Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   wajam nicht möglich die deinstallierung (https://www.trojaner-board.de/154327-wajam-moeglich-deinstallierung.html)

wolfgus 25.05.2014 10:45
wajam nicht möglich die deinstallierung
 
Liste der Anhänge anzeigen (Anzahl: 2)
_Wajam kam ohne das ich es merkte auf mein PC W7 hp (spanisch Software)
ich versuchte es dann mit Anti Malware zu entfernen, scheinbar wurde einiges entfernt
das Tool ist in keinem Browser Explorer, Chrome ,Firerfox zu finden dennoch habe ich den Systemdateien noch den Eintrag ,
siehe Archive ..
bitte Nachsicht bin überhaupt kein Experte
danke

schrauber 25.05.2014 17:59
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


wolfgus 25.05.2014 18:30
Hallo schrauber
tut mir leid weiß nicht wie ich diese Dateien hier hochladen soll..?
Aha ! habs eben gefunden, musste Erweitert klicken

hier sind sie
danke wolfgus

schrauber 26.05.2014 12:43
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

wolfgus 26.05.2014 13:03
so mueste es richtig sein
danke
wolfgus


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 01
Ran by Gustavo at 2014-05-25 19:14:53
Running from E:\Users\Gustavo\Favoritos
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: G Data TotalProtection (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G Data TotalProtection (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: G Data Cortafuegos personal (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}

==================== Installed Programs ======================

Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
CameraHelperMsi (x32 Version: 13.31.1038.0 - Logitech) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4291 - CDBurnerXP)
ClocX (1.6.0) (HKLM-x32\...\ClocX) (Version:  - )
Compresor WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
Duden Home (HKLM-x32\...\{288A423E-D6CA-47C3-B480-D1203EB08949}) (Version: 10.1.0 - Bibliographisches Institut GmbH)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Estudio para la mejora del producto HP ENVY 4500 series (HKLM\...\{0D7948B4-815F-4E16-8FD6-9B57A4693D59}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
FactuSOL (HKLM-x32\...\{6E26F091-10F1-4399-B96E-F8E5A0EFCFC6}) (Version: 1.0.0 - Sofware del Sol, S.A.)
FreeFileSync 6.3 (HKLM-x32\...\FreeFileSync) (Version: 6.3 - Zenju)
G Data TotalProtection (HKLM-x32\...\{6715BEB5-01F1-41AC-B44B-0A78CD50C433}) (Version: 25.0.1.0 - G Data Software AG)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{8E29C1CE-346A-3F59-AE22-8C5B7F230498}) (Version: 5.3.1.18536 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Google+ Auto Backup (HKCU\...\Google+ Auto Backup) (Version: 1.0.25.133 - Google, Inc.)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HP ENVY 4500 series Ayuda (HKLM-x32\...\{083DCC02-5EB2-48B0-8BFF-F2D367F5AFB7}) (Version: 30.0.0 - Hewlett Packard)
HP ENVY 4500 series Software básico del dispositivo (HKLM\...\{AD10A96D-D988-4E81-A368-07EAB96E4F7A}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Image Resizer Powertoy Clone for Windows (64 bit) (HKLM\...\{C862EC05-1C15-4327-B15D-C7788D6CFF73}) (Version: 2.1.1 - Brice Lambson)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.738.1 - Intel Corporation) Hidden
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Kernel EML Viewer ver 11.05.01 (HKLM-x32\...\Kernel EML Viewer_is1) (Version:  - Lepide Software Pvt.Ltd.)
Logitech Vid (HKLM-x32\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.30 - Logitech Inc.)
LWS Facebook (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.31.1044.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.30.1395.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Video Mask Maker (x32 Version: 13.30.1379.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
MAGIX Online Druck Service (HKLM-x32\...\MAGIX Online Druck Service D) (Version: 3.4.3.0 - MAGIX AG)
MAGIX Screenshare (HKLM-x32\...\MAGIX Screenshare D) (Version: 4.3.6.1987 - MAGIX AG)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (ESN) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel 2007 Help Actualización (KB963678) (HKLM-x32\...\{90120000-0016-0C0A-0000-0000000FF1CE}_ENTERPRISE_{59E09C3D-4878-47D9-87DB-6D0018026889}) (Version:  - Microsoft)
Microsoft Office Excel MUI (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Spanish) 2007 (Beta) (x32 Version: 12.0.4017.1006 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook 2007 Help Actualización (KB963677) (HKLM-x32\...\{90120000-001A-0C0A-0000-0000000FF1CE}_ENTERPRISE_{59C244C2-0C37-4E85-8F7E-DBDD3958B694}) (Version:  - Microsoft)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0C0A-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Outlook MUI (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Powerpoint 2007 Help Actualización (KB963669) (HKLM-x32\...\{90120000-0018-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F318245D-05AE-4681-A749-A036CE44AF29}) (Version:  - Microsoft)
Microsoft Office PowerPoint MUI (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Basque) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Catalan) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Galician) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Spanish) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word 2007 Help Actualización (KB963665) (HKLM-x32\...\{90120000-001B-0C0A-0000-0000000FF1CE}_ENTERPRISE_{377BA42A-1C84-45D6-94B8-6D00887D172D}) (Version:  - Microsoft)
Microsoft Office Word MUI (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 es-ES) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 es-ES)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM-x32\...\{9B4E6CB9-E54D-47F7-A414-E2D5740E1034}) (Version: 7.02.8507 - Nero AG)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Paquete de controladores de Logitech Webcam Software (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.2414.0 - CyberLink Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.0.13091_9 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Nombre de su organización)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Nombre de su organización) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.34.0 - SAMSUNG Electronics Co., Ltd.)
SiSoftware Sandra Lite 2014.SP1a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 20.21.2014.3 - SiSoftware)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.12 - Safer-Networking Ltd.)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
TuneUp Utilities 2014 (es-ES) (x32 Version: 14.0.1000.296 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.296 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.296 - TuneUp Software) Hidden
UBitMenuES (HKLM-x32\...\{E8F0AD28-DC4F-4b0e-B718-99868F3A8BB1}_is1) (Version: 01.04 - UBit Schweiz AG)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F31C6FC9-7DD0-421D-B2D0-64AF8252BAE7}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{2720451F-5D04-43EC-AB1F-26D948FD971B}) (Version:  - Microsoft)
Visual C++ 9.0 ATL (x86) WinSXS MSM (x32 Version: 9.0 - Microsoft Corporation) Hidden
XnView 2.22 (HKLM-x32\...\XnView_is1) (Version: 2.22 - Gougelet Pierre-e)

