03-18 17:58 - 00018760 _____ () C:\Dienstprogramme\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
2013-03-18 17:58 - 2013-03-18 17:58 - 00092488 _____ () C:\Dienstprogramme\ReaderDesktop\appHelper\ebookUsb.dll
2013-03-18 17:58 - 2013-03-18 17:58 - 00149832 _____ () C:\Dienstprogramme\ReaderDesktop\appHelper\readerAppHelper.dll
2013-03-18 17:58 - 2013-03-18 17:58 - 00178504 _____ () C:\Dienstprogramme\ReaderDesktop\appHelper\USBDetector.dll
2013-10-27 00:14 - 2013-10-26 18:45 - 02136576 _____ () C:\Dienstprogramme\AVAST Software\Avast\defs\13102602\algo.dll
2013-10-27 00:06 - 2013-10-27 00:07 - 19336120 _____ () C:\Dienstprogramme\AVAST Software\Avast\libcef.dll
2013-10-13 19:16 - 2013-10-13 19:16 - 03008112 _____ () C:\Dienstprogramme\Mozilla Thunderbird\mozjs.dll
2013-10-13 19:16 - 2013-10-13 19:16 - 00158832 _____ () C:\Dienstprogramme\Mozilla Thunderbird\NSLDAP32V60.dll
2013-10-13 19:16 - 2013-10-13 19:16 - 00023152 _____ () C:\Dienstprogramme\Mozilla Thunderbird\NSLDAPPR32V60.dll
2013-09-04 16:55 - 2013-10-19 09:12 - 00124928 _____ () C:\Spiele\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.190\deploy\RiotLauncher.dll
2011-06-15 07:05 - 2011-06-15 07:05 - 00188792 _____ () C:\Dienstprogramme\o2\Mobile Connection Manager\AgendaLib.dll
2011-06-13 16:04 - 2011-06-13 16:04 - 00508760 _____ () C:\Dienstprogramme\o2\Mobile Connection Manager\sqlite3.dll
2009-07-13 22:03 - 2009-07-14 02:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2011-06-10 08:48 - 2011-06-10 08:48 - 00199032 _____ () C:\Dienstprogramme\o2\Nori\legplgs\plgalc.dll
2011-06-10 08:48 - 2011-06-10 08:48 - 00189816 _____ () C:\Dienstprogramme\o2\Nori\legplgs\plgati.dll
2011-06-10 08:48 - 2011-06-10 08:48 - 00386936 _____ () C:\Dienstprogramme\o2\Nori\legplgs\plghwi.dll
2013-10-02 21:54 - 2013-10-02 21:54 - 03279768 _____ () C:\Dienstprogramme\Mozilla Firefox\mozjs.dll
2013-10-10 00:16 - 2013-10-10 00:16 - 16233864 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\Ruben Alemán:gs5sys
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\Templates:gs5sys
AlternateDataStreams: C:\ProgramData\Vorlagen:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Ruben Alemán\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\Ruben Alemán\Cookies:gs5sys
AlternateDataStreams: C:\Users\Ruben Alemán\Lokale Einstellungen:gs5sys
AlternateDataStreams: C:\Users\Ruben Alemán\Vorlagen:gs5sys
AlternateDataStreams: C:\Users\Ruben Alemán\Desktop\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Ruben Alemán\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\Ruben Alemán\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\Ruben Alemán\AppData\Local\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\Ruben Alemán\AppData\Local\Verlauf:gs5sys
AlternateDataStreams: C:\Users\Ruben Alemán\Documents\desktop.ini:gs5sys

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Deskjet F4500 series
Description: Deskjet F4500 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/27/2013 00:03:11 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary duwhqhum.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (10/26/2013 09:36:12 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (10/26/2013 11:55:45 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die E/A-Schreibvorgänge können während des Schattenkopie-Erstellungszeitraums auf Volume "C:\" nicht gespeichert werden.
Der Volumeindex im Schattenkopiesatz ist 0. Fehlerdetails: Offen[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Leerung[0x00000000, Der Vorgang wurde erfolgreich beendet.
], Freigabe[0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.
], Ausführung[0x00000000, Der Vorgang wurde erfolgreich beendet.
].


Vorgang:
   Asynchroner Vorgang wird ausgeführt

Kontext:
   Aktueller Status: DoSnapshotSet

Error: (10/26/2013 11:55:40 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die Schattenkopie kann nicht zugesichert werden - Vorgang hat das Zeitlimit überschritten.
Fehlerkontext: DeviceIoControl(\\?\Volume{e47c8950-57ca-11e0-ab66-806e6f6e6963} - 0000000000000068,0x0053c010,000000000035BFD0,0,000000000031EEC0,4096,[0]).


Vorgang:
   Schattenkopien werden übertragen

Kontext:
   Ausführungskontext: System Provider

Error: (10/26/2013 10:05:30 AM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
Error:  Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (10/24/2013 02:04:05 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: rads_user_kernel.exe, Version: 0.0.0.0, Zeitstempel: 0x4e65c1ac
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00079307
ID des fehlerhaften Prozesses: 0x1e0
Startzeit der fehlerhaften Anwendung: 0xrads_user_kernel.exe0
Pfad der fehlerhaften Anwendung: rads_user_kernel.exe1
Pfad des fehlerhaften Moduls: rads_user_kernel.exe2
Berichtskennung: rads_user_kernel.exe3

Error: (10/23/2013 07:52:41 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: rads_user_kernel.exe, Version: 0.0.0.0, Zeitstempel: 0x4e65c1ac
Name des fehlerhaften Moduls: rads_user_kernel.exe, Version: 0.0.0.0, Zeitstempel: 0x4e65c1ac
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000b8554
ID des fehlerhaften Prozesses: 0x11a8
Startzeit der fehlerhaften Anwendung: 0xrads_user_kernel.exe0
Pfad der fehlerhaften Anwendung: rads_user_kernel.exe1
Pfad des fehlerhaften Moduls: rads_user_kernel.exe2
Berichtskennung: rads_user_kernel.exe3

Error: (10/23/2013 04:08:26 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 24.0.0.5001, Zeitstempel: 0x522fd228
Name des fehlerhaften Moduls: mozalloc.dll, Version: 24.0.0.5001, Zeitstempel: 0x522fa829
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000119c
ID des fehlerhaften Prozesses: 0x1d40
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (10/23/2013 04:08:25 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: League of Legends.exe, Version: 3.12.0.258, Zeitstempel: 0x52539ed4
Name des fehlerhaften Moduls: MSVCR110.dll, Version: 11.0.51106.1, Zeitstempel: 0x5098858e
Ausnahmecode: 0x40000015
Fehleroffset: 0x000a327c
ID des fehlerhaften Prozesses: 0x1c84
Startzeit der fehlerhaften Anwendung: 0xLeague of Legends.exe0
Pfad der fehlerhaften Anwendung: League of Legends.exe1
Pfad des fehlerhaften Moduls: League of Legends.exe2
Berichtskennung: League of Legends.exe3

Error: (10/23/2013 11:39:12 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 24.0.0.5001, Zeitstempel: 0x522fd29f
Name des fehlerhaften Moduls: xul.dll, Version: 24.0.0.5001, Zeitstempel: 0x522fd1a4
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001b72a8
ID des fehlerhaften Prozesses: 0x1f58
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3


System errors:
=============
Error: (10/27/2013 08:54:09 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst FDResPub erreicht.

Error: (10/27/2013 08:38:02 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst FDResPub erreicht.

Error: (10/27/2013 08:37:32 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst FDResPub erreicht.

Error: (10/27/2013 08:35:46 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst FDResPub erreicht.

Error: (10/27/2013 08:34:58 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SSDPSRV erreicht.

Error: (10/27/2013 08:34:28 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst FDResPub erreicht.

Error: (10/27/2013 08:33:56 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SSDPSRV erreicht.

Error: (10/27/2013 08:33:26 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst FDResPub erreicht.

Error: (10/27/2013 08:32:56 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst FDResPub erreicht.

Error: (10/27/2013 08:32:26 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst FDResPub erreicht.


Microsoft Office Sessions:
=========================
Error: (04/18/2013 11:23:11 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 13, Application Name: Microsoft Office OneNote, Application Version: 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 195842 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (09/27/2012 02:59:29 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 13, Application Name: Microsoft Office OneNote, Application Version: 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2280 seconds with 780 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 81%
Total physical RAM: 2980.17 MB
Available physical RAM: 542.41 MB
Total Pagefile: 4723.8 MB
Available Pagefile: 1195.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.34 GB) (Free:3.65 GB) NTFS
Drive e: (o2) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283 GB) - (Type=07 NTFS)

==================== End Of Log ============================

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-10-2013 01
Ran by Ruben Alemán (administrator) on RUBEN-PC on 27-10-2013 16:21:53
Running from C:\Users\Ruben Alemán\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Telefónica) C:\Dienstprogramme\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Sony Corporation) C:\Dienstprogramme\ReaderDesktop\appHelper\ReaderAppHelper.exe
(Hewlett-Packard) C:\Dienstprogramme\HP Software Update\hpwuschd2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(AVAST Software) C:\Dienstprogramme\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Dienstprogramme\AVAST Software\Avast\avastUi.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Mozilla Corporation) C:\Dienstprogramme\Mozilla Thunderbird\thunderbird.exe
() C:\Spiele\League of Legends\RADS\system\rads_user_kernel.exe
() C:\Spiele\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.190\deploy\LoLLauncher.exe
() C:\Spiele\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.53\deploy\LolClient.exe
(Telefónica) C:\Dienstprogramme\o2\Mobile Connection Manager\EMMSN.exe
(Indra Sistemas, S.A.) C:\Dienstprogramme\o2\Nori\TGCMLog.exe
(Telefónica) C:\Dienstprogramme\o2\Nori\Nori.exe
() C:\Spiele\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.249\deploy\League of Legends.exe
(Mozilla Corporation) C:\Dienstprogramme\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2370856 2010-09-24] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6560360 2010-12-08] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2010-12-01] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel(R) Corporation)
HKLM\...\Run: [QuickSet] - c:\Program Files\Dell\QuickSet\QuickSet.exe [4479648 2011-01-25] (Dell Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [ctfmon.exe] - C:\Windows\system32\ctfmon.exe [9728 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [Media Finder] - "C:\Program Files (x86)\Media Finder\Media Finder.exe" /opentotray
HKCU\...\Run: [Google Update] - C:\Users\Ruben Alemán\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-01-10] (Google Inc.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Steam] - C:\Dienstprogramme\Steam\Steam.exe [1813928 2013-10-09] (Valve Corporation)
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Ruben Alemán\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKCU\...\Policies\Explorer: [NoRecentDocsMenu] 1
MountPoints2: E - E:\AutoRun.exe
MountPoints2: {b66f0f47-27a7-11e3-afc9-14feb59f361a} - E:\AutoRun.exe
MountPoints2: {b66f0f56-27a7-11e3-afc9-14feb59f361a} - E:\AutoRun.exe
MountPoints2: {e1bce414-0c8d-11e1-ae0b-14feb59f361a} - F:\SETUP.EXE
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Reader Application Helper] - C:\Dienstprogramme\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2013-03-18] (Sony Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [HP Software Update] - C:\Dienstprogramme\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM-x32\...\Run: [PDFPrint] - C:\Dienstprogramme\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Dienstprogramme\AVAST Software\Avast\AvastUI.exe [3568312 2013-10-27] (AVAST Software)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [247144 2012-10-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [202600 2012-10-08] (NVIDIA Corporation)
Startup: C:\Users\Ruben Alemán\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {943D163A-270E-4A9A-930E-42D90591EFAD} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope {43542C3D-EA61-4E38-B9D0-78A37B254BE5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {43542C3D-EA61-4E38-B9D0-78A37B254BE5} URL = 
SearchScopes: HKCU - {43542C3D-EA61-4E38-B9D0-78A37B254BE5} URL = 
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {943D163A-270E-4A9A-930E-42D90591EFAD} URL = 
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Dienstprogramme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Dienstprogramme\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Dienstprogramme\Java\bin\ssv.dll No File
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Dienstprogramme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Dienstprogramme\Free Download Manager\iefdm2.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Dienstprogramme\Java\bin\jp2ssv.dll No File
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Dienstprogramme\Digital Imaging\Smart Web Printing\hpswp_BHO.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Dienstprogramme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Dienstprogramme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM {682C59F5-478C-4421-9070-AD170D143B77} hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd64.cab
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9-x64 10 mswsock.dll File Not found (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{F433210C-2A7E-49D8-A920-E593D60218C6}: [NameServer]212.23.115.148 212.23.115.132

