Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: windows7 Redirect Virus

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 12.03.2014, 21:27   #1
Puig
 
windows7 Redirect Virus - Standard

windows7 Redirect Virus



Habe ein Redirect Problem und zusätzlich permanent Werbe-Popups, sowie ein Programm namens "spyhunter" installiert, dass sich nicht deinstallieren lässt.
Ansonsten alle Schritte der Anleitung befolgt.
Musste Dateien anhängen, da zu gross.

Alt 12.03.2014, 22:03   #2
schrauber
/// the machine
/// TB-Ausbilder
 

windows7 Redirect Virus - Standard

windows7 Redirect Virus



Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.


So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 13.03.2014, 18:32   #3
Puig
 
windows7 Redirect Virus - Standard

windows7 Redirect Virus



Habe ein Redirect Virus Problem und zusätzlich permanent Werbe-Popups, sowie ein Programm namens "spyhunter" installiert, dass sich nicht deinstallieren lässt.
Ansonsten alle Schritte der Anleitung befolgt. Wie gestern von Dir gewünscht hier die Log Files in mehreren Posts:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:17 on 12/03/2014 (Andreas)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2014
Ran by Andreas (administrator) on ANDREAS-HP on 12-03-2014 19:25:26
Running from C:\Users\Andreas\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Spanish Modern Sort
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
() c:\Program Files\SavingsbullFilter\SavingsbullFilterService64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
() C:\Program Files (x86)\Whilokii\updateWhilokii.exe
() C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Users\Andreas\AppData\Local\Context2pro\contextfr.exe
() C:\Users\Andreas\AppData\Local\Context2pro\conadvanced.exe
(Somoto) C:\Users\Andreas\AppData\Local\FilesFrog Update Checker\update_checker.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
() C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-10] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [525312 2010-12-17] (IDT, Inc.)
HKLM\...\Run: [SetDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPQuickWebProxy] - C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-07-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\qttask.exe [155648 2012-05-23] (Apple Computer, Inc.)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPConnectionManager] - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-09-13] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [UIExec] - C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe [156448 2012-05-04] ()
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-11] (AVAST Software)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-02-25] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2334838483-4133862729-1016828376-1001\...\Run: [Wallpaper Changer] - C:\Program Files (x86)\Wallpaper Changer\Wallpaper Changer.exe /minimized
HKU\S-1-5-21-2334838483-4133862729-1016828376-1001\...\Run: [contextfr] - C:\Users\Andreas\AppData\Local\Context2pro\contextfr.exe [527976 2013-03-20] ()
HKU\S-1-5-21-2334838483-4133862729-1016828376-1001\...\Run: [conadvanced] - C:\Users\Andreas\AppData\Local\Context2pro\conadvanced.exe [555112 2013-03-20] ()
HKU\S-1-5-21-2334838483-4133862729-1016828376-1001\...\Run: [contextprod] - C:\Users\Andreas\AppData\Local\Context2pro\contextprod.exe [555112 2013-03-20] ()
HKU\S-1-5-21-2334838483-4133862729-1016828376-1001\...\Run: [SDP] - C:\Users\Andreas\AppData\Local\FilesFrog Update Checker\update_checker.exe [201808 2013-01-31] (Somoto)
HKU\S-1-5-21-2334838483-4133862729-1016828376-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-2334838483-4133862729-1016828376-1001\...\MountPoints2: G - G:\AutoRun.exe
HKU\S-1-5-21-2334838483-4133862729-1016828376-1001\...\MountPoints2: {4b45e640-1d2e-11e3-bf14-ec9a744d861a} - G:\AutoRun.exe
Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Supervisar alertas de tinta - HP Officejet 4620 series.lnk
ShortcutTarget: Supervisar alertas de tinta - HP Officejet 4620 series.lnk -> C:\Program Files\HP\HP Officejet 4620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1392155160&from=tugs&uid=HitachiXHTS547575A9E384_J2540054DYL3ZEDYL3ZEX
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1392155160&from=tugs&uid=HitachiXHTS547575A9E384_J2540054DYL3ZEDYL3ZEX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1392155160&from=tugs&uid=HitachiXHTS547575A9E384_J2540054DYL3ZEDYL3ZEX
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1392155160&from=tugs&uid=HitachiXHTS547575A9E384_J2540054DYL3ZEDYL3ZEX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1392155160&from=tugs&uid=HitachiXHTS547575A9E384_J2540054DYL3ZEDYL3ZEX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1392155160&from=tugs&uid=HitachiXHTS547575A9E384_J2540054DYL3ZEDYL3ZEX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1392155160&from=tugs&uid=HitachiXHTS547575A9E384_J2540054DYL3ZEDYL3ZEX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1392155160&from=tugs&uid=HitachiXHTS547575A9E384_J2540054DYL3ZEDYL3ZEX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1392155160&from=tugs&uid=HitachiXHTS547575A9E384_J2540054DYL3ZEDYL3ZEX&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1392155160&from=tugs&uid=HitachiXHTS547575A9E384_J2540054DYL3ZEDYL3ZEX
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1392155160&from=tugs&uid=HitachiXHTS547575A9E384_J2540054DYL3ZEDYL3ZEX&q={searchTerms}
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1392155160&from=tugs&uid=HitachiXHTS547575A9E384_J2540054DYL3ZEDYL3ZEX&q={searchTerms}