==================== Restore Points  =========================

03-05-2014 10:10:02 Windows Update
06-05-2014 15:03:23 Windows Update
13-05-2014 06:53:59 Windows Update
14-05-2014 07:28:21 Windows Update
21-05-2014 07:26:42 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {2D19A57C-4A7D-47D3-98F9-DA9DBD2F8EB6} - System32\Tasks\Programa de actualización online de Adobe => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {3F266C17-BE44-4DFF-82BB-4CD88712070E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-15] (Adobe Systems Incorporated)
Task: {491B1F3B-7181-4ABE-99E0-9FB5202348A6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2878377782-3803237397-3956691555-1000UA => C:\Users\Gustavo\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-14] (Google Inc.)
Task: {61391E22-3EF6-4832-8D33-E2B2C7CB6890} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {68F5C469-AD5B-4F8A-A0BC-3FB03E32C762} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {7CBBD12D-9D87-4469-9FB8-03D32EA17FE3} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.)
Task: {94E34F9E-9582-46CB-B203-273E0DD6A0CD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-05] (Google Inc.)
Task: {A9FF2BDE-0F52-462F-A006-2EF964DE7CDD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {ABB95F11-28C6-4B90-B60D-F164F5EF14F7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2878377782-3803237397-3956691555-1000Core => C:\Users\Gustavo\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-14] (Google Inc.)
Task: {CCD6D9DB-E258-4865-A20A-A5E9BBF87D67} - System32\Tasks\Google Updater and Installer => C:\Users\Gustavo\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-14] (Google Inc.)
Task: {D07BDA2D-010F-4517-8C2C-4C2541C9649C} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2013-05-30] (Hewlett-Packard)
Task: {F996C2E5-7B16-4585-A94E-8D7A088F691B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-05] (Google Inc.)
Task: {FD2B22A2-D19C-4F21-B526-CFB27FA535E5} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-04-15] (TuneUp Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2878377782-3803237397-3956691555-1000Core.job => C:\Users\Gustavo\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2878377782-3803237397-3956691555-1000UA.job => C:\Users\Gustavo\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-11-29 17:54 - 2005-08-08 06:54 - 00167936 ____N () C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
2013-11-28 13:42 - 2012-08-24 01:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-11-22 10:59 - 2011-11-22 10:59 - 00018432 _____ () C:\Users\Gustavo\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe
2014-04-15 15:59 - 2014-04-15 15:59 - 00675640 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2013-12-19 04:42 - 2013-12-19 04:42 - 00350840 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2009-02-26 14:46 - 2009-02-26 14:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2013-09-02 02:06 - 2013-09-02 02:06 - 00525856 _____ () C:\Program Files (x86)\Duden\Duden Korrektor\adxloader.dll
2013-09-02 02:06 - 2013-09-02 02:06 - 00495616 _____ () C:\Program Files (x86)\Duden\Duden Korrektor\Interop.Word.dll
2013-09-02 02:06 - 2013-09-02 02:06 - 00786432 _____ () C:\Program Files (x86)\Duden\Duden Korrektor\Interop.Access.dll
2013-09-02 02:06 - 2013-09-02 02:06 - 00950272 _____ () C:\Program Files (x86)\Duden\Duden Korrektor\Interop.Excel.dll
2013-09-02 02:06 - 2013-09-02 02:06 - 00065536 _____ () C:\Program Files (x86)\Duden\Duden Korrektor\Interop.FrontPage.dll
2013-09-02 02:06 - 2013-09-02 02:06 - 00286720 _____ () C:\Program Files (x86)\Duden\Duden Korrektor\Interop.Outlook.dll
2013-09-02 02:06 - 2013-09-02 02:06 - 00204800 _____ () C:\Program Files (x86)\Duden\Duden Korrektor\Interop.PowerPoint.dll
2011-06-22 12:46 - 2011-06-22 12:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-09-02 02:06 - 2013-09-02 02:06 - 00151552 _____ () C:\Program Files (x86)\Duden\Duden Korrektor\Interop.Office.dll
2013-09-02 02:06 - 2013-09-02 02:06 - 00339456 _____ () C:\Program Files (x86)\Duden\Duden Korrektor\MBControls.dll
2013-09-02 02:05 - 2013-09-02 02:05 - 00098304 _____ () C:\Program Files (x86)\Duden\Duden Korrektor\CSegmentation.dll
2013-09-02 02:05 - 2013-09-02 02:05 - 00603136 _____ () C:\Program Files (x86)\Duden\Duden Korrektor\CTokenizer.dll
2013-09-02 02:06 - 2013-09-02 02:06 - 00286720 _____ () C:\Program Files (x86)\Duden\Duden Korrektor\GAMORPHDPF.dll
2013-09-02 02:06 - 2013-09-02 02:06 - 00099328 _____ () C:\Program Files (x86)\Duden\Duden Korrektor\DpfDict.dll
2013-09-02 02:06 - 2013-09-02 02:06 - 00112128 _____ () C:\Program Files (x86)\Duden\Duden Korrektor\SGAnalyseSP.dll
2013-09-02 02:06 - 2013-09-02 02:06 - 00767488 _____ () C:\Program Files (x86)\Duden\Duden Korrektor\sprt4-2-3.dll
2013-07-10 19:07 - 2013-07-10 19:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2014-05-25 10:48 - 2012-11-13 14:06 - 00108960 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-05-25 10:48 - 2012-11-13 14:06 - 00416160 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-05-25 10:48 - 2012-11-13 14:06 - 00158624 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2004-09-03 18:07 - 2004-09-03 18:07 - 00024576 _____ () C:\Program Files (x86)\ClocX\Plugins\HelloWorld.dll
2011-08-12 13:18 - 2011-08-12 13:18 - 02145304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2011-08-12 13:18 - 2011-08-12 13:18 - 07956504 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2011-08-12 13:18 - 2011-08-12 13:18 - 00342552 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2011-08-12 13:18 - 2011-08-12 13:18 - 00029208 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-08-12 13:18 - 2011-08-12 13:18 - 00128536 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2013-11-28 13:39 - 2012-07-18 12:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-05-25 10:48 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-05-25 10:48 - 2012-11-13 14:06 - 00528288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2014-05-25 10:48 - 2012-11-13 14:06 - 00554400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/25/2014 09:59:11 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Error al generar el contexto de activación de "1". Error en el manifiesto o el archivo de directiva "2", línea 3.
El elemento de la raíz del archivo de manifiesto debe ser un ensamblado.

Error: (05/24/2014 11:00:25 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Error al generar el contexto de activación de "1". Error en el manifiesto o el archivo de directiva "2", línea 3.
El elemento de la raíz del archivo de manifiesto debe ser un ensamblado.