FireFox:
========
FF ProfilePath: C:\Users\Ruben Alemán\AppData\Roaming\Mozilla\Firefox\Profiles\iwgkyse6.default
FF user.js: detected! => C:\Users\Ruben Alemán\AppData\Roaming\Mozilla\Firefox\Profiles\iwgkyse6.default\user.js
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Dienstprogramme\Java\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @sony.com/ReaderDesktop - C:\Dienstprogramme\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Dienstprogramme\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @bittorrent.com/BitTorrentDNA - C:\Users\Ruben Alemán\Program Files (x86)\DNA\plugins\npbtdna.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Ruben Alemán\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Ruben Alemán\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Ruben Alemán\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Ruben Alemán\AppData\Roaming\Mozilla\Firefox\Profiles\iwgkyse6.default\searchplugins\ixquick.xml
FF Extension: General Crawler - C:\Users\Ruben Alemán\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
FF Extension: HTTPS-Everywhere - C:\Users\Ruben Alemán\AppData\Roaming\Mozilla\Firefox\Profiles\iwgkyse6.default\Extensions\https-everywhere@eff.org
FF Extension: fdm_ffext - C:\Users\Ruben Alemán\AppData\Roaming\Mozilla\Firefox\Profiles\iwgkyse6.default\Extensions\fdm_ffext@freedownloadmanager.org
FF Extension: firefox - C:\Users\Ruben Alemán\AppData\Roaming\Mozilla\Firefox\Profiles\iwgkyse6.default\Extensions\firefox@ghostery.com.xpi
FF Extension: Adblock Plus - C:\Users\Ruben Alemán\AppData\Roaming\Mozilla\Firefox\Profiles\iwgkyse6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF HKLM-x32\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Dienstprogramme\Steganos Password Manager 12\spmplugin3
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Dienstprogramme\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Dienstprogramme\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Dienstprogramme\AVAST Software\Avast\WebRep\FF
FF HKCU\...\Firefox\Extensions: [{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}] - C:\Users\Ruben Alemán\Program Files (x86)\DNA
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Dienstprogramme\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF StartMenuInternet: FIREFOX.EXE - C:\Dienstprogramme\Mozilla Firefox\firefox.exe

Chrome: 
=======
CHR HomePage: https://ixquick.com/deu/
CHR RestoreOnStartup: "https://ixquick.com/deu/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Ruben Alem\u00E1n\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ruben Alem\u00E1n\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Ruben Alem\u00E1n\AppData\Local\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Mixesoft Click&Clean Plug-In) - C:\Users\Ruben Alem\u00E1n\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin/npccch32.dll No File
CHR Plugin: (Bitdefender QuickScan) - C:\Users\Ruben Alem\u00E1n\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin/npqscan.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Musicnotes) - C:\Dienstprogramme\Musicnotes\npmusicn.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Dienstprogramme\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Reader Application Detector) - C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (Google Update) - C:\Users\Ruben Alem\u00E1n\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (YouTube) - C:\Users\RUBENA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\RUBENA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6_0
CHR Extension: (Google Search) - C:\Users\RUBENA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Facebook Disconnect) - C:\Users\RUBENA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0
CHR Extension: (IBA Opt-out (by Google)) - C:\Users\RUBENA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb\1.5_0
CHR Extension: (Click&Clean) - C:\Users\RUBENA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\8.3_0
CHR Extension: (AdBlock) - C:\Users\RUBENA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0
CHR Extension: (avast! Online Security) - C:\Users\RUBENA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\RUBENA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Minecraft Origins) - C:\Users\RUBENA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooemofofigijedhcifaimglnncjmckaa\1.0.2_0
CHR Extension: (Gmail) - C:\Users\RUBENA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Users\Ruben Alemán\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Dienstprogramme\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM-x32\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Users\Ruben Alemán\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Ruben Alemán\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 avast! Antivirus; C:\Dienstprogramme\AVAST Software\Avast\AvastSvc.exe [50344 2013-10-27] (AVAST Software)
S2 C2TNServer; C:\Dienstprogramme\C2TN\C2TN\wrapper.exe [204800 2011-08-18] ()
S3 DAUpdaterSvc; C:\Spiele\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-12-15] (BioWare)
R2 HPSLPSVC; C:\Dienstprogramme\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-23] (Hewlett-Packard Co.)
S2 MBAMScheduler; C:\Dienstprogramme)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Dienstprogramme)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4264632 2011-05-15] (INCA Internet Co., Ltd.)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 TGCM_ImportWiFiSvc; C:\Dienstprogramme\o2\Mobile Connection Manager\ImpWiFiSvc.exe [201080 2011-06-14] (Telefónica)
S3 hpqcxs08; C:\Dienstprogramme\Digital Imaging\bin\hpqcxs08.dll [x]
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\   \...\???\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-10-27] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-10-27] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-10-27] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-10-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-10-27] ()
R3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284008 2012-10-08] (NVIDIA Corporation)
S3 NvStUSB; C:\Windows\system32\DRIVERS\nvstusb.sys [121960 2011-01-31] ()
R4 avkmgr; system32\DRIVERS\avkmgr.sys [x]
S4 dump_wmimmc; \??\C:\Spiele\CABAL Online\GameGuard\dump_wmimmc.sys [x]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x]
S3 ZTEusbvoice; system32\DRIVERS\ZTEusbvoice.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-27 16:18 - 2013-10-27 16:18 - 00000000 ____D C:\FRST
2013-10-27 16:02 - 2013-10-27 16:02 - 01956160 _____ (Farbar) C:\Users\Ruben Alemán\Desktop\FRST64.exe
2013-10-27 00:11 - 2013-10-27 00:11 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\AVAST Software
2013-10-27 00:09 - 2013-10-27 00:09 - 00001946 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-10-27 00:07 - 2013-10-27 00:07 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-10-27 00:07 - 2013-10-27 00:07 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-10-27 00:07 - 2013-10-27 00:07 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-10-27 00:07 - 2013-10-27 00:07 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-10-27 00:07 - 2013-10-27 00:07 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-10-27 00:07 - 2013-10-27 00:07 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-10-27 00:07 - 2013-10-27 00:07 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-10-27 00:07 - 2013-10-27 00:07 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-10-26 23:59 - 2013-10-27 00:00 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-26 23:53 - 2013-10-26 23:56 - 85269544 _____ (AVAST Software) C:\Users\Ruben Alemán\Desktop\avast_free_antivirus_setup_9.0.2006.159.exe
2013-10-26 23:32 - 2013-10-26 23:32 - 00000000 _____ C:\ProgramData\rebootpending.txt
2013-10-26 19:22 - 2013-10-26 19:22 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\Malwarebytes
2013-10-26 19:21 - 2013-10-26 19:21 - 00000897 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-26 19:21 - 2013-10-26 19:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-26 19:20 - 2013-10-26 19:20 - 00000000 ____D C:\Dienstprogramme)
2013-10-26 19:20 - 2013-04-04 13:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-26 19:17 - 2013-10-26 19:18 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Ruben Alemán\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-26 14:40 - 2013-10-26 14:40 - 103108672 _____ C:\Windows\SysWOW64\鬎͞Ž
2013-10-23 12:18 - 2013-10-23 16:08 - 102551358 _____ C:\Windows\SysWOW64\皜퀜™
2013-10-22 17:12 - 2013-10-22 18:23 - 00000000 ____D C:\Users\Ruben Alemán\Documents\BloodBowlLegendary
2013-10-22 13:04 - 2013-10-22 13:04 - 00000217 _____ C:\Users\Ruben Alemán\Desktop\Blood Bowl Legendary Edition.url
2013-10-19 12:54 - 2013-10-19 12:53 - 01017344 _____ C:\Users\Ruben Alemán\Desktop\Anima_Base_Templates_2nd_Gen.xls
2013-10-18 19:55 - 2013-10-20 15:02 - 102068998 _____ C:\Windows\SysWOW64\妲⪋
2013-10-17 13:42 - 2013-10-17 13:43 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\Material Erstis
2013-10-13 16:12 - 2013-10-13 16:12 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\Fotos Album
2013-10-13 16:12 - 2013-10-13 16:12 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\Bilder Urlaub
2013-10-13 16:03 - 2013-10-13 16:11 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\fotos choza 12_13
2013-10-13 16:00 - 2013-10-13 16:03 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\argentinien12-13
2013-10-13 15:03 - 2013-10-13 15:03 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\Studium
2013-10-12 19:56 - 2013-10-12 19:56 - 100651105 _____ C:\Windows\SysWOW64\濮坑›
2013-10-12 13:57 - 2013-10-12 16:40 - 100615351 _____ C:\Windows\SysWOW64\컦禶
2013-10-11 20:42 - 2013-10-11 20:47 - 72166699 _____ C:\Users\Ruben Alemán\Desktop\dtrpg-2013-10-11_02-43pm.zip
2013-10-11 19:22 - 2013-10-26 19:27 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-345474495-164905778-512996065-1001Core1cec6aee382b2e3.job
2013-10-11 19:22 - 2013-10-11 19:22 - 00003736 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-345474495-164905778-512996065-1001Core1cec6aee382b2e3
2013-10-11 12:07 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-11 12:07 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-11 12:07 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-11 12:07 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-11 12:07 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-11 12:07 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-11 12:07 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-11 11:14 - 2013-10-11 11:17 - 00003741 _____ C:\Users\Ruben Alemán\Documents\Dragon Age Origins 1.05.log
2013-10-11 00:14 - 2013-09-22 15:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-11 00:14 - 2013-09-22 15:15 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-11 00:14 - 2013-09-22 11:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-10-11 00:14 - 2013-09-22 11:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-11 00:14 - 2013-09-22 11:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-10-11 00:13 - 2013-09-22 16:43 - 17833984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-11 00:13 - 2013-09-22 16:01 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-11 00:13 - 2013-09-22 15:42 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-11 00:13 - 2013-09-22 15:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-11 00:13 - 2013-09-22 15:33 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-11 00:13 - 2013-09-22 15:33 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-11 00:13 - 2013-09-22 15:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-11 00:13 - 2013-09-22 15:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-11 00:13 - 2013-09-22 15:23 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-11 00:13 - 2013-09-22 15:22 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-11 00:13 - 2013-09-22 15:21 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-11 00:13 - 2013-09-22 15:19 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-11 00:13 - 2013-09-22 15:19 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-11 00:13 - 2013-09-22 15:07 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-11 00:13 - 2013-09-22 11:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-11 00:13 - 2013-09-22 11:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-11 00:13 - 2013-09-22 11:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-11 00:13 - 2013-09-22 11:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-10-11 00:13 - 2013-09-22 11:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-11 00:13 - 2013-09-22 11:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-11 00:13 - 2013-09-22 11:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-10-11 00:13 - 2013-09-22 11:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-11 00:13 - 2013-09-22 11:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-10-11 00:13 - 2013-09-22 11:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-11 00:13 - 2013-09-22 11:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-11 00:13 - 2013-09-22 11:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-11 00:13 - 2013-09-22 10:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-10 17:26 - 2013-10-10 17:26 - 00000000 ____D C:\Users\Ruben Alemán\Documents\BioWare
2013-10-10 17:16 - 2013-10-10 17:16 - 00000000 ____D C:\Windows\1C4551A64743409391E41477CD655043.TMP
2013-10-10 17:15 - 2013-10-10 17:15 - 00000782 _____ C:\Users\Public\Desktop\Dragon Age Origins.lnk
2013-10-10 16:46 - 2013-10-10 17:16 - 00021568 _____ C:\Users\Ruben Alemán\Documents\Install Dragon Age Origins.log
2013-10-10 14:42 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 14:42 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-10 14:41 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-10 14:41 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 14:41 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 14:41 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 14:41 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-10 14:41 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-10 14:41 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-10 14:41 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-10 14:41 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 14:41 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-10 14:41 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-10 14:40 - 2013-07-12 11:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-10 14:40 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 14:36 - 2013-07-03 05:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-10 14:36 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 14:36 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 14:35 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-10 14:35 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-10 14:35 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-10 14:35 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-10 14:35 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-10 14:35 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-10 14:35 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-10 14:35 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-10 14:35 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-10 14:35 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-10 14:35 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-10 14:35 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-10 14:35 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-10 14:35 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-10 14:35 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-10 14:35 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-10 14:35 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-10 14:35 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-10 14:35 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-10 14:35 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 14:35 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-10 14:35 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 14:35 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 14:35 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 14:35 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-10 14:35 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-10 14:35 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-10 14:35 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-10 14:35 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 12:51 - 2013-10-10 19:28 - 100305510 _____ C:\Windows\SysWOW64\扙湙3
2013-10-08 21:02 - 2013-10-08 21:02 - 99859239 _____ C:\Windows\SysWOW64\禯燺¢
2013-10-03 11:58 - 2013-10-03 11:58 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Local\ActiveState
2013-10-02 21:33 - 2013-10-02 21:38 - 00000000 ____D C:\Perl64
2013-10-02 21:08 - 2013-10-02 21:08 - 00001885 _____ C:\Users\Public\Desktop\Mobile Connection Manager.lnk
2013-10-02 21:08 - 2013-10-02 21:08 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-10-02 21:08 - 2013-10-02 21:08 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\TGCMLog
2013-10-02 21:08 - 2013-10-02 21:08 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\Telefónica
2013-10-02 21:08 - 2010-11-04 10:52 - 00093696 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys
2013-10-02 21:08 - 2010-10-09 07:49 - 00085504 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2013-10-02 21:08 - 2010-09-26 11:01 - 00055296 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys
2013-10-02 21:08 - 2010-09-26 11:01 - 00029184 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys
2013-10-02 21:08 - 2010-09-03 10:36 - 00196608 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys
2013-10-02 21:08 - 2010-08-31 11:09 - 00256000 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbnet.sys
2013-10-02 21:08 - 2010-08-07 10:49 - 00121600 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2013-10-02 21:08 - 2010-07-27 02:52 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
2013-10-02 21:08 - 2010-05-10 07:22 - 00999936 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys
2013-10-02 21:08 - 2010-03-20 05:06 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2013-10-02 21:08 - 2010-01-18 11:48 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
2013-10-02 21:08 - 2008-03-27 09:51 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01007.dll
2013-10-02 21:07 - 2013-10-02 21:08 - 00000000 ____D C:\Program Files (x86)\HUAWEI Modem Driver
2013-10-02 09:13 - 2013-10-02 09:13 - 00000000 ____D C:\Diensttprogramme
2013-10-02 09:12 - 2013-03-11 13:23 - 08065978 _____ (Goretzki Software Lösungen                                  ) C:\Users\Ruben Alemán\Desktop\Setup Savage-Gen 1.5.1.exe
2013-10-01 17:38 - 2013-10-26 10:08 - 00000047 _____ C:\Users\Ruben Alemán\Desktop\Neues Textdokument (3).txt
2013-09-27 11:22 - 2013-09-27 11:22 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\Amazon
2013-09-27 11:21 - 2013-09-27 11:21 - 00000000 ____D C:\Users\Ruben Alemán\Documents\Amazon MP3
2013-09-27 11:21 - 2013-09-27 11:21 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon

==================== One Month Modified Files and Folders =======

2013-10-27 16:18 - 2013-10-27 16:18 - 00000000 ____D C:\FRST
2013-10-27 16:16 - 2013-09-16 14:05 - 00001122 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-27 16:15 - 2012-07-21 02:48 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-27 16:02 - 2013-10-27 16:02 - 01956160 _____ (Farbar) C:\Users\Ruben Alemán\Desktop\FRST64.exe
2013-10-27 15:27 - 2012-01-10 22:46 - 00001148 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-345474495-164905778-512996065-1001UA.job
2013-10-27 15:16 - 2013-09-16 14:05 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-27 14:20 - 2009-07-14 18:58 - 00701098 _____ C:\Windows\system32\perfh007.dat
2013-10-27 14:20 - 2009-07-14 18:58 - 00149604 _____ C:\Windows\system32\perfc007.dat
2013-10-27 14:20 - 2009-07-14 06:13 - 01623360 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-27 08:51 - 2012-04-06 16:59 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\Sonstiges
2013-10-27 00:22 - 2013-08-08 21:51 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\Skype
2013-10-27 00:11 - 2013-10-27 00:11 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\AVAST Software
2013-10-27 00:09 - 2013-10-27 00:09 - 00001946 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-10-27 00:07 - 2013-10-27 00:07 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-10-27 00:07 - 2013-10-27 00:07 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-10-27 00:07 - 2013-10-27 00:07 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-10-27 00:07 - 2013-10-27 00:07 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-10-27 00:07 - 2013-10-27 00:07 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-10-27 00:07 - 2013-10-27 00:07 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-10-27 00:07 - 2013-10-27 00:07 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-10-27 00:07 - 2013-10-27 00:07 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-10-27 00:04 - 2011-05-26 13:28 - 00000000 ____D C:\Dienstprogramme
2013-10-27 00:00 - 2013-10-26 23:59 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-26 23:56 - 2013-10-26 23:53 - 85269544 _____ (AVAST Software) C:\Users\Ruben Alemán\Desktop\avast_free_antivirus_setup_9.0.2006.159.exe
2013-10-26 23:32 - 2013-10-26 23:32 - 00000000 _____ C:\ProgramData\rebootpending.txt
2013-10-26 21:34 - 2009-07-14 05:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-26 21:34 - 2009-07-14 05:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-26 21:25 - 2011-03-26 18:06 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-26 21:25 - 2011-03-26 18:03 - 00270914 _____ C:\Windows\PFRO.log
2013-10-26 21:25 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-26 21:25 - 2009-07-14 05:51 - 00140520 _____ C:\Windows\setupact.log
2013-10-26 19:27 - 2013-10-11 19:22 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-345474495-164905778-512996065-1001Core1cec6aee382b2e3.job
2013-10-26 19:22 - 2013-10-26 19:22 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\Malwarebytes
2013-10-26 19:21 - 2013-10-26 19:21 - 00000897 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-26 19:21 - 2013-10-26 19:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-26 19:20 - 2013-10-26 19:20 - 00000000 ____D C:\Dienstprogramme)
2013-10-26 19:18 - 2013-10-26 19:17 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Ruben Alemán\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-26 14:40 - 2013-10-26 14:40 - 103108672 _____ C:\Windows\SysWOW64\鬎͞Ž
2013-10-26 12:15 - 2013-07-06 01:52 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-26 10:08 - 2013-10-01 17:38 - 00000047 _____ C:\Users\Ruben Alemán\Desktop\Neues Textdokument (3).txt
2013-10-26 09:51 - 2009-07-14 06:10 - 01983804 _____ C:\Windows\WindowsUpdate.log
2013-10-23 16:08 - 2013-10-23 12:18 - 102551358 _____ C:\Windows\SysWOW64\皜퀜™
2013-10-22 18:23 - 2013-10-22 17:12 - 00000000 ____D C:\Users\Ruben Alemán\Documents\BloodBowlLegendary
2013-10-22 17:10 - 2011-03-27 00:52 - 00364554 _____ C:\Windows\DirectX.log
2013-10-22 13:14 - 2012-10-04 22:09 - 00000000 ____D C:\Spiele
2013-10-22 13:04 - 2013-10-22 13:04 - 00000217 _____ C:\Users\Ruben Alemán\Desktop\Blood Bowl Legendary Edition.url
2013-10-22 12:50 - 2013-09-16 14:05 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-22 12:50 - 2012-01-10 22:45 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Local\Google
2013-10-22 12:15 - 2012-09-20 02:18 - 00000000 ____D C:\Filme
2013-10-20 15:02 - 2013-10-18 19:55 - 102068998 _____ C:\Windows\SysWOW64\妲⪋
2013-10-19 12:53 - 2013-10-19 12:54 - 01017344 _____ C:\Users\Ruben Alemán\Desktop\Anima_Base_Templates_2nd_Gen.xls
2013-10-17 13:43 - 2013-10-17 13:42 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\Material Erstis
2013-10-15 17:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-10-13 16:12 - 2013-10-13 16:12 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\Fotos Album
2013-10-13 16:12 - 2013-10-13 16:12 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\Bilder Urlaub
2013-10-13 16:11 - 2013-10-13 16:03 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\fotos choza 12_13
2013-10-13 16:03 - 2013-10-13 16:00 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\argentinien12-13
2013-10-13 15:03 - 2013-10-13 15:03 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\Studium
2013-10-12 19:56 - 2013-10-12 19:56 - 100651105 _____ C:\Windows\SysWOW64\濮坑›
2013-10-12 16:40 - 2013-10-12 13:57 - 100615351 _____ C:\Windows\SysWOW64\컦禶
2013-10-11 20:47 - 2013-10-11 20:42 - 72166699 _____ C:\Users\Ruben Alemán\Desktop\dtrpg-2013-10-11_02-43pm.zip
2013-10-11 19:22 - 2013-10-11 19:22 - 00003736 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-345474495-164905778-512996065-1001Core1cec6aee382b2e3
2013-10-11 19:22 - 2012-01-10 22:46 - 00004132 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-345474495-164905778-512996065-1001UA
2013-10-11 14:11 - 2013-09-16 14:05 - 00004118 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-11 14:11 - 2013-09-16 14:05 - 00003866 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-11 11:17 - 2013-10-11 11:14 - 00003741 _____ C:\Users\Ruben Alemán\Documents\Dragon Age Origins 1.05.log
2013-10-11 09:01 - 2009-07-14 05:45 - 00417888 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 00:22 - 2011-06-20 21:12 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-11 00:19 - 2013-03-16 04:16 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 00:19 - 2013-03-16 04:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-11 00:13 - 2011-03-30 15:23 - 01601618 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-11 00:07 - 2013-07-18 08:04 - 00000000 ____D C:\Windows\system32\MRT
2013-10-11 00:04 - 2011-05-28 10:06 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 19:28 - 2013-10-09 12:51 - 100305510 _____ C:\Windows\SysWOW64\扙湙3
2013-10-10 17:26 - 2013-10-10 17:26 - 00000000 ____D C:\Users\Ruben Alemán\Documents\BioWare
2013-10-10 17:16 - 2013-10-10 17:16 - 00000000 ____D C:\Windows\1C4551A64743409391E41477CD655043.TMP
2013-10-10 17:16 - 2013-10-10 16:46 - 00021568 _____ C:\Users\Ruben Alemán\Documents\Install Dragon Age Origins.log
2013-10-10 17:15 - 2013-10-10 17:15 - 00000782 _____ C:\Users\Public\Desktop\Dragon Age Origins.lnk
2013-10-10 07:27 - 2012-07-21 02:48 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-10 00:16 - 2012-06-07 21:53 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-10 00:16 - 2011-05-26 12:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 12:49 - 2012-03-25 11:53 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\Dropbox
2013-10-09 12:49 - 2011-03-30 15:18 - 00000000 ___RD C:\Users\Ruben Alemán\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-08 21:02 - 2013-10-08 21:02 - 99859239 _____ C:\Windows\SysWOW64\禯燺¢
2013-10-07 07:46 - 2013-07-30 13:57 - 00000000 ___RD C:\Users\Ruben Alemán\Dropbox
2013-10-05 17:41 - 2011-06-02 17:50 - 00000000 ___RD C:\Users\Ruben Alemán\Desktop\Musik
2013-10-05 17:39 - 2013-04-21 17:42 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\P & P Rollenspiele
2013-10-04 06:49 - 2011-07-30 11:08 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Local\Mozilla
2013-10-03 12:50 - 2012-06-07 21:47 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Local\Microsoft Games
2013-10-03 12:49 - 2011-05-28 01:47 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-10-03 11:58 - 2013-10-03 11:58 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Local\ActiveState
2013-10-02 21:38 - 2013-10-02 21:33 - 00000000 ____D C:\Perl64
2013-10-02 21:08 - 2013-10-02 21:08 - 00001885 _____ C:\Users\Public\Desktop\Mobile Connection Manager.lnk
2013-10-02 21:08 - 2013-10-02 21:08 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-10-02 21:08 - 2013-10-02 21:08 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\TGCMLog
2013-10-02 21:08 - 2013-10-02 21:08 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\Telefónica
2013-10-02 21:08 - 2013-10-02 21:07 - 00000000 ____D C:\Program Files (x86)\HUAWEI Modem Driver
2013-10-02 09:13 - 2013-10-02 09:13 - 00000000 ____D C:\Diensttprogramme
2013-09-27 11:22 - 2013-09-27 11:22 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\Amazon
2013-09-27 11:21 - 2013-09-27 11:21 - 00000000 ____D C:\Users\Ruben Alemán\Documents\Amazon MP3
2013-09-27 11:21 - 2013-09-27 11:21 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