SearchScopes: HKLM - {39201A40-FC19-4B3A-9C4F-667BB6A02AB1} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=105&systemid=473&v=a11465-148&apn_uid=2331992103804423&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://es.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/1185-111090-7840-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1392155160&from=tugs&uid=HitachiXHTS547575A9E384_J2540054DYL3ZEDYL3ZEX&q={searchTerms}
SearchScopes: HKLM-x32 - {39201A40-FC19-4B3A-9C4F-667BB6A02AB1} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=105&systemid=473&v=a11465-148&apn_uid=2331992103804423&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKLM-x32 - {84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^ZO^xdm015^YY^de&si=translateye&ptb=E5563457-8A77-4BB1-91B3-E8F1A638103D&ind=2013061913&n=77fce319&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://es.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/1185-111090-7840-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - 371749EC7A94488FB1ECF9797D04316C URL = hxxp://start.funmoods.com/results.php?f=4&a=promose&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B49420107A190DAD&affID=119357&tt=240913_238&tsp=5019
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1392155160&from=tugs&uid=HitachiXHTS547575A9E384_J2540054DYL3ZEDYL3ZEX&q={searchTerms}
SearchScopes: HKCU - {39201A40-FC19-4B3A-9C4F-667BB6A02AB1} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=105&systemid=473&v=a9397-148&apn_uid=2331992103804423&apn_dtid=BND473&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKCU - {84dc9f6c-c9a5-4c64-ab67-d6ef60f963c8} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^ZO^xdm015^YY^de&si=translateye&ptb=E5563457-8A77-4BB1-91B3-E8F1A638103D&ind=2013061913&n=77fce319&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {AC3FD9EA-0A53-4EB3-AF72-00BBE159B55A} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=&apn_ptnrs=^U3&apn_dtid=^YYYYYY^YY^ES&apn_uid=20CA8AE6-66BC-41B2-936F-108F6D7889AC&apn_sauid=F1743B9E-1FA7-4A6A-B99E-E48FE91874FE
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://es.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://es.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/1185-111090-7840-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx64.dll (SIEN)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: No Name - {06e05b40-77fa-40b6-9077-ed1a7577b1ef} -  No File
BHO-x32: No Name - {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} -  No File
BHO-x32: No Name - {3444c3c5-6c56-4a16-a453-832b05bf6ea4} -  No File
BHO-x32: No Name - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Aplicación auxiliar de inicio de sesión de Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - No Name - {3444c3c5-6c56-4a16-a453-832b05bf6ea4} -  No File
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {CF67755F-9265-449C-87CF-B945519E073B} -  No File
DPF: HKLM-x32 {2DAB6EF1-66C3-427C-87CD-8DC448C47EAE} https://www5.aeat.es/es13/h/tgvicab.cab
DPF: HKLM-x32 {947B00D2-962D-4A35-9E48-98EE6A442B41} https://www1.agenciatributaria.gob.es/ADUA/internet/aded1503.cab
DPF: HKLM-x32 {B785FA3C-1DE9-4D20-8396-613C486FE95E} https://www1.agenciatributaria.gob.es/es13/h/cactivex.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\st2jilhu.default
FF NewTab: hxxp://www.google.com/firefox
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/firefox
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @UtilityChest_49.com/Plugin - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\NP49Stub.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\st2jilhu.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\st2jilhu.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\st2jilhu.default\searchplugins\Ask.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\st2jilhu.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\st2jilhu.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\st2jilhu.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\st2jilhu.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\st2jilhu.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\drae.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-es.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-es.xml
FF Extension: United States English Spellchecker - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\st2jilhu.default\Extensions\en-US@dictionaries.addons.mozilla.org [2013-03-25]
FF Extension: Quick Start - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\st2jilhu.default\Extensions\quick_start@gmail.com [2014-02-24]
FF Extension: SavingsBull - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\st2jilhu.default\Extensions\SavingsBull@jetpack [2014-02-24]
FF Extension: HP Detect - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\st2jilhu.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2012-06-04]
FF Extension: ep - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\st2jilhu.default\Extensions\jid1-0xtMKhXFEs4jIg@jetpack.xpi [2014-02-20]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-03]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-06-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-06-18]
FF HKLM-x32\...\Firefox\Extensions: [49ffxtbr@UtilityChest_49.com] - C:\Program Files (x86)\UtilityChest_49\bar\1.bin
FF HKLM-x32\...\Firefox\Extensions: [lightningnewtab@gmail.com] - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\st2jilhu.default\extensions\lightningnewtab@gmail.com.xpi
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-06-04]