Error: (05/23/2014 02:18:32 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Error al generar el contexto de activación de "1". Error en el manifiesto o el archivo de directiva "2", línea 3.
El elemento de la raíz del archivo de manifiesto debe ser un ensamblado.

Error: (05/22/2014 07:04:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa firefox.exe, versión 29.0.1.5239, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.

Identificador de proceso: 15c4

Hora de inicio: 01cf75ddf980d7d0

Hora de finalización: 27

Ruta de acceso de la aplicación: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Identificador de informe: 13b05da5-e1d3-11e3-b277-94de80c7e644

Error: (05/22/2014 02:12:50 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Error al generar el contexto de activación de "1". Error en el manifiesto o el archivo de directiva "2", línea 3.
El elemento de la raíz del archivo de manifiesto debe ser un ensamblado.

Error: (05/21/2014 10:03:00 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Error al generar el contexto de activación de "1". Error en el manifiesto o el archivo de directiva "2", línea 3.
El elemento de la raíz del archivo de manifiesto debe ser un ensamblado.

Error: (05/20/2014 05:05:27 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Error al generar el contexto de activación de "1". Error en el manifiesto o el archivo de directiva "2", línea 3.
El elemento de la raíz del archivo de manifiesto debe ser un ensamblado.

Error: (05/19/2014 01:53:15 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Error al generar el contexto de activación de "1". Error en el manifiesto o el archivo de directiva "2", línea 3.
El elemento de la raíz del archivo de manifiesto debe ser un ensamblado.

Error: (05/15/2014 05:25:25 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Error al generar el contexto de activación de "1". Error en el manifiesto o el archivo de directiva "2", línea 3.
El elemento de la raíz del archivo de manifiesto debe ser un ensamblado.

Error: (05/14/2014 09:51:56 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Error al generar el contexto de activación para "Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
No se encontró el ensamblado dependiente Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Use sxstrace.exe para obtener un diagnóstico detallado.


System errors:
=============
Error: (05/24/2014 06:40:44 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: No se pudo registrar el nombre "WORKGROUP      :1d" en la interfaz con dirección IP 192.168.1.128.
El equipo la con dirección IP 192.168.1.1 no admite el nombre reclamado por este equipo.

Error: (05/23/2014 05:54:58 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: No se pudo registrar el nombre "WORKGROUP      :1d" en la interfaz con dirección IP 192.168.1.128.
El equipo la con dirección IP 192.168.1.1 no admite el nombre reclamado por este equipo.

Error: (05/23/2014 05:54:57 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: No se pudo registrar el nombre "WORKGROUP      :1d" en la interfaz con dirección IP 192.168.1.128.
El equipo la con dirección IP 192.168.1.1 no admite el nombre reclamado por este equipo.

Error: (05/22/2014 05:21:27 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: No se pudo registrar el nombre "WORKGROUP      :1d" en la interfaz con dirección IP 192.168.1.128.
El equipo la con dirección IP 192.168.1.1 no admite el nombre reclamado por este equipo.

Error: (05/22/2014 05:21:25 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: No se pudo registrar el nombre "WORKGROUP      :1d" en la interfaz con dirección IP 192.168.1.128.
El equipo la con dirección IP 192.168.1.1 no admite el nombre reclamado por este equipo.

Error: (05/21/2014 08:34:56 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: No se pudo registrar el nombre "WORKGROUP      :1d" en la interfaz con dirección IP 192.168.1.128.
El equipo la con dirección IP 192.168.1.1 no admite el nombre reclamado por este equipo.

Error: (05/21/2014 08:34:55 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: No se pudo registrar el nombre "WORKGROUP      :1d" en la interfaz con dirección IP 192.168.1.128.
El equipo la con dirección IP 192.168.1.1 no admite el nombre reclamado por este equipo.

Error: (05/21/2014 05:43:41 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: No se pudo registrar el nombre "WORKGROUP      :1d" en la interfaz con dirección IP 192.168.1.128.
El equipo la con dirección IP 192.168.1.1 no admite el nombre reclamado por este equipo.

Error: (05/21/2014 01:09:46 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: No se pudo registrar el nombre "WORKGROUP      :1d" en la interfaz con dirección IP 192.168.1.128.
El equipo la con dirección IP 192.168.1.1 no admite el nombre reclamado por este equipo.

Error: (05/20/2014 04:07:43 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: No se pudo registrar el nombre "WORKGROUP      :1d" en la interfaz con dirección IP 192.168.1.128.
El equipo la con dirección IP 192.168.1.1 no admite el nombre reclamado por este equipo.


Microsoft Office Sessions:
=========================
Error: (11/30/2013 00:53:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 985 seconds with 60 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-11-29 19:47:02.845
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

  Date: 2013-11-29 19:47:02.736
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

  Date: 2013-11-29 19:47:02.627
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

  Date: 2013-11-29 19:47:02.518
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

  Date: 2013-11-29 19:47:02.408
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

  Date: 2013-11-29 19:47:02.299
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

  Date: 2013-11-29 19:47:02.206
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

  Date: 2013-11-29 19:47:02.096
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

  Date: 2013-11-29 19:47:01.987
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

  Date: 2013-11-29 19:45:47.519
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe porque el conjunto de hashes de imagen por página no se encuentra en el sistema.




FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 01
Ran by Gustavo (administrator) on GUSTAVO-PC on 25-05-2014 19:14:26
Running from E:\Users\Gustavo\Favoritos
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Spanish Modern Sort
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlx64.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe
(G Data Software AG) C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe
(G Data Software AG) C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
() C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
() C:\Users\Gustavo\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(G Data Software AG) C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe
(BonSoft) C:\Program Files (x86)\ClocX\ClocX.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(G Data Software AG) C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl] => C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [56928 2006-11-23] (Cyberlink Corp.)
HKLM-x32\...\Run: [LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe [54832 2006-12-05] ()
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe [1724728 2013-12-19] (G Data Software AG)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ClocX] => C:\Program Files (x86)\ClocX\ClocX.exe [2090496 2013-01-14] (BonSoft)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [G Data ASM] => C:\Program Files (x86)\G Data\TotalProtection\DelayLoader\AutorunDelayLoader.exe [431224 2013-12-19] (G Data Software AG)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\program files (x86)\g data\totalprotection\avkkid\avkcks.exe,C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2878377782-3803237397-3956691555-1000\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3421216 2013-08-13] (Hewlett-Packard Co.)
HKU\S-1-5-21-2878377782-3803237397-3956691555-1000\...\Run: [Microsoft Office Outlook] => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [13018808 2014-01-29] (Microsoft Corporation)
HKU\S-1-5-21-2878377782-3803237397-3956691555-1000\...\Run: [KiesPreload] => E:\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
HKU\S-1-5-21-2878377782-3803237397-3956691555-1000\...\Run: [] => E:\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-14] (Samsung)
HKU\S-1-5-21-2878377782-3803237397-3956691555-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
IFEO\backitup.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\cdspeed.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\coverdes.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\drivespeed.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\hpwucli.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\infotool.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\kiesagent.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\nero.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\nerostartsmart.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\neroupgrade.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\powerdvd.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\setup.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\setupx.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.es/homepage/search/sp-ie10.html#instructions-ie-dse
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: StumbleUpon - {DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} - C:\Users\Gustavo\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll (StumbleUpon Inc.)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 87.216.1.65 87.216.1.66