Files to move or delete:
====================
ZeroAccess:
C:\Users\Ruben Alemán\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
C:\Users\Ruben Alemán\ijl15.dll
C:\Users\Ruben Alemán\JPGI.dll
C:\Users\Ruben Alemán\unicows.dll


Some content of TEMP:
====================
C:\Users\Ruben Alemán\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Ruben Alemán\AppData\Local\Temp\ResetDevice.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


LastRegBack: 2013-10-26 17:51

==================== End Of Log ============================

--- --- ---

cosinus · 27.10.2013, 16:48

Zitat:

U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\ \...\???\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

Hier sieht man den ZeroAccess sehr schön. Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Taru · 27.10.2013, 17:43

So, hier der Bericht (comboFix hat sich über angeblich vorhandene Echtzeitscanner beschwert, die es nicht gab)

Code:

ATTFilter

ComboFix 13-10-26.01 - Ruben Alemán 27.10.2013  17:15:42.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.2980.1715 [GMT 1:00]
ausgeführt von:: c:\users\Ruben Alemßn\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Google\Desktop\Install
c:\program files (x86)\Google\Desktop\Install\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\9519~1\A535~1\E628~1\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\@
c:\program files (x86)\Google\Desktop\Install\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\9519~1\A535~1\E628~1\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\00000004.@
c:\program files (x86)\Google\Desktop\Install\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\9519~1\A535~1\E628~1\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\00000008.@
c:\program files (x86)\Google\Desktop\Install\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\9519~1\A535~1\E628~1\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\80000000.@
c:\program files (x86)\Google\Desktop\Install\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\9519~1\A535~1\E628~1\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\80000064.@
c:\programdata\Roaming
c:\windows\PFRO.log
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-09-27 bis 2013-10-27  ))))))))))))))))))))))))))))))
.
.
2013-10-27 15:18 . 2013-10-27 15:18	--------	d-----w-	C:\FRST
2013-10-26 23:11 . 2013-10-26 23:11	--------	d-----w-	c:\users\Ruben Alemán\AppData\Roaming\AVAST Software
2013-10-26 23:07 . 2013-10-26 23:07	205320	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-10-26 23:07 . 2013-10-26 23:07	65776	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-10-26 23:07 . 2013-10-26 23:07	1032416	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-10-26 23:07 . 2013-10-26 23:07	409832	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-10-26 23:07 . 2013-10-26 23:07	84328	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-10-26 23:07 . 2013-10-26 23:07	38984	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-10-26 23:07 . 2013-10-26 23:07	334648	----a-w-	c:\windows\system32\aswBoot.exe
2013-10-26 23:07 . 2013-10-26 23:07	43152	----a-w-	c:\windows\avastSS.scr
2013-10-26 22:59 . 2013-10-26 23:00	--------	d-----w-	c:\programdata\AVAST Software
2013-10-26 18:22 . 2013-10-26 18:22	--------	d-----w-	c:\users\Ruben Alemán\AppData\Roaming\Malwarebytes
2013-10-26 18:21 . 2013-10-26 18:21	--------	d-----w-	c:\programdata\Malwarebytes
2013-10-26 18:20 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-10-26 18:20 . 2013-10-26 18:20	--------	d-----w-	C:\Dienstprogramme)
2013-10-11 11:07 . 2013-09-04 12:12	343040	----a-w-	c:\windows\system32\drivers\usbhub.sys
2013-10-11 11:07 . 2013-09-04 12:11	325120	----a-w-	c:\windows\system32\drivers\usbport.sys
2013-10-11 11:07 . 2013-09-04 12:11	99840	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2013-10-11 11:07 . 2013-09-04 12:11	52736	----a-w-	c:\windows\system32\drivers\usbehci.sys
2013-10-11 11:07 . 2013-09-04 12:11	30720	----a-w-	c:\windows\system32\drivers\usbuhci.sys
2013-10-11 11:07 . 2013-09-04 12:11	7808	----a-w-	c:\windows\system32\drivers\usbd.sys
2013-10-11 11:07 . 2013-09-04 12:11	25600	----a-w-	c:\windows\system32\drivers\usbohci.sys
2013-10-10 23:14 . 2013-09-22 14:16	96768	----a-w-	c:\windows\system32\mshtmled.dll
2013-10-10 23:14 . 2013-09-22 14:15	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-10-10 23:14 . 2013-09-22 10:03	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-10-10 23:14 . 2013-09-22 15:48	182936	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2013-10-10 23:14 . 2013-09-22 14:29	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-10-10 23:14 . 2013-09-22 14:27	305152	----a-w-	c:\program files\Internet Explorer\IEShims.dll
2013-10-10 23:14 . 2013-09-22 10:59	149656	----a-w-	c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-10-10 23:14 . 2013-09-22 10:10	768512	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-10-10 23:14 . 2013-09-22 10:10	194560	----a-w-	c:\program files (x86)\Internet Explorer\IEShims.dll
2013-10-10 23:14 . 2013-09-22 10:06	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-10-10 16:16 . 2013-10-10 16:16	--------	d-----w-	c:\windows\1C4551A64743409391E41477CD655043.TMP
2013-10-10 16:15 . 2013-10-10 16:15	--------	d-----w-	c:\programdata\Media Center Programs
2013-10-10 13:42 . 2013-07-04 12:50	633856	----a-w-	c:\windows\system32\comctl32.dll
2013-10-10 13:42 . 2013-07-04 11:50	530432	----a-w-	c:\windows\SysWow64\comctl32.dll
2013-10-10 13:41 . 2013-06-06 05:50	41472	----a-w-	c:\windows\system32\lpk.dll
2013-10-10 13:41 . 2013-06-06 05:49	100864	----a-w-	c:\windows\system32\fontsub.dll
2013-10-10 13:41 . 2013-06-06 05:49	14336	----a-w-	c:\windows\system32\dciman32.dll
2013-10-10 13:41 . 2013-06-06 05:47	46080	----a-w-	c:\windows\system32\atmlib.dll
2013-10-10 13:41 . 2013-06-06 04:57	25600	----a-w-	c:\windows\SysWow64\lpk.dll
2013-10-10 13:41 . 2013-06-06 04:51	70656	----a-w-	c:\windows\SysWow64\fontsub.dll
2013-10-10 13:41 . 2013-06-06 04:50	10240	----a-w-	c:\windows\SysWow64\dciman32.dll
2013-10-10 13:41 . 2013-06-06 03:30	368128	----a-w-	c:\windows\system32\atmfd.dll
2013-10-10 13:41 . 2013-06-06 03:01	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2013-10-10 13:41 . 2013-06-06 03:01	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2013-10-10 13:41 . 2013-06-25 22:55	785624	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2013-10-10 13:40 . 2013-07-12 10:41	185344	----a-w-	c:\windows\system32\drivers\usbvideo.sys
2013-10-10 13:40 . 2013-07-12 10:41	100864	----a-w-	c:\windows\system32\drivers\usbcir.sys
2013-10-10 13:36 . 2013-07-03 04:40	42496	----a-w-	c:\windows\system32\drivers\usbscan.sys
2013-10-10 13:36 . 2013-07-03 04:05	76800	----a-w-	c:\windows\system32\drivers\hidclass.sys
2013-10-10 13:36 . 2013-07-03 04:05	32896	----a-w-	c:\windows\system32\drivers\hidparse.sys
2013-10-03 10:58 . 2013-10-03 10:58	--------	d-----w-	c:\users\Ruben Alemán\AppData\Local\ActiveState
2013-10-02 20:33 . 2013-10-02 20:38	--------	d-----w-	C:\Perl64
2013-10-02 08:13 . 2013-10-02 08:13	--------	d-----w-	C:\Diensttprogramme
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-10 23:04 . 2011-05-28 09:06	80541720	----a-w-	c:\windows\system32\MRT.exe
2013-10-09 23:16 . 2012-06-07 20:53	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-09 23:16 . 2011-05-26 11:35	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-29 01:48 . 2013-10-10 13:35	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-08-15 21:44 . 2013-08-15 21:44	0	----a-w-	c:\windows\SysWow64\shoECF6.tmp
2013-08-05 02:25 . 2013-09-10 19:42	155584	----a-w-	c:\windows\system32\drivers\ataport.sys
2013-08-02 02:14 . 2013-09-10 19:42	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-08-02 02:13 . 2013-09-10 19:42	424448	----a-w-	c:\windows\system32\KernelBase.dll
2013-08-02 02:13 . 2013-09-10 19:42	1161216	----a-w-	c:\windows\system32\kernel32.dll
2013-08-02 02:12 . 2013-09-10 19:42	43520	----a-w-	c:\windows\system32\csrsrv.dll
2013-08-02 02:12 . 2013-09-10 19:42	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 19:42	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 19:42	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 19:42	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 19:42	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 19:42	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 19:42	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 19:42	6656	----a-w-	c:\windows\system32\apisetschema.dll
2013-08-02 02:12 . 2013-09-10 19:42	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 19:42	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 19:42	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 19:42	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 19:42	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 19:42	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 19:42	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 19:42	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 19:42	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 19:42	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 19:42	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 19:42	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 19:42	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 19:42	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 19:42	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 19:42	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 19:42	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 19:42	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 19:42	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 19:42	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 02:12 . 2013-09-10 19:42	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:50 . 2013-09-10 19:42	274944	----a-w-	c:\windows\SysWow64\KernelBase.dll
2013-08-02 01:48 . 2013-09-10 19:42	5120	---ha-w-	c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 19:42	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 19:42	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 19:42	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 19:42	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 19:42	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 19:42	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 19:42	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 19:42	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 19:42	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 19:42	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 19:42	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 19:42	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 19:42	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 19:42	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 19:42	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 19:42	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 19:42	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 19:42	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 19:42	6656	----a-w-	c:\windows\SysWow64\apisetschema.dll