Chrome: 
=======
CHR HomePage: hxxp://www.awesomehp.com/?type=hp&ts=1392155160&from=tugs&uid=HitachiXHTS547575A9E384_J2540054DYL3ZEDYL3ZEX
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: awesomehp
CHR DefaultSearchProvider: Amazon
CHR DefaultSearchURL: hxxp://www.awesomehp.com/web/?type=ds&ts=1392155160&from=tugs&uid=HitachiXHTS547575A9E384_J2540054DYL3ZEDYL3ZEX&q={searchTerms}
CHR Extension: (Google Docs) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-11]
CHR Extension: (Google Drive) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-11]
CHR Extension: (YouTube) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-11]
CHR Extension: (Google Search) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-11]
CHR Extension: (Value apps) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon [2014-02-11]
CHR Extension: (Skype Click to Call) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-02-25]
CHR Extension: (Google Wallet) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-11]
CHR Extension: (Gmail) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-11]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-02-11]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-05] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-11] (AVAST Software)
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe [710976 2014-01-27] ()
R2 SavingsbullFilterService64; c:\Program Files\SavingsbullFilter\SavingsbullFilterService64.exe [210432 2014-02-12] ()
R2 UI Assistant Service; C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe [274208 2012-05-04] ()
R2 Update Whilokii; C:\Program Files (x86)\Whilokii\updateWhilokii.exe [111896 2014-02-25] ()
R2 Util Whilokii; C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe [111896 2014-02-25] ()
S2 UtilityChest_49Service; C:\PROGRA~2\UTILIT~2\bar\1.bin\49barsvc.exe [X]