FireFox:
========
FF ProfilePath: C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\96n977ht.default-1398013833412
FF Homepage: hxxp://www.bancopopular.es/popular-web/empresas/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Gustavo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Gustavo\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Gustavo\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Gustavo\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\96n977ht.default-1398013833412\user.js
FF Plugin ProgramFiles/Appdata: C:\Users\Gustavo\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Gustavo\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\drae.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-es.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-es.xml
FF Extension: Wörterbuch Deutsch (de-DE), Hunspell-unterstützt - C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\96n977ht.default-1398013833412\Extensions\de_DE@dicts.j3e.de [2014-04-21]
FF Extension: British English Dictionary - C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\96n977ht.default-1398013833412\Extensions\en-GB@dictionaries.addons.mozilla.org [2014-04-21]
FF Extension: United States English Spellchecker - C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\96n977ht.default-1398013833412\Extensions\en-US@dictionaries.addons.mozilla.org [2014-04-21]
FF Extension: Diccionario de Español/España - C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\96n977ht.default-1398013833412\Extensions\es-es@dictionaries.addons.mozilla.org [2014-04-21]
FF Extension: Gmail Watcher - C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\96n977ht.default-1398013833412\Extensions\gmailwatcher@sonthakit.xpi [2014-04-21]
FF Extension: Hotmail Watcher - C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\96n977ht.default-1398013833412\Extensions\hotmailwatcher@sonthakit.xpi [2014-04-21]
FF Extension: Flagfox - C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\96n977ht.default-1398013833412\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-04-21]
FF Extension: Adblock Plus - C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\96n977ht.default-1398013833412\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-22]
FF Extension: Tab Mix Plus - C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\96n977ht.default-1398013833412\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-04-21]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://www.bancopopular.es/popular-web/404.aspx?Opt=grupo", "https://www.google.com/intl/de/chrome/browser/welcome.html", "hxxp://www.bancopopular.es/popular-web/404.aspx?Opt=grupo", "hxxp://www.bancopopular.es/popular-web/404.aspx?Opt=grupo"
CHR Extension: (Google Docs) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-05]
CHR Extension: (Google Drive) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-05]
CHR Extension: (YouTube) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-05]
CHR Extension: (Búsqueda de Google) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-05]
CHR Extension: (Dictionary by Dictionary.com) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gikhgcaliglmioibbockkmjknfnepbdh [2013-12-05]
CHR Extension: (Google Mail Checker) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-05-15]
CHR Extension: (Print) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiefodmmloajakmcfnpnjpkldellhlj [2013-12-05]
CHR Extension: (Google Wallet) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-05]
CHR Extension: (StumbleUpon) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgifblbjgdjhcelbanblbhkhmbnnmhfg [2014-05-15]
CHR Extension: (Gmail) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-05]
CHR HKLM-x32\...\Chrome\Extension: [pgifblbjgdjhcelbanblbhkhmbnnmhfg] - C:\Users\Gustavo\AppData\LocalLow\StumbleUpon\CHROME\StumbleUpon.crx [2011-11-22]

==================== Services (Whitelisted) =================

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2244728 2014-02-12] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlx64.exe [2722888 2014-01-30] (G Data Software AG)
R2 GDBackupSvc; C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe [3829880 2014-02-05] (G Data Software AG)
R3 GDFwSvc; C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe [2992760 2014-01-30] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700024 2014-02-03] (G Data Software AG)
S3 GDTunerSvc; C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe [1637496 2013-12-19] (G Data Software AG)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-05] (Intel Corporation)
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-05-08] (Nero AG)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [167936 2005-08-08] ()
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP1a\RpcAgentSrv.exe [72344 2008-02-17] (SiSoftware)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 StumbleUponUpdater; C:\Users\Gustavo\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe [18432 2011-11-22] ()
S3 TSNxGService; C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe [255608 2014-02-03] (G Data Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2140984 2014-04-15] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [57344 2014-04-21] (G Data Software AG)
R3 gddcd; C:\Windows\system32\drivers\gddcd64.sys [78848 2014-04-21] (G Data Software AG)
R1 gddcv; C:\Windows\system32\drivers\gddcv64.sys [58880 2014-04-21] (G Data Software AG)
R3 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [22016 2014-04-21] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [135168 2014-04-21] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [68608 2014-04-21] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64000 2014-04-21] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-05-14] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [65024 2014-04-21] (G Data Software AG)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R0 TS4NT; C:\Windows\System32\Drivers\TS4nt.sys [98760 2014-04-21] (G Data Software)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-25 19:13 - 2014-05-25 19:14 - 00000000 ____D () C:\FRST
2014-05-25 11:33 - 2014-05-25 11:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-25 11:33 - 2014-05-25 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-25 11:33 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-25 11:33 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-25 11:33 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-25 10:48 - 2014-05-25 18:41 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-25 10:48 - 2014-05-25 11:10 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-25 10:48 - 2014-05-25 10:48 - 00002189 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-05-25 10:48 - 2014-05-25 10:48 - 00002177 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-05-25 10:48 - 2014-05-25 10:48 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-05-25 10:48 - 2014-05-25 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-05-25 10:48 - 2009-01-25 12:14 - 00017272 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-05-25 10:07 - 2014-05-25 11:33 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-25 10:07 - 2014-05-25 11:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-25 10:07 - 2014-05-25 10:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-24 19:54 - 2014-05-24 19:54 - 00003090 _____ () C:\Windows\System32\Tasks\{A641CAF6-359E-4FB7-B3AC-22EA03D9859E}
2014-05-24 19:52 - 2014-05-24 19:52 - 00003090 _____ () C:\Windows\System32\Tasks\{AAB230D5-BA94-428D-8C04-0B4A9F9DD2D7}
2014-05-14 09:51 - 2014-05-14 09:51 - 00000000 ____D () C:\Users\Gustavo\AppData\Local\MAGIX
2014-05-14 09:50 - 2014-05-14 09:50 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-05-14 09:31 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 09:31 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 09:31 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 09:31 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 09:31 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 09:31 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 08:59 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 08:59 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 08:59 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 08:59 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 08:59 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 08:59 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 08:59 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 08:59 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 08:59 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 08:59 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 08:59 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 08:59 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 08:59 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 08:59 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 08:59 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 08:59 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 08:59 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 08:59 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 08:59 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 08:59 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 08:59 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 08:59 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 08:59 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 08:59 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 08:59 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 08:59 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 08:59 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 08:59 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 08:59 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 08:59 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 08:59 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 08:59 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 08:59 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 08:59 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 08:59 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 08:59 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 08:59 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 08:59 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 08:59 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 08:59 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 08:59 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 08:59 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 08:59 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 08:59 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 08:59 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-13 12:14 - 2014-05-13 12:15 - 00003996 _____ () C:\Users\Gustavo\Desktop\Gastos  mensual empresa 2014 - Acceso directo.lnk
2014-05-10 11:16 - 2014-05-10 11:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-06 17:03 - 2014-05-14 09:32 - 00000000 ___SD () C:\Windows\system32\CompatTel