2013-08-02 01:48 . 2013-09-10 19:42	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 19:42	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 19:42	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 19:42	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 01:48 . 2013-09-10 19:42	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:09 . 2013-09-10 19:42	338432	----a-w-	c:\windows\system32\conhost.exe
2013-08-02 00:59 . 2013-09-10 19:42	112640	----a-w-	c:\windows\system32\smss.exe
2013-08-02 00:43 . 2013-09-10 19:42	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43 . 2013-09-10 19:42	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43 . 2013-09-10 19:42	6144	---ha-w-	c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43 . 2013-09-10 19:42	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-30 10:17 . 2013-07-30 10:17	0	----a-w-	c:\windows\SysWow64\sho8D42.tmp
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34	130736	----a-w-	c:\users\Ruben Alemán\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34	130736	----a-w-	c:\users\Ruben Alemán\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34	130736	----a-w-	c:\users\Ruben Alemán\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34	130736	----a-w-	c:\users\Ruben Alemán\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34	130736	----a-w-	c:\users\Ruben Alemán\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34	130736	----a-w-	c:\users\Ruben Alemán\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]
"Steam"="c:\dienstprogramme\Steam\Steam.exe" [2013-10-09 1813928]
"AmazonMP3DownloaderHelper"="c:\users\Ruben Alemán\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe" [2013-05-22 400704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Reader Application Helper"="c:\dienstprogramme\ReaderDesktop\appHelper\ReaderAppHelper.exe" [2013-03-18 899400]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-05-16 3830224]
"HP Software Update"="c:\dienstprogramme\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"PDFPrint"="c:\dienstprogramme\PDF24\pdf24.exe" [2013-07-22 162856]
"AvastUI.exe"="c:\dienstprogramme\AVAST Software\Avast\AvastUI.exe" [2013-10-26 3567800]
.
c:\users\Ruben Alemán\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 C2TNServer;C2TNServer;c:\dienstprogramme\C2TN\C2TN\wrapper.exe;c:\dienstprogramme\C2TN\C2TN\wrapper.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;c:\spiele\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe;c:\spiele\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\DRIVERS\nvstusb.sys;c:\windows\SYSNATIVE\DRIVERS\nvstusb.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 ZTEusbvoice;ZTE VoUSB Port;c:\windows\system32\DRIVERS\ZTEusbvoice.sys;c:\windows\SYSNATIVE\DRIVERS\ZTEusbvoice.sys [x]
R4 dump_wmimmc;dump_wmimmc;c:\spiele\CABAL Online\GameGuard\dump_wmimmc.sys;c:\spiele\CABAL Online\GameGuard\dump_wmimmc.sys [x]
R4 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R4 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 MBAMScheduler;MBAMScheduler;c:\dienstprogramme)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\dienstprogramme)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\dienstprogramme)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\dienstprogramme)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;c:\dienstprogramme\o2\Mobile Connection Manager\ImpWiFiSvc.exe;c:\dienstprogramme\o2\Mobile Connection Manager\ImpWiFiSvc.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys;c:\windows\SYSNATIVE\DRIVERS\qicflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - ASWRVRT
*NewlyCreated* - ASWSP
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 23:16]
.
2013-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-16 13:05]
.
2013-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-16 13:05]
.
2012-09-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-03-28 23:04]
.
2012-09-12 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-03-28 23:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-10-26 23:07	326944	----a-w-	c:\dienstprogramme\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34	164016	----a-w-	c:\users\Ruben Alemán\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34	164016	----a-w-	c:\users\Ruben Alemán\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34	164016	----a-w-	c:\users\Ruben Alemán\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34	164016	----a-w-	c:\users\Ruben Alemán\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34	164016	----a-w-	c:\users\Ruben Alemán\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34	164016	----a-w-	c:\users\Ruben Alemán\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34	164016	----a-w-	c:\users\Ruben Alemán\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-21 23:34	164016	----a-w-	c:\users\Ruben Alemán\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-12-08 6560360]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-11-30 2186856]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-04 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-04 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-04 418328]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.icq.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = localhost:21320
uInternet Settings,ProxyOverride = <local>
IE: Alles mit FDM herunterladen - file://c:\dienstprogramme\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\dienstprogramme\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\dienstprogramme\Free Download Manager\dllink.htm
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: Free YouTube to MP3 Converter - c:\users\Ruben Alemán\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\dienstprogramme\Free Download Manager\dlfvideo.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\dienstprogramme\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Ruben Alemán\AppData\Roaming\Mozilla\Firefox\Profiles\iwgkyse6.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-10-27 01:07; wrc@avast.com; c:\dienstprogramme\AVAST Software\Avast\WebRep\FF
FF - user.js: network.http.max-connections - 96
FF - user.js: network.http.max-connections-per-server - 48
FF - user.js: network.http.max-persistent-connections-per-proxy - 24
FF - user.js: network.http.max-persistent-connections-per-server - 12
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Media Finder - c:\program files (x86)\Media Finder\Media Finder.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-7-PDF Website Converter_is1 - c:\dienstprogramme\7-PDFWebsiteConverter\unins000.exe
AddRemove-C2TN - c:\dienstprogramme\C2TN\C2TN\uninstall.exe
AddRemove-FILEminimizer Pictures_is1 - c:\dienstprogramme\FILEminimizer Pictures\unins000.exe
AddRemove-Free M4a to MP3 Converter_is1 - c:\dienstprogramme\Free M4a to MP3 Converter\unins000.exe
AddRemove-Free YouTube to MP3 Converter_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\Uninstall.exe
AddRemove-Magic Workstation_is1 - c:\dienstprogramme\Magic Workstation\unins000.exe
AddRemove-Mp3tag - c:\dienstprogramme\Mp3tag\Mp3tagUninstall.EXE
AddRemove-The Witcher 2 Enhanced Edition_is1 - c:\spiele\The Witcher 2\unins000.exe
AddRemove-TIPP10_is1 - c:\dienstprogramme\Tipp10\unins000.exe
AddRemove-VLC media player - c:\dienstprogramme\VideoLAN\VLC\uninstall.exe
AddRemove-xp-AntiSpy - c:\dienstprogramme\xp-AntiSpy\Uninstall.exe
AddRemove-{049FF5E4-EB02-4c42-8DB0-226E2F7A9E53} - c:\spiele\Torchlight 2\uninstall.exe
AddRemove-BitTorrent DNA - c:\users\Ruben Alemán\Program Files (x86)\DNA\btdna.exe
AddRemove-pdfsam - c:\dienstprogramme\pdfsam\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\dienstprogramme\AVAST Software\Avast\AvastSvc.exe
c:\dienstprogramme)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-10-27  17:38:03 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-10-27 16:38
.
Vor Suchlauf: 3.424.702.464 Bytes frei
Nach Suchlauf: 5.915.770.880 Bytes frei
.
- - End Of File - - 6327BF3A90352C20EFC8FD3D609A2F5B
5C616939100B85E558DA92B899A0FC36

cosinus · 28.10.2013, 16:17

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Und ein frisches FRST-Log bitte. FRST neu runterladen!

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Taru · 29.10.2013, 10:46

Anti-Rootkit hatte zwei infizierte Dateien gefunden

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org

Database version: v2013.10.28.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ruben Alemán :: RUBEN-PC [administrator]

28.10.2013 23:13:21
mbar-log-2013-10-28 (23-13-21).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 302700
Time elapsed: 42 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 7
C:\Users\Ruben Alemán\AppData\Local\Google\Desktop\Install\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\❤≸⋙ (Trojan.0Access) -> Delete on reboot.
C:\Users\Ruben Alemán\AppData\Local\Google\Desktop\Install\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\❤≸⋙\Ⱒ☠⍨ (Trojan.0Access) -> Delete on reboot.
C:\Users\Ruben Alemán\AppData\Local\Google\Desktop\Install\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\❤≸⋙\Ⱒ☠⍨\*ﯹ๛ (Trojan.0Access) -> Delete on reboot.
C:\Users\Ruben Alemán\AppData\Local\Google\Desktop\Install\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\❤≸⋙\Ⱒ☠⍨\*ﯹ๛\{792f4199-0b73-e2f4-7b46-706eb422a6b8} (Trojan.0Access) -> Delete on reboot.
C:\Users\Ruben Alemán\AppData\Local\Google\Desktop\Install\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\❤≸⋙\Ⱒ☠⍨\*ﯹ๛\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\L (Trojan.0Access) -> Delete on reboot.
C:\Users\Ruben Alemán\AppData\Local\Google\Desktop\Install\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\❤≸⋙\Ⱒ☠⍨\*ﯹ๛\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U (Trojan.0Access) -> Delete on reboot.
C:\Users\Ruben Alemán\AppData\Local\Google\Desktop\Install\{792f4199-0b73-e2f4-7b46-706eb422a6b8} (Trojan.0Access) -> Delete on reboot.