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-02-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-02-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-11] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-11] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2014-01-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-02-11] ()
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] ()
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [61592 2013-12-17] (NetFilterSDK.com)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 RSPCIESTOR; system32\DRIVERS\RtsPStor.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-12 19:25 - 2014-03-12 19:25 - 00032550 _____ () C:\Users\Andreas\Desktop\FRST.txt
2014-03-12 19:25 - 2014-03-12 19:25 - 00000000 ____D () C:\FRST
2014-03-12 19:21 - 2014-03-12 19:21 - 02157056 _____ (Farbar) C:\Users\Andreas\Desktop\FRST64.exe
2014-03-12 19:16 - 2014-03-12 19:17 - 00000476 _____ () C:\Users\Andreas\Desktop\defogger_disable.log
2014-03-12 19:16 - 2014-03-12 19:16 - 00000000 _____ () C:\Users\Andreas\defogger_reenable
2014-03-12 19:14 - 2014-03-12 19:14 - 00050477 _____ () C:\Users\Andreas\Desktop\Defogger.exe
2014-03-12 18:42 - 2014-03-12 18:42 - 00389488 _____ (Softonic ) C:\Users\Andreas\Downloads\SoftonicDownloader_para_malwarebytes-anti-malware.exe
2014-03-11 20:57 - 2014-03-12 07:30 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForAndreas.job
2014-03-11 20:57 - 2014-03-11 20:57 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForAndreas
2014-03-11 20:41 - 2014-03-11 20:41 - 553205555 _____ () C:\Windows\MEMORY.DMP
2014-03-11 20:41 - 2014-03-11 20:41 - 00275064 _____ () C:\Windows\Minidump\031114-132039-01.dmp
2014-03-11 20:41 - 2014-03-11 20:41 - 00000000 ____D () C:\Windows\Minidump
2014-03-11 20:20 - 2014-03-11 20:20 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\SpeedyPC Software
2014-03-11 20:20 - 2014-03-11 20:20 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\DriverCure
2014-03-11 20:17 - 2014-03-11 20:35 - 00000000 ____D () C:\ProgramData\SpeedyPC Software
2014-03-11 20:15 - 2014-03-11 20:15 - 05095824 _____ (SpeedyPC Software, Inc.) C:\Users\Andreas\Downloads\SpeedyPC Pro Installer.exe
2014-03-11 18:33 - 2014-03-11 18:33 - 00000000 _____ () C:\autoexec.bat
2014-03-11 18:32 - 2014-03-11 18:32 - 00003338 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2014-03-11 18:32 - 2014-03-11 18:32 - 00002262 _____ () C:\Users\Andreas\Desktop\SpyHunter.lnk
2014-03-11 18:32 - 2014-03-11 18:32 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-03-11 18:32 - 2014-03-11 18:32 - 00000000 ____D () C:\sh4ldr
2014-03-11 18:32 - 2014-03-11 18:32 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-03-11 18:31 - 2014-03-12 18:20 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-03-11 18:27 - 2014-03-11 18:27 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Andreas\Downloads\SpyHunter-Installer.exe
2014-03-11 18:24 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-11 18:24 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-11 18:24 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-11 18:24 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-11 18:24 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-11 18:24 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-11 18:24 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-11 18:24 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-11 18:24 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-11 18:24 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-11 18:24 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-11 18:24 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-11 18:24 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-11 18:24 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-11 18:24 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-11 18:24 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-11 18:24 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-11 18:24 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-11 18:24 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-11 18:24 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-11 18:24 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-11 18:24 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-11 18:24 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-11 18:24 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-11 18:24 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-11 18:24 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-11 18:24 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-11 18:24 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-11 18:24 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-11 18:24 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-11 18:24 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-11 18:24 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-11 18:24 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-11 18:24 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-11 18:24 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-11 18:24 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-11 18:24 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-11 18:24 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-11 18:24 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-11 18:24 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-11 18:24 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-11 18:24 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-11 18:24 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-11 18:24 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-11 18:22 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-11 18:22 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-11 18:22 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-11 18:22 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-10 23:05 - 2014-03-10 23:05 - 00001205 _____ () C:\Users\Andreas\Downloads\FixNCR.reg