==================== One Month Modified Files and Folders =======

2014-05-25 19:14 - 2014-05-25 19:13 - 00000000 ____D () C:\FRST
2014-05-25 19:14 - 2013-11-30 13:44 - 00000000 ____D () C:\Users\Gustavo\AppData\Roaming\Skype
2014-05-25 19:11 - 2013-11-29 21:45 - 00000838 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-25 18:45 - 2009-07-14 06:45 - 00023568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-25 18:45 - 2009-07-14 06:45 - 00023568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-25 18:43 - 2009-07-14 11:31 - 00751032 _____ () C:\Windows\system32\perfh00A.dat
2014-05-25 18:43 - 2009-07-14 11:31 - 00160074 _____ () C:\Windows\system32\perfc00A.dat
2014-05-25 18:43 - 2009-07-14 07:13 - 01685896 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-25 18:41 - 2014-05-25 10:48 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-25 18:41 - 2013-11-28 13:36 - 01292861 _____ () C:\Windows\WindowsUpdate.log
2014-05-25 18:38 - 2013-11-29 17:54 - 00000000 ____D () C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-05-25 18:38 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-25 18:38 - 2009-07-14 06:51 - 00075664 _____ () C:\Windows\setupact.log
2014-05-25 11:48 - 2014-02-10 12:49 - 00018160 _____ (G Data Software) C:\Windows\system32\Drivers\GdPhyMem.sys
2014-05-25 11:33 - 2014-05-25 11:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-25 11:33 - 2014-05-25 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-25 11:33 - 2014-05-25 10:07 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-25 11:33 - 2014-05-25 10:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-25 11:10 - 2014-05-25 10:48 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-25 10:48 - 2014-05-25 10:48 - 00002189 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-05-25 10:48 - 2014-05-25 10:48 - 00002177 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-05-25 10:48 - 2014-05-25 10:48 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-05-25 10:48 - 2014-05-25 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-05-25 10:07 - 2014-05-25 10:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-25 09:41 - 2014-02-23 18:57 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2878377782-3803237397-3956691555-1000UA.job
2014-05-25 09:41 - 2014-02-23 18:57 - 00001066 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2878377782-3803237397-3956691555-1000Core.job
2014-05-25 09:41 - 2013-12-05 11:26 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-25 09:41 - 2013-12-05 11:26 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-24 20:33 - 2014-02-23 18:57 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2878377782-3803237397-3956691555-1000UA
2014-05-24 20:33 - 2014-02-23 18:57 - 00003712 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2878377782-3803237397-3956691555-1000Core
2014-05-24 20:33 - 2013-12-05 11:26 - 00004110 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-24 20:33 - 2013-12-05 11:26 - 00003858 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-24 19:54 - 2014-05-24 19:54 - 00003090 _____ () C:\Windows\System32\Tasks\{A641CAF6-359E-4FB7-B3AC-22EA03D9859E}
2014-05-24 19:52 - 2014-05-24 19:52 - 00003090 _____ () C:\Windows\System32\Tasks\{AAB230D5-BA94-428D-8C04-0B4A9F9DD2D7}
2014-05-24 18:40 - 2013-11-28 18:10 - 00783332 _____ () C:\Windows\PFRO.log
2014-05-23 18:37 - 2013-12-04 18:57 - 00046080 _____ () C:\Users\Gustavo\Desktop\AHaushalt Alimentacion.xls
2014-05-18 11:17 - 2014-01-17 11:18 - 00003694 _____ () C:\Windows\System32\Tasks\Programa de actualización online de Adobe
2014-05-17 11:14 - 2013-11-29 17:53 - 00000000 ____D () C:\Users\Gustavo\AppData\Roaming\Mozilla
2014-05-17 10:55 - 2013-12-05 11:27 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-16 10:01 - 2013-11-29 21:31 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-15 17:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-15 09:11 - 2013-11-29 21:45 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-15 09:11 - 2013-11-29 21:45 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 09:11 - 2013-11-29 21:45 - 00003776 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 14:06 - 2014-02-10 12:49 - 00106272 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys
2014-05-14 09:51 - 2014-05-14 09:51 - 00000000 ____D () C:\Users\Gustavo\AppData\Local\MAGIX
2014-05-14 09:51 - 2014-03-17 18:52 - 00000000 ____D () C:\ProgramData\MAGIX
2014-05-14 09:51 - 2014-03-17 18:52 - 00000000 ____D () C:\Program Files (x86)\MAGIX
2014-05-14 09:51 - 2014-03-17 18:50 - 00000000 ____D () C:\Users\Gustavo\AppData\Roaming\MAGIX
2014-05-14 09:50 - 2014-05-14 09:50 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-05-14 09:33 - 2013-11-28 13:36 - 00000000 ___RD () C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-14 09:33 - 2013-11-28 13:36 - 00000000 ___RD () C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 09:32 - 2014-05-06 17:03 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 09:31 - 2013-11-28 19:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 09:30 - 2013-11-28 13:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 09:29 - 2013-11-28 13:55 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-13 12:15 - 2014-05-13 12:14 - 00003996 _____ () C:\Users\Gustavo\Desktop\Gastos  mensual empresa 2014 - Acceso directo.lnk
2014-05-13 12:15 - 2014-04-17 11:18 - 00000000 ____D () C:\Users\Gustavo\AppData\Roaming\XnView
2014-05-12 08:39 - 2013-12-20 19:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-12 07:26 - 2014-05-25 11:33 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-25 11:33 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-25 11:33 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-10 11:16 - 2014-05-10 11:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 08:14 - 2014-05-14 08:59 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 08:59 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-06 06:40 - 2014-05-14 09:31 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-14 09:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-14 09:31 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-14 09:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-14 09:31 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-14 09:31 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-02 11:24 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-29 10:52 - 2013-11-30 15:20 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2014