Files Detected: 3
C:\Windows\assembly\GAC_32\Desktop.ini (Rootkit.0access) -> Delete on reboot.
C:\Windows\assembly\GAC_64\Desktop.ini (Rootkit.0access) -> Delete on reboot.
C:\Users\Ruben Alemán\AppData\Local\Google\Desktop\Install\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\❤≸⋙\Ⱒ☠⍨\*ﯹ๛\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\@ (Trojan.0Access) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-10-2013
Ran by Ruben Alemán (administrator) on RUBEN-PC on 29-10-2013 10:40:12
Running from C:\Users\Ruben Alemán\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVAST Software) C:\Dienstprogramme\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Dienstprogramme)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Dienstprogramme)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Malwarebytes Corporation) C:\Dienstprogramme)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Telefónica) C:\Dienstprogramme\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Sony Corporation) C:\Dienstprogramme\ReaderDesktop\appHelper\ReaderAppHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard) C:\Dienstprogramme\HP Software Update\hpwuschd2.exe
(Geek Software GmbH) C:\Dienstprogramme\PDF24\pdf24.exe
(AVAST Software) C:\Dienstprogramme\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Dienstprogramme\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Dienstprogramme\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2370856 2010-09-24] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6560360 2010-12-08] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2010-12-01] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel(R) Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Steam] - C:\Dienstprogramme\Steam\Steam.exe [1813928 2013-10-09] (Valve Corporation)
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Ruben Alemán\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKCU\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKCU\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Reader Application Helper] - C:\Dienstprogramme\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2013-03-18] (Sony Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [HP Software Update] - C:\Dienstprogramme\HP Software Update\hpwuschd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM-x32\...\Run: [PDFPrint] - C:\Dienstprogramme\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Dienstprogramme\AVAST Software\Avast\avastui.exe [3567800 2013-10-27] (AVAST Software)
Startup: C:\Users\Ruben Alemán\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:21320
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {943D163A-270E-4A9A-930E-42D90591EFAD} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope {43542C3D-EA61-4E38-B9D0-78A37B254BE5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {43542C3D-EA61-4E38-B9D0-78A37B254BE5} URL = 
SearchScopes: HKCU - {43542C3D-EA61-4E38-B9D0-78A37B254BE5} URL = 
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {943D163A-270E-4A9A-930E-42D90591EFAD} URL = 
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Dienstprogramme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Dienstprogramme\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Dienstprogramme\Java\bin\ssv.dll No File
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Dienstprogramme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Dienstprogramme\Free Download Manager\iefdm2.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Dienstprogramme\Java\bin\jp2ssv.dll No File
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Dienstprogramme\Digital Imaging\Smart Web Printing\hpswp_BHO.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Dienstprogramme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Dienstprogramme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM {682C59F5-478C-4421-9070-AD170D143B77} hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd64.cab
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Ruben Alemán\AppData\Roaming\Mozilla\Firefox\Profiles\iwgkyse6.default
FF user.js: detected! => C:\Users\Ruben Alemán\AppData\Roaming\Mozilla\Firefox\Profiles\iwgkyse6.default\user.js
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Dienstprogramme\Java\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @sony.com/ReaderDesktop - C:\Dienstprogramme\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Dienstprogramme\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @bittorrent.com/BitTorrentDNA - C:\Users\Ruben Alemán\Program Files (x86)\DNA\plugins\npbtdna.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Ruben Alemán\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Ruben Alemán\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Ruben Alemán\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Ruben Alemán\AppData\Roaming\Mozilla\Firefox\Profiles\iwgkyse6.default\searchplugins\ixquick.xml
FF Extension: General Crawler - C:\Users\Ruben Alemán\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
FF Extension: HTTPS-Everywhere - C:\Users\Ruben Alemán\AppData\Roaming\Mozilla\Firefox\Profiles\iwgkyse6.default\Extensions\https-everywhere@eff.org
FF Extension: fdm_ffext - C:\Users\Ruben Alemán\AppData\Roaming\Mozilla\Firefox\Profiles\iwgkyse6.default\Extensions\fdm_ffext@freedownloadmanager.org
FF Extension: firefox - C:\Users\Ruben Alemán\AppData\Roaming\Mozilla\Firefox\Profiles\iwgkyse6.default\Extensions\firefox@ghostery.com.xpi
FF Extension: Adblock Plus - C:\Users\Ruben Alemán\AppData\Roaming\Mozilla\Firefox\Profiles\iwgkyse6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF HKLM-x32\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Dienstprogramme\Steganos Password Manager 12\spmplugin3
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Dienstprogramme\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Dienstprogramme\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Dienstprogramme\AVAST Software\Avast\WebRep\FF
FF HKCU\...\Firefox\Extensions: [{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}] - C:\Users\Ruben Alemán\Program Files (x86)\DNA
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Dienstprogramme\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF StartMenuInternet: FIREFOX.EXE - C:\Dienstprogramme\Mozilla Firefox\firefox.exe

der additionlog wurde nicht erstellt, warum auch immer...

cosinus · 29.10.2013, 15:30

MBAR hat noch einiges gefunden, laut Anleitung sollst du einen neuen Scan mit MBAR machen wenn es was gefunden und per CleanUp gelöscht hat

Taru · 29.10.2013, 15:32

hatte ich, und er hatte nichts gefunden :/

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org

Database version: v2013.10.29.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ruben Alemán :: RUBEN-PC [administrator]

29.10.2013 09:39:06
mbar-log-2013-10-29 (09-39-06).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 303147
Time elapsed: 53 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

cosinus · 29.10.2013, 15:48

Letzes Log von FRST ist unvollständig

Taru · 29.10.2013, 18:12

sry, irgendiwe ist mir da wohl ein missgeschick unterlaufen...

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-10-2013
Ran by Ruben Alemán (administrator) on RUBEN-PC on 29-10-2013 10:40:12
Running from C:\Users\Ruben Alemán\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVAST Software) C:\Dienstprogramme\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Dienstprogramme)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Dienstprogramme)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Malwarebytes Corporation) C:\Dienstprogramme)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Telefónica) C:\Dienstprogramme\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Sony Corporation) C:\Dienstprogramme\ReaderDesktop\appHelper\ReaderAppHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard) C:\Dienstprogramme\HP Software Update\hpwuschd2.exe
(Geek Software GmbH) C:\Dienstprogramme\PDF24\pdf24.exe
(AVAST Software) C:\Dienstprogramme\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Dienstprogramme\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Dienstprogramme\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2370856 2010-09-24] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6560360 2010-12-08] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2010-12-01] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel(R) Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Steam] - C:\Dienstprogramme\Steam\Steam.exe [1813928 2013-10-09] (Valve Corporation)
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Ruben Alemán\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKCU\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKCU\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Reader Application Helper] - C:\Dienstprogramme\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2013-03-18] (Sony Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [HP Software Update] - C:\Dienstprogramme\HP Software Update\hpwuschd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM-x32\...\Run: [PDFPrint] - C:\Dienstprogramme\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Dienstprogramme\AVAST Software\Avast\avastui.exe [3567800 2013-10-27] (AVAST Software)
Startup: C:\Users\Ruben Alemán\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:21320
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {943D163A-270E-4A9A-930E-42D90591EFAD} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope {43542C3D-EA61-4E38-B9D0-78A37B254BE5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {43542C3D-EA61-4E38-B9D0-78A37B254BE5} URL = 
SearchScopes: HKCU - {43542C3D-EA61-4E38-B9D0-78A37B254BE5} URL = 
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {943D163A-270E-4A9A-930E-42D90591EFAD} URL = 
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Dienstprogramme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Dienstprogramme\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Dienstprogramme\Java\bin\ssv.dll No File
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Dienstprogramme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Dienstprogramme\Free Download Manager\iefdm2.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Dienstprogramme\Java\bin\jp2ssv.dll No File
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Dienstprogramme\Digital Imaging\Smart Web Printing\hpswp_BHO.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Dienstprogramme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Dienstprogramme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM {682C59F5-478C-4421-9070-AD170D143B77} hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd64.cab
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Ruben Alemán\AppData\Roaming\Mozilla\Firefox\Profiles\iwgkyse6.default
FF user.js: detected! => C:\Users\Ruben Alemán\AppData\Roaming\Mozilla\Firefox\Profiles\iwgkyse6.default\user.js
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Dienstprogramme\Java\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @sony.com/ReaderDesktop - C:\Dienstprogramme\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Dienstprogramme\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @bittorrent.com/BitTorrentDNA - C:\Users\Ruben Alemán\Program Files (x86)\DNA\plugins\npbtdna.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Ruben Alemán\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Ruben Alemán\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Ruben Alemán\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Ruben Alemán\AppData\Roaming\Mozilla\Firefox\Profiles\iwgkyse6.default\searchplugins\ixquick.xml
FF Extension: General Crawler - C:\Users\Ruben Alemán\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
FF Extension: HTTPS-Everywhere - C:\Users\Ruben Alemán\AppData\Roaming\Mozilla\Firefox\Profiles\iwgkyse6.default\Extensions\https-everywhere@eff.org
FF Extension: fdm_ffext - C:\Users\Ruben Alemán\AppData\Roaming\Mozilla\Firefox\Profiles\iwgkyse6.default\Extensions\fdm_ffext@freedownloadmanager.org
FF Extension: firefox - C:\Users\Ruben Alemán\AppData\Roaming\Mozilla\Firefox\Profiles\iwgkyse6.default\Extensions\firefox@ghostery.com.xpi
FF Extension: Adblock Plus - C:\Users\Ruben Alemán\AppData\Roaming\Mozilla\Firefox\Profiles\iwgkyse6.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF HKLM-x32\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Dienstprogramme\Steganos Password Manager 12\spmplugin3
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Dienstprogramme\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Dienstprogramme\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Dienstprogramme\AVAST Software\Avast\WebRep\FF
FF HKCU\...\Firefox\Extensions: [{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}] - C:\Users\Ruben Alemán\Program Files (x86)\DNA
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Dienstprogramme\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF StartMenuInternet: FIREFOX.EXE - C:\Dienstprogramme\Mozilla Firefox\firefox.exe

Chrome: 
=======
CHR HomePage: https://ixquick.com/deu/
CHR RestoreOnStartup: "https://ixquick.com/deu/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Ruben Alem\u00E1n\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Ruben Alem\u00E1n\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Ruben Alem\u00E1n\AppData\Local\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Mixesoft Click&Clean Plug-In) - C:\Users\Ruben Alem\u00E1n\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin/npccch32.dll No File
CHR Plugin: (Bitdefender QuickScan) - C:\Users\Ruben Alem\u00E1n\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.9_0\plugin/npqscan.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Musicnotes) - C:\Dienstprogramme\Musicnotes\npmusicn.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Dienstprogramme\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Reader Application Detector) - C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
CHR Plugin: (Google Update) - C:\Users\Ruben Alem\u00E1n\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (YouTube) - C:\Users\RUBENA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\RUBENA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0
CHR Extension: (Google Search) - C:\Users\RUBENA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Facebook Disconnect) - C:\Users\RUBENA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0
CHR Extension: (IBA Opt-out (by Google)) - C:\Users\RUBENA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb\1.5_0
CHR Extension: (Click&Clean) - C:\Users\RUBENA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\8.3_0
CHR Extension: (AdBlock) - C:\Users\RUBENA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0
CHR Extension: (avast! Online Security) - C:\Users\RUBENA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\RUBENA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Minecraft Origins) - C:\Users\RUBENA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooemofofigijedhcifaimglnncjmckaa\1.0.2_0
CHR Extension: (Gmail) - C:\Users\RUBENA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Users\Ruben Alemán\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Dienstprogramme\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM-x32\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Users\Ruben Alemán\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Ruben Alemán\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 avast! Antivirus; C:\Dienstprogramme\AVAST Software\Avast\AvastSvc.exe [50344 2013-10-27] (AVAST Software)
S2 C2TNServer; C:\Dienstprogramme\C2TN\C2TN\wrapper.exe [204800 2011-08-18] ()
S3 DAUpdaterSvc; C:\Spiele\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-12-15] (BioWare)
R2 HPSLPSVC; C:\Dienstprogramme\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-23] (Hewlett-Packard Co.)
R2 MBAMScheduler; C:\Dienstprogramme)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Dienstprogramme)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4264632 2011-05-15] (INCA Internet Co., Ltd.)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] ()
S4 RemoteAccess; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 TGCM_ImportWiFiSvc; C:\Dienstprogramme\o2\Mobile Connection Manager\ImpWiFiSvc.exe [201080 2011-06-14] (Telefónica)
S3 hpqcxs08; C:\Dienstprogramme\Digital Imaging\bin\hpqcxs08.dll [x]