2014-03-10 21:00 - 2014-03-10 21:00 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-10 21:00 - 2014-03-10 21:00 - 00000000 ____D () C:\Users\Andreas\AppData\Local\Skype
2014-03-10 19:15 - 2014-03-12 18:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-27 21:57 - 2014-03-12 19:25 - 07653989 _____ () C:\Windows\system32\SavingsBullFilterService.log
2014-02-27 21:57 - 2014-02-27 21:57 - 00000000 _____ () C:\Windows\SysWOW64\Service.log
2014-02-27 21:57 - 2014-02-27 21:57 - 00000000 _____ () C:\Windows\system32\Service.log
2014-02-24 19:26 - 2014-02-24 19:26 - 00002221 _____ () C:\Users\Andreas\Desktop\HP Support Assistant.lnk
2014-02-24 19:21 - 2014-02-24 19:21 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-02-24 19:08 - 2014-03-11 20:33 - 00000000 ____D () C:\Program Files (x86)\SavingsBull
2014-02-19 20:30 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-19 20:30 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-19 20:30 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-19 20:30 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-19 20:29 - 2014-02-19 20:30 - 00005173 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-19 20:19 - 2014-02-19 20:19 - 00000000 ____D () C:\extensions
2014-02-17 22:17 - 2014-02-17 22:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-17 22:01 - 2014-02-17 22:01 - 06790649 _____ () C:\Users\Andreas\Downloads\wordpress-3.8.1-es_ES(1).zip
2014-02-17 21:48 - 2014-02-17 21:59 - 00000022 _____ () C:\Users\Andreas\Downloads\wordpress-3.8.1-es_ES.zip
2014-02-17 21:28 - 2014-02-17 21:33 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-02-17 21:27 - 2014-02-17 21:32 - 00000000 ____D () C:\Program Files (x86)\Systweak Support Dock
2014-02-17 21:27 - 2014-02-17 21:32 - 00000000 ____D () C:\Program Files (x86)\PC Cleaner
2014-02-17 21:27 - 2014-02-17 21:32 - 00000000 ____D () C:\Program Files (x86)\Advanced Disk Recovery
2014-02-13 22:17 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 22:17 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 21:57 - 2014-03-12 18:57 - 00000300 _____ () C:\Windows\Tasks\Digital Sites.job
2014-02-13 21:57 - 2014-02-13 21:57 - 00003248 _____ () C:\Windows\System32\Tasks\Digital Sites
2014-02-13 21:57 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 21:57 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 21:57 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 21:57 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 21:57 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 21:57 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 21:57 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 21:57 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 21:57 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 21:57 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-13 21:57 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-13 21:57 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 21:57 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-13 21:57 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 21:57 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-13 21:57 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-13 21:57 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 21:57 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 21:56 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-13 21:56 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 21:56 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 21:56 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 21:56 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 21:56 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 21:55 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 21:55 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 21:55 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 21:55 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-11 22:57 - 2014-02-11 22:57 - 00001089 _____ () C:\Users\Andreas\Desktop\Continue VuuPC Installation.lnk
2014-02-11 22:47 - 2014-02-11 22:47 - 00000000 ____D () C:\Users\Andreas\Documents\Optimizer Pro
2014-02-11 22:47 - 2014-02-11 22:47 - 00000000 ____D () C:\Users\Andreas\AppData\Local\Conduit
2014-02-11 22:47 - 2014-02-11 22:47 - 00000000 ____D () C:\Program Files\Conduit
2014-02-11 22:47 - 2014-02-11 22:47 - 00000000 ____D () C:\Program Files (x86)\Conduit
2014-02-11 22:46 - 2014-02-27 21:57 - 00000000 ____D () C:\Program Files\SavingsbullFilter
2014-02-11 22:46 - 2014-02-17 21:36 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-02-11 22:46 - 2014-02-17 21:35 - 00000000 ____D () C:\Users\Andreas\AppData\Local\Lollipop
2014-02-11 22:46 - 2014-02-17 21:35 - 00000000 ____D () C:\ProgramData\IePluginService
2014-02-11 22:46 - 2014-02-17 21:35 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-02-11 22:46 - 2014-02-17 21:34 - 00000000 ____D () C:\ProgramData\WPM
2014-02-11 22:46 - 2014-02-11 22:47 - 00000000 _____ () C:\END
2014-02-11 22:46 - 2014-02-11 22:46 - 00000000 ____D () C:\Program Files\Level Quality Watcher
2014-02-11 22:43 - 2014-02-11 22:43 - 00500784 _____ () C:\Users\Andreas\Downloads\Player.exe
2014-02-11 20:48 - 2014-03-04 22:10 - 00002397 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-11 20:46 - 2014-03-12 19:03 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-11 20:46 - 2014-03-12 18:11 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-11 20:46 - 2014-02-11 20:58 - 00004098 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-11 20:46 - 2014-02-11 20:58 - 00003846 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-11 20:44 - 2014-02-11 20:44 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\AVAST Software
2014-02-11 19:56 - 2014-02-11 19:56 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-02-10 21:57 - 2014-02-10 21:57 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\DigitalSites