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-19 13:53

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 27.05.2014 12:11
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

wolfgus 27.05.2014 17:54
Hallo Schrauber

Wajam ist nicht mehr im PC, vermutlich mit spybot gelöscht
muchas gracias
wolfgus

Hallo Schrauber, entschuldige scheinbar war wajam doch noch da aber jetzt mit ADWcleaner ist er gelöscht sorry, für die Fehlinfo (denn unter denn installierten Programmen, war er verschwunden? aber irgendwie war dieses beschis.... tool Wajam nicht komplett im PC installiert, denn er war in keinem Browser zu finden?) bin ziemlich unbedarft in diesem Thema. jetzt dürfte ER gelöscht sein...Danke wolfgus
hier der AWD Bericht:

AdwCleaner Logfile:
Code:
# AdwCleaner v3.211 - Reporte Creado 27/05/2014 en 18:36:13
# Actualizado 26/05/2014 por Xplode
# Sistema Operativo : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nombre de usuario : Gustavo - GUSTAVO-PC
# Ejecutado desde : C:\Users\Gustavo\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\f8b34e3b5e6e337aa6491ee3f713f8f5\adwcleaner_3.211.exe
# Opción : Limpiar

***** [ Servicios ] *****

Servicio Borrar : StumbleUponUpdater

***** [ Archivos / Carpetas ] *****

Carpeta Borrar : C:\Program Files (x86)\SearchProtect
Carpeta Borrar : C:\Users\Gustavo\AppData\Local\Temp\OCS
Carpeta Borrar : C:\Users\Gustavo\AppData\LocalLow\StumbleUpon
Carpeta Borrar : E:\Users\Gustavo\Documents\PC Speed Maximizer
Carpeta Borrar : C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgifblbjgdjhcelbanblbhkhmbnnmhfg
Archivo Borrar : C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\96n977ht.default-1398013833412\user.js

***** [ Accesos directos ] *****


***** [ Registro ] *****

Clave Borrar : HKLM\SOFTWARE\Google\Chrome\Extensions\pgifblbjgdjhcelbanblbhkhmbnnmhfg
Clave Borrar : HKLM\SOFTWARE\Classes\AppID\StumbleUpon.DLL
Clave Borrar : HKLM\SOFTWARE\Classes\StumbleUpon.QTimeCpio
Clave Borrar : HKLM\SOFTWARE\Classes\StumbleUpon.QTimeCpio.1
Clave Borrar : HKLM\SOFTWARE\Classes\AppID\{50F7F0BE-31BA-4145-BD8B-6B0DECFED804}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}
Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}
Clave Borrar : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}
Clave Borrar : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}
Clave Borrar : HKCU\Software\Conduit
Clave Borrar : HKCU\Software\OCS
Clave Borrar : HKCU\Software\Software
Clave Borrar : HKCU\Software\StumbleUpon
Clave Borrar : HKCU\Software\Wajam
Clave Borrar : HKCU\Software\AppDataLow\Software
Clave Borrar : HKLM\Software\Wajam

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (es-ES)

[ Archivo : C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\96n977ht.default-1398013833412\prefs.js ]


-\\ Google Chrome v34.0.1847.137

[ Archivo : C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Borrar [Extension] : pgifblbjgdjhcelbanblbhkhmbnnmhfg

*************************

AdwCleaner[R1].txt - [3111 octets] - [27/05/2014 18:34:29]
AdwCleaner[S1].txt - [2629 octets] - [27/05/2014 18:36:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2689 octets] ##########
--- --- ---

Nachfrage: sollte man all dies Anti Malwaretools auf seinem PC belassen oder lieber deinstallieren : -AntMalware, Spybot, ADWcliener etc.
saludos wolfgus

schrauber 28.05.2014 11:59
Erstmal lassen.


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

wolfgus 28.05.2014 13:09
okay danke
wolfgus

schrauber 29.05.2014 13:51
ich warte dann auf Logs :)

wolfgus 29.05.2014 16:36
Hallo Schrauber entschuldige , aber ich hatte hier eine Antwort hier gegeben dass wajam total verschwunden ist, evtl. durch spybot. verstehe nicht?
gerne hier die logs:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 01
Ran by Gustavo (administrator) on GUSTAVO-PC on 25-05-2014 19:14:26
Running from E:\Users\Gustavo\Favoritos
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Spanish Modern Sort
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlx64.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe
(G Data Software AG) C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe
(G Data Software AG) C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
() C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
() C:\Users\Gustavo\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(G Data Software AG) C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe
(BonSoft) C:\Program Files (x86)\ClocX\ClocX.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(G Data Software AG) C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl] => C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe [56928 2006-11-23] (Cyberlink Corp.)
HKLM-x32\...\Run: [LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe [54832 2006-12-05] ()
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe [1724728 2013-12-19] (G Data Software AG)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ClocX] => C:\Program Files (x86)\ClocX\ClocX.exe [2090496 2013-01-14] (BonSoft)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [G Data ASM] => C:\Program Files (x86)\G Data\TotalProtection\DelayLoader\AutorunDelayLoader.exe [431224 2013-12-19] (G Data Software AG)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\program files (x86)\g data\totalprotection\avkkid\avkcks.exe,C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe,
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2878377782-3803237397-3956691555-1000\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3421216 2013-08-13] (Hewlett-Packard Co.)
HKU\S-1-5-21-2878377782-3803237397-3956691555-1000\...\Run: [Microsoft Office Outlook] => C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE [13018808 2014-01-29] (Microsoft Corporation)
HKU\S-1-5-21-2878377782-3803237397-3956691555-1000\...\Run: [KiesPreload] => E:\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
HKU\S-1-5-21-2878377782-3803237397-3956691555-1000\...\Run: [] => E:\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-14] (Samsung)
HKU\S-1-5-21-2878377782-3803237397-3956691555-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
IFEO\backitup.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\cdspeed.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\coverdes.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\drivespeed.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\hpwucli.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\infotool.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\kiesagent.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\nero.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\nerostartsmart.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\neroupgrade.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\powerdvd.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\setup.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\setupx.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.es/homepage/search/sp-ie10.html#instructions-ie-dse
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: StumbleUpon - {DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} - C:\Users\Gustavo\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll (StumbleUpon Inc.)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 87.216.1.65 87.216.1.66