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-10-27] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-10-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-10-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-10-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-10-27] ()
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284008 2012-10-08] (NVIDIA Corporation)
S3 NvStUSB; C:\Windows\system32\DRIVERS\nvstusb.sys [121960 2011-01-31] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S4 dump_wmimmc; \??\C:\Spiele\CABAL Online\GameGuard\dump_wmimmc.sys [x]
U5 MBAMSwissArmy; C:\Windows\System32\Drivers\MBAMSwissArmy.sys [116440 2013-10-29] (Malwarebytes Corporation)
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x]
S3 ZTEusbvoice; system32\DRIVERS\ZTEusbvoice.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-29 10:36 - 2013-10-29 10:36 - 01956538 _____ (Farbar) C:\Users\Ruben Alemán\Desktop\FRST64.exe
2013-10-29 09:41 - 2013-10-29 09:42 - 18080872 _____ (Adobe Systems Inc.) C:\Users\Ruben Alemán\Desktop\AdobeAIRInstaller.exe
2013-10-29 00:05 - 2013-10-29 00:05 - 00003676 _____ C:\Windows\PFRO.log
2013-10-28 23:13 - 2013-10-29 10:35 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-28 23:13 - 2013-10-29 09:38 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-10-28 23:12 - 2013-10-29 09:36 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-28 23:11 - 2013-10-29 10:35 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\mbar
2013-10-28 18:45 - 2013-10-28 18:45 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Ruben Alemán\Desktop\mbar-1.07.0.1007.exe
2013-10-27 17:38 - 2013-10-27 17:38 - 00038009 _____ C:\ComboFix.txt
2013-10-27 17:09 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-27 17:09 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-27 17:09 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-27 17:09 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-27 17:09 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-27 17:09 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-27 17:09 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-27 17:09 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-27 17:05 - 2013-10-27 17:39 - 00000000 ____D C:\Qoobox
2013-10-27 17:04 - 2013-10-27 17:35 - 00000000 ____D C:\Windows\erdnt
2013-10-27 16:49 - 2013-10-27 16:49 - 05136694 ____R (Swearware) C:\Users\Ruben Alemán\Desktop\ComboFix.exe
2013-10-27 16:18 - 2013-10-27 16:18 - 00000000 ____D C:\FRST
2013-10-27 00:11 - 2013-10-27 00:11 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\AVAST Software
2013-10-27 00:09 - 2013-10-27 00:09 - 00001946 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-10-27 00:07 - 2013-10-27 00:07 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-10-27 00:07 - 2013-10-27 00:07 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-10-27 00:07 - 2013-10-27 00:07 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-10-27 00:07 - 2013-10-27 00:07 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-10-27 00:07 - 2013-10-27 00:07 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-10-27 00:07 - 2013-10-27 00:07 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-10-27 00:07 - 2013-10-27 00:07 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-10-27 00:07 - 2013-10-27 00:07 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-10-26 23:59 - 2013-10-27 00:00 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-26 19:22 - 2013-10-26 19:22 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\Malwarebytes
2013-10-26 19:21 - 2013-10-26 19:21 - 00000897 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-26 19:21 - 2013-10-26 19:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-26 19:20 - 2013-10-26 19:20 - 00000000 ____D C:\Dienstprogramme)
2013-10-26 19:20 - 2013-04-04 13:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-26 19:17 - 2013-10-26 19:18 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Ruben Alemán\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-26 14:40 - 2013-10-26 14:40 - 103108672 _____ C:\Windows\SysWOW64\鬎͞Ž
2013-10-23 12:18 - 2013-10-23 16:08 - 102551358 _____ C:\Windows\SysWOW64\皜퀜™
2013-10-22 17:12 - 2013-10-22 18:23 - 00000000 ____D C:\Users\Ruben Alemán\Documents\BloodBowlLegendary
2013-10-22 13:04 - 2013-10-22 13:04 - 00000217 _____ C:\Users\Ruben Alemán\Desktop\Blood Bowl Legendary Edition.url
2013-10-19 12:54 - 2013-10-19 12:53 - 01017344 _____ C:\Users\Ruben Alemán\Desktop\Anima_Base_Templates_2nd_Gen.xls
2013-10-18 19:55 - 2013-10-20 15:02 - 102068998 _____ C:\Windows\SysWOW64\妲⪋
2013-10-17 13:42 - 2013-10-17 13:43 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\Material Erstis
2013-10-13 16:12 - 2013-10-13 16:12 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\Fotos Album
2013-10-13 16:12 - 2013-10-13 16:12 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\Bilder Urlaub
2013-10-13 16:03 - 2013-10-13 16:11 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\fotos choza 12_13
2013-10-13 16:00 - 2013-10-13 16:03 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\argentinien12-13
2013-10-13 15:03 - 2013-10-13 15:03 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\Studium
2013-10-12 19:56 - 2013-10-12 19:56 - 100651105 _____ C:\Windows\SysWOW64\濮坑›
2013-10-12 13:57 - 2013-10-12 16:40 - 100615351 _____ C:\Windows\SysWOW64\컦禶
2013-10-11 20:42 - 2013-10-11 20:47 - 72166699 _____ C:\Users\Ruben Alemán\Desktop\dtrpg-2013-10-11_02-43pm.zip
2013-10-11 12:07 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-11 12:07 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-11 12:07 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-11 12:07 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-11 12:07 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-11 12:07 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-11 12:07 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-11 11:14 - 2013-10-11 11:17 - 00003741 _____ C:\Users\Ruben Alemán\Documents\Dragon Age Origins 1.05.log
2013-10-11 00:14 - 2013-09-22 15:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-11 00:14 - 2013-09-22 15:15 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-11 00:14 - 2013-09-22 11:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-10-11 00:14 - 2013-09-22 11:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-11 00:14 - 2013-09-22 11:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-10-11 00:13 - 2013-09-22 16:43 - 17833984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-11 00:13 - 2013-09-22 16:01 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-11 00:13 - 2013-09-22 15:42 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-11 00:13 - 2013-09-22 15:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-11 00:13 - 2013-09-22 15:33 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-11 00:13 - 2013-09-22 15:33 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-11 00:13 - 2013-09-22 15:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-11 00:13 - 2013-09-22 15:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-11 00:13 - 2013-09-22 15:23 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-11 00:13 - 2013-09-22 15:22 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-11 00:13 - 2013-09-22 15:21 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-11 00:13 - 2013-09-22 15:19 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-11 00:13 - 2013-09-22 15:19 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-11 00:13 - 2013-09-22 15:07 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-11 00:13 - 2013-09-22 11:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-11 00:13 - 2013-09-22 11:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-11 00:13 - 2013-09-22 11:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-11 00:13 - 2013-09-22 11:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-10-11 00:13 - 2013-09-22 11:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-11 00:13 - 2013-09-22 11:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-11 00:13 - 2013-09-22 11:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-10-11 00:13 - 2013-09-22 11:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-11 00:13 - 2013-09-22 11:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-10-11 00:13 - 2013-09-22 11:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-11 00:13 - 2013-09-22 11:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-11 00:13 - 2013-09-22 11:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-11 00:13 - 2013-09-22 10:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-10 17:26 - 2013-10-10 17:26 - 00000000 ____D C:\Users\Ruben Alemán\Documents\BioWare
2013-10-10 17:16 - 2013-10-28 23:59 - 00000000 ____D C:\Windows\1C4551A64743409391E41477CD655043.TMP
2013-10-10 17:15 - 2013-10-10 17:15 - 00000782 _____ C:\Users\Public\Desktop\Dragon Age Origins.lnk
2013-10-10 16:46 - 2013-10-10 17:16 - 00021568 _____ C:\Users\Ruben Alemán\Documents\Install Dragon Age Origins.log
2013-10-10 14:42 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 14:42 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-10 14:41 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-10 14:41 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 14:41 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 14:41 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 14:41 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-10 14:41 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-10 14:41 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-10 14:41 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-10 14:41 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 14:41 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-10 14:41 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-10 14:40 - 2013-07-12 11:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-10 14:40 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 14:36 - 2013-07-03 05:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-10 14:36 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 14:36 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 14:35 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-10 14:35 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-10 14:35 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-10 14:35 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-10 14:35 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-10 14:35 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-10 14:35 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-10 14:35 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-10 14:35 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-10 14:35 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-10 14:35 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-10 14:35 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-10 14:35 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-10 14:35 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-10 14:35 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-10 14:35 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-10 14:35 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-10 14:35 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-10 14:35 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-10 14:35 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 14:35 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-10 14:35 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 14:35 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 14:35 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 14:35 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-10 14:35 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-10 14:35 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-10 14:35 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-10 14:35 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 12:51 - 2013-10-10 19:28 - 100305510 _____ C:\Windows\SysWOW64\扙湙3
2013-10-08 21:02 - 2013-10-08 21:02 - 99859239 _____ C:\Windows\SysWOW64\禯燺¢
2013-10-03 11:58 - 2013-10-03 11:58 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Local\ActiveState
2013-10-02 21:33 - 2013-10-02 21:38 - 00000000 ____D C:\Perl64
2013-10-02 21:08 - 2013-10-02 21:08 - 00001885 _____ C:\Users\Public\Desktop\Mobile Connection Manager.lnk
2013-10-02 21:08 - 2013-10-02 21:08 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-10-02 21:08 - 2013-10-02 21:08 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\TGCMLog
2013-10-02 21:08 - 2013-10-02 21:08 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\Telefónica
2013-10-02 21:08 - 2010-11-04 10:52 - 00093696 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys
2013-10-02 21:08 - 2010-10-09 07:49 - 00085504 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2013-10-02 21:08 - 2010-09-26 11:01 - 00055296 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys
2013-10-02 21:08 - 2010-09-26 11:01 - 00029184 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys
2013-10-02 21:08 - 2010-09-03 10:36 - 00196608 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys
2013-10-02 21:08 - 2010-08-31 11:09 - 00256000 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbnet.sys
2013-10-02 21:08 - 2010-08-07 10:49 - 00121600 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2013-10-02 21:08 - 2010-07-27 02:52 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
2013-10-02 21:08 - 2010-05-10 07:22 - 00999936 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys
2013-10-02 21:08 - 2010-03-20 05:06 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2013-10-02 21:08 - 2010-01-18 11:48 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
2013-10-02 21:08 - 2008-03-27 09:51 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01007.dll
2013-10-02 21:07 - 2013-10-02 21:08 - 00000000 ____D C:\Program Files (x86)\HUAWEI Modem Driver
2013-10-02 09:13 - 2013-10-02 09:13 - 00000000 ____D C:\Diensttprogramme
2013-10-02 09:12 - 2013-03-11 13:23 - 08065978 _____ (Goretzki Software Lösungen                                  ) C:\Users\Ruben Alemán\Desktop\Setup Savage-Gen 1.5.1.exe
2013-10-01 17:38 - 2013-10-26 10:08 - 00000047 _____ C:\Users\Ruben Alemán\Desktop\Neues Textdokument (3).txt