==================== One Month Modified Files and Folders =======

2014-03-12 19:25 - 2014-03-12 19:25 - 00032550 _____ () C:\Users\Andreas\Desktop\FRST.txt
2014-03-12 19:25 - 2014-03-12 19:25 - 00000000 ____D () C:\FRST
2014-03-12 19:25 - 2014-02-27 21:57 - 07653989 _____ () C:\Windows\system32\SavingsBullFilterService.log
2014-03-12 19:24 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-12 19:24 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-12 19:21 - 2014-03-12 19:21 - 02157056 _____ (Farbar) C:\Users\Andreas\Desktop\FRST64.exe
2014-03-12 19:19 - 2012-09-12 14:04 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Skype
2014-03-12 19:17 - 2014-03-12 19:16 - 00000476 _____ () C:\Users\Andreas\Desktop\defogger_disable.log
2014-03-12 19:16 - 2014-03-12 19:16 - 00000000 _____ () C:\Users\Andreas\defogger_reenable
2014-03-12 19:16 - 2012-05-15 18:38 - 00000000 ____D () C:\Users\Andreas
2014-03-12 19:14 - 2014-03-12 19:14 - 00050477 _____ () C:\Users\Andreas\Desktop\Defogger.exe
2014-03-12 19:03 - 2014-02-11 20:46 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-12 18:57 - 2014-02-13 21:57 - 00000300 _____ () C:\Windows\Tasks\Digital Sites.job
2014-03-12 18:57 - 2013-09-28 18:57 - 00000166 _____ () C:\Users\Andreas\AppData\Roaming\WB.CFG
2014-03-12 18:57 - 2013-09-28 15:57 - 00000300 _____ () C:\Windows\Tasks\DigitalSite.job
2014-03-12 18:47 - 2012-02-20 11:18 - 01479306 _____ () C:\Windows\WindowsUpdate.log
2014-03-12 18:42 - 2014-03-12 18:42 - 00389488 _____ (Softonic ) C:\Users\Andreas\Downloads\SoftonicDownloader_para_malwarebytes-anti-malware.exe
2014-03-12 18:31 - 2012-05-17 11:33 - 00000838 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-12 18:20 - 2014-03-11 18:31 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-03-12 18:18 - 2014-03-10 19:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-12 18:18 - 2012-05-17 08:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-12 18:13 - 2012-09-24 07:15 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-12 18:11 - 2014-02-11 20:46 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-12 18:10 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-12 18:10 - 2009-07-14 05:51 - 00114880 _____ () C:\Windows\setupact.log
2014-03-12 07:30 - 2014-03-11 20:57 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForAndreas.job
2014-03-12 07:30 - 2009-07-14 05:45 - 00295192 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-11 22:31 - 2012-05-17 11:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 22:31 - 2012-05-17 11:33 - 00003776 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 22:31 - 2011-07-20 21:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 21:57 - 2012-09-12 14:04 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-11 20:57 - 2014-03-11 20:57 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForAndreas
2014-03-11 20:41 - 2014-03-11 20:41 - 553205555 _____ () C:\Windows\MEMORY.DMP
2014-03-11 20:41 - 2014-03-11 20:41 - 00275064 _____ () C:\Windows\Minidump\031114-132039-01.dmp
2014-03-11 20:41 - 2014-03-11 20:41 - 00000000 ____D () C:\Windows\Minidump
2014-03-11 20:41 - 2010-11-21 04:47 - 00778554 _____ () C:\Windows\PFRO.log
2014-03-11 20:35 - 2014-03-11 20:17 - 00000000 ____D () C:\ProgramData\SpeedyPC Software
2014-03-11 20:33 - 2014-02-24 19:08 - 00000000 ____D () C:\Program Files (x86)\SavingsBull
2014-03-11 20:20 - 2014-03-11 20:20 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\SpeedyPC Software
2014-03-11 20:20 - 2014-03-11 20:20 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\DriverCure
2014-03-11 20:15 - 2014-03-11 20:15 - 05095824 _____ (SpeedyPC Software, Inc.) C:\Users\Andreas\Downloads\SpeedyPC Pro Installer.exe