FireFox:
========
FF ProfilePath: C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\96n977ht.default-1398013833412
FF Homepage: hxxp://www.bancopopular.es/popular-web/empresas/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Gustavo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Gustavo\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Gustavo\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Gustavo\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\96n977ht.default-1398013833412\user.js
FF Plugin ProgramFiles/Appdata: C:\Users\Gustavo\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Gustavo\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\drae.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-es.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-es.xml
FF Extension: Wörterbuch Deutsch (de-DE), Hunspell-unterstützt - C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\96n977ht.default-1398013833412\Extensions\de_DE@dicts.j3e.de [2014-04-21]
FF Extension: British English Dictionary - C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\96n977ht.default-1398013833412\Extensions\en-GB@dictionaries.addons.mozilla.org [2014-04-21]
FF Extension: United States English Spellchecker - C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\96n977ht.default-1398013833412\Extensions\en-US@dictionaries.addons.mozilla.org [2014-04-21]
FF Extension: Diccionario de Español/España - C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\96n977ht.default-1398013833412\Extensions\es-es@dictionaries.addons.mozilla.org [2014-04-21]
FF Extension: Gmail Watcher - C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\96n977ht.default-1398013833412\Extensions\gmailwatcher@sonthakit.xpi [2014-04-21]
FF Extension: Hotmail Watcher - C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\96n977ht.default-1398013833412\Extensions\hotmailwatcher@sonthakit.xpi [2014-04-21]
FF Extension: Flagfox - C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\96n977ht.default-1398013833412\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-04-21]
FF Extension: Adblock Plus - C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\96n977ht.default-1398013833412\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-22]
FF Extension: Tab Mix Plus - C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\96n977ht.default-1398013833412\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-04-21]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://www.bancopopular.es/popular-web/404.aspx?Opt=grupo", "https://www.google.com/intl/de/chrome/browser/welcome.html", "hxxp://www.bancopopular.es/popular-web/404.aspx?Opt=grupo", "hxxp://www.bancopopular.es/popular-web/404.aspx?Opt=grupo"
CHR Extension: (Google Docs) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-05]
CHR Extension: (Google Drive) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-05]
CHR Extension: (YouTube) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-05]
CHR Extension: (Búsqueda de Google) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-05]
CHR Extension: (Dictionary by Dictionary.com) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gikhgcaliglmioibbockkmjknfnepbdh [2013-12-05]
CHR Extension: (Google Mail Checker) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-05-15]
CHR Extension: (Print) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiefodmmloajakmcfnpnjpkldellhlj [2013-12-05]
CHR Extension: (Google Wallet) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-05]
CHR Extension: (StumbleUpon) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgifblbjgdjhcelbanblbhkhmbnnmhfg [2014-05-15]
CHR Extension: (Gmail) - C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-05]
CHR HKLM-x32\...\Chrome\Extension: [pgifblbjgdjhcelbanblbhkhmbnnmhfg] - C:\Users\Gustavo\AppData\LocalLow\StumbleUpon\CHROME\StumbleUpon.crx [2011-11-22]

==================== Services (Whitelisted) =================

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2244728 2014-02-12] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlx64.exe [2722888 2014-01-30] (G Data Software AG)
R2 GDBackupSvc; C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe [3829880 2014-02-05] (G Data Software AG)
R3 GDFwSvc; C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe [2992760 2014-01-30] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700024 2014-02-03] (G Data Software AG)
S3 GDTunerSvc; C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe [1637496 2013-12-19] (G Data Software AG)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-05] (Intel Corporation)
S4 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-05-08] (Nero AG)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [167936 2005-08-08] ()
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP1a\RpcAgentSrv.exe [72344 2008-02-17] (SiSoftware)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 StumbleUponUpdater; C:\Users\Gustavo\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe [18432 2011-11-22] ()
S3 TSNxGService; C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe [255608 2014-02-03] (G Data Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2140984 2014-04-15] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [57344 2014-04-21] (G Data Software AG)
R3 gddcd; C:\Windows\system32\drivers\gddcd64.sys [78848 2014-04-21] (G Data Software AG)
R1 gddcv; C:\Windows\system32\drivers\gddcv64.sys [58880 2014-04-21] (G Data Software AG)
R3 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [22016 2014-04-21] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [135168 2014-04-21] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [68608 2014-04-21] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64000 2014-04-21] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-05-14] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [65024 2014-04-21] (G Data Software AG)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R0 TS4NT; C:\Windows\System32\Drivers\TS4nt.sys [98760 2014-04-21] (G Data Software)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-25 19:13 - 2014-05-25 19:14 - 00000000 ____D () C:\FRST
2014-05-25 11:33 - 2014-05-25 11:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-25 11:33 - 2014-05-25 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-25 11:33 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-25 11:33 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-25 11:33 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-25 10:48 - 2014-05-25 18:41 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-25 10:48 - 2014-05-25 11:10 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-25 10:48 - 2014-05-25 10:48 - 00002189 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-05-25 10:48 - 2014-05-25 10:48 - 00002177 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-05-25 10:48 - 2014-05-25 10:48 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-05-25 10:48 - 2014-05-25 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-05-25 10:48 - 2009-01-25 12:14 - 00017272 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-05-25 10:07 - 2014-05-25 11:33 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-25 10:07 - 2014-05-25 11:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-25 10:07 - 2014-05-25 10:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-24 19:54 - 2014-05-24 19:54 - 00003090 _____ () C:\Windows\System32\Tasks\{A641CAF6-359E-4FB7-B3AC-22EA03D9859E}
2014-05-24 19:52 - 2014-05-24 19:52 - 00003090 _____ () C:\Windows\System32\Tasks\{AAB230D5-BA94-428D-8C04-0B4A9F9DD2D7}
2014-05-14 09:51 - 2014-05-14 09:51 - 00000000 ____D () C:\Users\Gustavo\AppData\Local\MAGIX
2014-05-14 09:50 - 2014-05-14 09:50 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-05-14 09:31 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 09:31 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 09:31 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 09:31 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 09:31 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 09:31 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 08:59 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 08:59 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 08:59 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 08:59 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 08:59 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 08:59 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 08:59 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 08:59 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 08:59 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 08:59 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 08:59 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 08:59 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 08:59 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 08:59 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 08:59 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 08:59 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 08:59 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 08:59 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 08:59 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 08:59 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 08:59 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 08:59 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 08:59 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 08:59 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 08:59 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 08:59 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 08:59 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 08:59 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 08:59 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 08:59 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 08:59 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 08:59 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 08:59 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 08:59 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 08:59 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 08:59 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 08:59 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 08:59 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 08:59 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 08:59 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 08:59 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 08:59 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 08:59 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 08:59 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 08:59 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-13 12:14 - 2014-05-13 12:15 - 00003996 _____ () C:\Users\Gustavo\Desktop\Gastos  mensual empresa 2014 - Acceso directo.lnk
2014-05-10 11:16 - 2014-05-10 11:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-06 17:03 - 2014-05-14 09:32 - 00000000 ___SD () C:\Windows\system32\CompatTel