==================== One Month Modified Files and Folders =======

2013-10-29 10:41 - 2013-08-08 21:51 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\Skype
2013-10-29 10:36 - 2013-10-29 10:36 - 01956538 _____ (Farbar) C:\Users\Ruben Alemán\Desktop\FRST64.exe
2013-10-29 10:35 - 2013-10-28 23:13 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-29 10:35 - 2013-10-28 23:11 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\mbar
2013-10-29 10:17 - 2013-09-16 14:05 - 00001122 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-29 10:15 - 2012-07-21 02:48 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-29 09:46 - 2009-07-14 06:10 - 02032876 _____ C:\Windows\WindowsUpdate.log
2013-10-29 09:42 - 2013-10-29 09:41 - 18080872 _____ (Adobe Systems Inc.) C:\Users\Ruben Alemán\Desktop\AdobeAIRInstaller.exe
2013-10-29 09:38 - 2013-10-28 23:13 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-10-29 09:36 - 2013-10-28 23:12 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-10-29 00:15 - 2009-07-14 05:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-29 00:15 - 2009-07-14 05:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-29 00:13 - 2009-07-14 18:58 - 00701098 _____ C:\Windows\system32\perfh007.dat
2013-10-29 00:13 - 2009-07-14 18:58 - 00149604 _____ C:\Windows\system32\perfc007.dat
2013-10-29 00:13 - 2009-07-14 06:13 - 01623360 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-29 00:06 - 2013-09-16 14:05 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-29 00:05 - 2013-10-29 00:05 - 00003676 _____ C:\Windows\PFRO.log
2013-10-29 00:05 - 2013-10-10 17:16 - 00000000 ____D C:\Windows\1C4551A64743409391E41477CD655043.TMP
2013-10-29 00:05 - 2011-03-26 18:06 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-29 00:05 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-29 00:05 - 2009-07-14 05:51 - 00140632 _____ C:\Windows\setupact.log
2013-10-28 18:45 - 2013-10-28 18:45 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Ruben Alemán\Desktop\mbar-1.07.0.1007.exe
2013-10-27 17:39 - 2013-10-27 17:05 - 00000000 ____D C:\Qoobox
2013-10-27 17:39 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-10-27 17:38 - 2013-10-27 17:38 - 00038009 _____ C:\ComboFix.txt
2013-10-27 17:35 - 2013-10-27 17:04 - 00000000 ____D C:\Windows\erdnt
2013-10-27 17:30 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-10-27 17:05 - 2009-07-14 06:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-27 16:49 - 2013-10-27 16:49 - 05136694 ____R (Swearware) C:\Users\Ruben Alemán\Desktop\ComboFix.exe
2013-10-27 16:18 - 2013-10-27 16:18 - 00000000 ____D C:\FRST
2013-10-27 08:51 - 2012-04-06 16:59 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\Sonstiges
2013-10-27 00:11 - 2013-10-27 00:11 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\AVAST Software
2013-10-27 00:09 - 2013-10-27 00:09 - 00001946 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-10-27 00:07 - 2013-10-27 00:07 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-10-27 00:07 - 2013-10-27 00:07 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-10-27 00:07 - 2013-10-27 00:07 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-10-27 00:07 - 2013-10-27 00:07 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-10-27 00:07 - 2013-10-27 00:07 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-10-27 00:07 - 2013-10-27 00:07 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-10-27 00:07 - 2013-10-27 00:07 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-10-27 00:07 - 2013-10-27 00:07 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-10-27 00:04 - 2011-05-26 13:28 - 00000000 ____D C:\Dienstprogramme
2013-10-27 00:00 - 2013-10-26 23:59 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-26 19:22 - 2013-10-26 19:22 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\Malwarebytes
2013-10-26 19:21 - 2013-10-26 19:21 - 00000897 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-26 19:21 - 2013-10-26 19:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-26 19:20 - 2013-10-26 19:20 - 00000000 ____D C:\Dienstprogramme)
2013-10-26 19:18 - 2013-10-26 19:17 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Ruben Alemán\Desktop\mbam-setup-1.75.0.1300.exe
2013-10-26 14:40 - 2013-10-26 14:40 - 103108672 _____ C:\Windows\SysWOW64\鬎͞Ž
2013-10-26 12:15 - 2013-07-06 01:52 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-26 10:08 - 2013-10-01 17:38 - 00000047 _____ C:\Users\Ruben Alemán\Desktop\Neues Textdokument (3).txt
2013-10-23 16:08 - 2013-10-23 12:18 - 102551358 _____ C:\Windows\SysWOW64\皜퀜™
2013-10-22 18:23 - 2013-10-22 17:12 - 00000000 ____D C:\Users\Ruben Alemán\Documents\BloodBowlLegendary
2013-10-22 17:10 - 2011-03-27 00:52 - 00364554 _____ C:\Windows\DirectX.log
2013-10-22 13:14 - 2012-10-04 22:09 - 00000000 ____D C:\Spiele
2013-10-22 13:04 - 2013-10-22 13:04 - 00000217 _____ C:\Users\Ruben Alemán\Desktop\Blood Bowl Legendary Edition.url
2013-10-22 12:50 - 2013-09-16 14:05 - 00000000 ____D C:\Program Files (x86)\Google
2013-10-22 12:50 - 2012-01-10 22:45 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Local\Google
2013-10-22 12:15 - 2012-09-20 02:18 - 00000000 ____D C:\Filme
2013-10-20 15:02 - 2013-10-18 19:55 - 102068998 _____ C:\Windows\SysWOW64\妲⪋
2013-10-19 12:53 - 2013-10-19 12:54 - 01017344 _____ C:\Users\Ruben Alemán\Desktop\Anima_Base_Templates_2nd_Gen.xls
2013-10-17 13:43 - 2013-10-17 13:42 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\Material Erstis
2013-10-15 17:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-10-13 16:12 - 2013-10-13 16:12 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\Fotos Album
2013-10-13 16:12 - 2013-10-13 16:12 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\Bilder Urlaub
2013-10-13 16:11 - 2013-10-13 16:03 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\fotos choza 12_13
2013-10-13 16:03 - 2013-10-13 16:00 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\argentinien12-13
2013-10-13 15:03 - 2013-10-13 15:03 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\Studium
2013-10-12 19:56 - 2013-10-12 19:56 - 100651105 _____ C:\Windows\SysWOW64\濮坑›
2013-10-12 16:40 - 2013-10-12 13:57 - 100615351 _____ C:\Windows\SysWOW64\컦禶
2013-10-11 20:47 - 2013-10-11 20:42 - 72166699 _____ C:\Users\Ruben Alemán\Desktop\dtrpg-2013-10-11_02-43pm.zip
2013-10-11 14:11 - 2013-09-16 14:05 - 00004118 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-11 14:11 - 2013-09-16 14:05 - 00003866 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-11 11:17 - 2013-10-11 11:14 - 00003741 _____ C:\Users\Ruben Alemán\Documents\Dragon Age Origins 1.05.log
2013-10-11 09:01 - 2009-07-14 05:45 - 00417888 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 00:22 - 2011-06-20 21:12 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-11 00:19 - 2013-03-16 04:16 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 00:19 - 2013-03-16 04:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-11 00:13 - 2011-03-30 15:23 - 01601618 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-11 00:07 - 2013-07-18 08:04 - 00000000 ____D C:\Windows\system32\MRT
2013-10-11 00:04 - 2011-05-28 10:06 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 19:28 - 2013-10-09 12:51 - 100305510 _____ C:\Windows\SysWOW64\扙湙3
2013-10-10 17:26 - 2013-10-10 17:26 - 00000000 ____D C:\Users\Ruben Alemán\Documents\BioWare
2013-10-10 17:16 - 2013-10-10 16:46 - 00021568 _____ C:\Users\Ruben Alemán\Documents\Install Dragon Age Origins.log
2013-10-10 17:15 - 2013-10-10 17:15 - 00000782 _____ C:\Users\Public\Desktop\Dragon Age Origins.lnk
2013-10-10 07:27 - 2012-07-21 02:48 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-10 00:16 - 2012-06-07 21:53 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-10 00:16 - 2011-05-26 12:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 12:49 - 2012-03-25 11:53 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\Dropbox
2013-10-09 12:49 - 2011-03-30 15:18 - 00000000 ___RD C:\Users\Ruben Alemán\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-08 21:02 - 2013-10-08 21:02 - 99859239 _____ C:\Windows\SysWOW64\禯燺¢
2013-10-07 07:46 - 2013-07-30 13:57 - 00000000 ___RD C:\Users\Ruben Alemán\Dropbox
2013-10-05 17:41 - 2011-06-02 17:50 - 00000000 ___RD C:\Users\Ruben Alemán\Desktop\Musik
2013-10-05 17:39 - 2013-04-21 17:42 - 00000000 ____D C:\Users\Ruben Alemán\Desktop\P & P Rollenspiele
2013-10-04 06:49 - 2011-07-30 11:08 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Local\Mozilla
2013-10-03 12:50 - 2012-06-07 21:47 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Local\Microsoft Games
2013-10-03 12:49 - 2011-05-28 01:47 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-10-03 11:58 - 2013-10-03 11:58 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Local\ActiveState
2013-10-02 21:38 - 2013-10-02 21:33 - 00000000 ____D C:\Perl64
2013-10-02 21:08 - 2013-10-02 21:08 - 00001885 _____ C:\Users\Public\Desktop\Mobile Connection Manager.lnk
2013-10-02 21:08 - 2013-10-02 21:08 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
2013-10-02 21:08 - 2013-10-02 21:08 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\TGCMLog
2013-10-02 21:08 - 2013-10-02 21:08 - 00000000 ____D C:\Users\Ruben Alemán\AppData\Roaming\Telefónica
2013-10-02 21:08 - 2013-10-02 21:07 - 00000000 ____D C:\Program Files (x86)\HUAWEI Modem Driver
2013-10-02 09:13 - 2013-10-02 09:13 - 00000000 ____D C:\Diensttprogramme

Files to move or delete:
====================
ZeroAccess:
C:\Users\Ruben Alemán\AppData\Local\Google\Desktop\Install
C:\Users\Ruben Alemán\ijl15.dll
C:\Users\Ruben Alemán\JPGI.dll
C:\Users\Ruben Alemán\unicows.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-26 17:51

==================== End Of Log ============================

--- --- ---

29.10.2013, 15:30	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	TR/APS von Avira Antivir gefunden MBAR hat noch einiges gefunden, laut Anleitung sollst du einen neuen Scan mit MBAR machen wenn es was gefunden und per CleanUp gelöscht hat __________________ Logfiles bitte immer in CODE-Tags posten

29.10.2013, 15:48	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	TR/APS von Avira Antivir gefunden Letzes Log von FRST ist unvollständig __________________ Logfiles bitte immer in CODE-Tags posten

TR/APS von Avira Antivir gefunden

Log-Analyse und Auswertung: TR/APS von Avira Antivir gefunden