2014-03-11 19:33 - 2012-05-15 18:39 - 00003994 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{81EDD4D1-C001-44A4-A67F-76F8783CE17C}
2014-03-11 18:33 - 2014-03-11 18:33 - 00000000 _____ () C:\autoexec.bat
2014-03-11 18:32 - 2014-03-11 18:32 - 00003338 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2014-03-11 18:32 - 2014-03-11 18:32 - 00002262 _____ () C:\Users\Andreas\Desktop\SpyHunter.lnk
2014-03-11 18:32 - 2014-03-11 18:32 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-03-11 18:32 - 2014-03-11 18:32 - 00000000 ____D () C:\sh4ldr
2014-03-11 18:32 - 2014-03-11 18:32 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-03-11 18:27 - 2014-03-11 18:27 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Andreas\Downloads\SpyHunter-Installer.exe
2014-03-10 23:05 - 2014-03-10 23:05 - 00001205 _____ () C:\Users\Andreas\Downloads\FixNCR.reg
2014-03-10 22:52 - 2012-02-20 11:28 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-03-10 22:52 - 2011-07-20 21:55 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-10 21:00 - 2014-03-10 21:00 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-10 21:00 - 2014-03-10 21:00 - 00000000 ____D () C:\Users\Andreas\AppData\Local\Skype
2014-03-10 21:00 - 2012-09-12 14:04 - 00000000 ____D () C:\ProgramData\Skype
2014-03-10 19:20 - 2012-05-23 17:26 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\SoftGrid Client
2014-03-10 19:01 - 2011-07-21 06:53 - 00748422 _____ () C:\Windows\system32\perfh00A.dat
2014-03-10 19:01 - 2011-07-21 06:53 - 00159604 _____ () C:\Windows\system32\perfc00A.dat
2014-03-10 19:01 - 2009-07-14 06:13 - 01679834 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-10 18:48 - 2012-08-01 17:22 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-03-06 21:47 - 2012-05-17 08:24 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-03-06 21:46 - 2012-05-17 08:47 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-03-05 22:23 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-05 22:20 - 2012-06-01 09:31 - 00000000 ____D () C:\Users\Andreas\AppData\Local\CrashDumps
2014-03-04 22:10 - 2014-02-11 20:48 - 00002397 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-01 07:05 - 2014-03-11 18:24 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-11 18:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-11 18:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-11 18:24 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-11 18:24 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-11 18:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-11 18:24 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-11 18:24 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-11 18:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-11 18:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-11 18:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-11 18:24 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-11 18:24 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-11 18:24 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-11 18:24 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-11 18:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-11 18:24 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-11 18:24 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-11 18:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-11 18:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-11 18:24 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-11 18:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-11 18:24 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-11 18:24 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-11 18:24 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-11 18:24 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-11 18:24 