==================== One Month Modified Files and Folders =======

2014-05-25 19:14 - 2014-05-25 19:13 - 00000000 ____D () C:\FRST
2014-05-25 19:14 - 2013-11-30 13:44 - 00000000 ____D () C:\Users\Gustavo\AppData\Roaming\Skype
2014-05-25 19:11 - 2013-11-29 21:45 - 00000838 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-25 18:45 - 2009-07-14 06:45 - 00023568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-25 18:45 - 2009-07-14 06:45 - 00023568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-25 18:43 - 2009-07-14 11:31 - 00751032 _____ () C:\Windows\system32\perfh00A.dat
2014-05-25 18:43 - 2009-07-14 11:31 - 00160074 _____ () C:\Windows\system32\perfc00A.dat
2014-05-25 18:43 - 2009-07-14 07:13 - 01685896 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-25 18:41 - 2014-05-25 10:48 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-25 18:41 - 2013-11-28 13:36 - 01292861 _____ () C:\Windows\WindowsUpdate.log
2014-05-25 18:38 - 2013-11-29 17:54 - 00000000 ____D () C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-05-25 18:38 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-25 18:38 - 2009-07-14 06:51 - 00075664 _____ () C:\Windows\setupact.log
2014-05-25 11:48 - 2014-02-10 12:49 - 00018160 _____ (G Data Software) C:\Windows\system32\Drivers\GdPhyMem.sys
2014-05-25 11:33 - 2014-05-25 11:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-25 11:33 - 2014-05-25 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-25 11:33 - 2014-05-25 10:07 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-25 11:33 - 2014-05-25 10:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-25 11:10 - 2014-05-25 10:48 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-25 10:48 - 2014-05-25 10:48 - 00002189 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-05-25 10:48 - 2014-05-25 10:48 - 00002177 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-05-25 10:48 - 2014-05-25 10:48 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-05-25 10:48 - 2014-05-25 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-05-25 10:07 - 2014-05-25 10:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-25 09:41 - 2014-02-23 18:57 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2878377782-3803237397-3956691555-1000UA.job
2014-05-25 09:41 - 2014-02-23 18:57 - 00001066 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2878377782-3803237397-3956691555-1000Core.job
2014-05-25 09:41 - 2013-12-05 11:26 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-25 09:41 - 2013-12-05 11:26 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-24 20:33 - 2014-02-23 18:57 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2878377782-3803237397-3956691555-1000UA
2014-05-24 20:33 - 2014-02-23 18:57 - 00003712 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2878377782-3803237397-3956691555-1000Core
2014-05-24 20:33 - 2013-12-05 11:26 - 00004110 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-24 20:33 - 2013-12-05 11:26 - 00003858 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-24 19:54 - 2014-05-24 19:54 - 00003090 _____ () C:\Windows\System32\Tasks\{A641CAF6-359E-4FB7-B3AC-22EA03D9859E}
2014-05-24 19:52 - 2014-05-24 19:52 - 00003090 _____ () C:\Windows\System32\Tasks\{AAB230D5-BA94-428D-8C04-0B4A9F9DD2D7}
2014-05-24 18:40 - 2013-11-28 18:10 - 00783332 _____ () C:\Windows\PFRO.log
2014-05-23 18:37 - 2013-12-04 18:57 - 00046080 _____ () C:\Users\Gustavo\Desktop\AHaushalt Alimentacion.xls
2014-05-18 11:17 - 2014-01-17 11:18 - 00003694 _____ () C:\Windows\System32\Tasks\Programa de actualización online de Adobe
2014-05-17 11:14 - 2013-11-29 17:53 - 00000000 ____D () C:\Users\Gustavo\AppData\Roaming\Mozilla
2014-05-17 10:55 - 2013-12-05 11:27 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-16 10:01 - 2013-11-29 21:31 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-15 17:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-15 09:11 - 2013-11-29 21:45 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-15 09:11 - 2013-11-29 21:45 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-15 09:11 - 2013-11-29 21:45 - 00003776 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 14:06 - 2014-02-10 12:49 - 00106272 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys
2014-05-14 09:51 - 2014-05-14 09:51 - 00000000 ____D () C:\Users\Gustavo\AppData\Local\MAGIX
2014-05-14 09:51 - 2014-03-17 18:52 - 00000000 ____D () C:\ProgramData\MAGIX
2014-05-14 09:51 - 2014-03-17 18:52 - 00000000 ____D () C:\Program Files (x86)\MAGIX
2014-05-14 09:51 - 2014-03-17 18:50 - 00000000 ____D () C:\Users\Gustavo\AppData\Roaming\MAGIX
2014-05-14 09:50 - 2014-05-14 09:50 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-05-14 09:33 - 2013-11-28 13:36 - 00000000 ___RD () C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-14 09:33 - 2013-11-28 13:36 - 00000000 ___RD () C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 09:32 - 2014-05-06 17:03 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 09:31 - 2013-11-28 19:47 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 09:30 - 2013-11-28 13:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 09:29 - 2013-11-28 13:55 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-13 12:15 - 2014-05-13 12:14 - 00003996 _____ () C:\Users\Gustavo\Desktop\Gastos  mensual empresa 2014 - Acceso directo.lnk
2014-05-13 12:15 - 2014-04-17 11:18 - 00000000 ____D () C:\Users\Gustavo\AppData\Roaming\XnView
2014-05-12 08:39 - 2013-12-20 19:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-12 07:26 - 2014-05-25 11:33 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-25 11:33 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-25 11:33 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-10 11:16 - 2014-05-10 11:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 08:14 - 2014-05-14 08:59 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 08:59 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-06 06:40 - 2014-05-14 09:31 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-14 09:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-14 09:31 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-14 09:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-14 09:31 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-14 09:31 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-02 11:24 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-29 10:52 - 2013-11-30 15:20 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2014

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-19 13:53

==================== End Of Log ============================
--- --- ---
ybot?

schrauber 30.05.2014 15:35
also keine Probleme mehr? :)

wolfgus 30.05.2014 16:56
Also keine Probleme mehr? ja sieht aus Schrauber !
Scheinbar hast du ja auch nichts im Log(buch) gefunden!

Danke vielmals! empfehle diese Forum gerne weiter
saludos
wolfgus

schrauber 31.05.2014 15:15
Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:05 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131