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-11 18:24 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-11 18:24 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-11 18:24 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-11 18:24 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-11 18:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-11 18:24 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-11 18:24 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-11 18:24 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-11 18:24 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-11 18:24 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-11 18:24 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-11 18:24 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-11 18:24 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-27 21:57 - 2014-02-27 21:57 - 00000000 _____ () C:\Windows\SysWOW64\Service.log
2014-02-27 21:57 - 2014-02-27 21:57 - 00000000 _____ () C:\Windows\system32\Service.log
2014-02-27 21:57 - 2014-02-11 22:46 - 00000000 ____D () C:\Program Files\SavingsbullFilter
2014-02-27 20:13 - 2012-02-20 11:25 - 01654420 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-24 22:03 - 2009-07-14 06:08 - 00032520 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-24 19:26 - 2014-02-24 19:26 - 00002221 _____ () C:\Users\Andreas\Desktop\HP Support Assistant.lnk
2014-02-24 19:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Help
2014-02-24 19:22 - 2011-07-20 21:32 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-02-24 19:21 - 2014-02-24 19:21 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-02-24 19:19 - 2011-07-20 21:44 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-02-24 19:18 - 2011-02-10 20:23 - 00000000 ____D () C:\SWSetup
2014-02-19 20:30 - 2014-02-19 20:29 - 00005173 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-19 20:30 - 2012-10-02 07:26 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-19 20:19 - 2014-02-19 20:19 - 00000000 ____D () C:\extensions
2014-02-17 23:30 - 2013-08-15 17:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 23:27 - 2012-06-04 11:12 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-17 22:17 - 2014-02-17 22:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-17 22:01 - 2014-02-17 22:01 - 06790649 _____ () C:\Users\Andreas\Downloads\wordpress-3.8.1-es_ES(1).zip
2014-02-17 21:59 - 2014-02-17 21:48 - 00000022 _____ () C:\Users\Andreas\Downloads\wordpress-3.8.1-es_ES.zip
2014-02-17 21:36 - 2014-02-11 22:46 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-02-17 21:35 - 2014-02-11 22:46 - 00000000 ____D () C:\Users\Andreas\AppData\Local\Lollipop
2014-02-17 21:35 - 2014-02-11 22:46 - 00000000 ____D () C:\ProgramData\IePluginService
2014-02-17 21:35 - 2014-02-11 22:46 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-02-17 21:35 - 2012-05-15 18:39 - 00000000 ___RD () C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-17 21:34 - 2014-02-11 22:46 - 00000000 ____D () C:\ProgramData\WPM
2014-02-17 21:33 - 2014-02-17 21:28 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-02-17 21:32 - 2014-02-17 21:27 - 00000000 ____D () C:\Program Files (x86)\Systweak Support Dock
2014-02-17 21:32 - 2014-02-17 21:27 - 00000000 ____D () C:\Program Files (x86)\PC Cleaner
2014-02-17 21:32 - 2014-02-17 21:27 - 00000000 ____D () C:\Program Files (x86)\Advanced Disk Recovery
2014-02-17 21:32 - 2012-05-30 17:04 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Systweak
2014-02-17 21:27 - 2014-02-09 13:36 - 00000000 ____D () C:\Program Files (x86)\RegClean Pro
2014-02-13 21:57 - 2014-02-13 21:57 - 00003248 _____ () C:\Windows\System32\Tasks\Digital Sites
2014-02-12 21:45 - 2013-09-28 15:55 - 00000000 ____D () C:\Program Files (x86)\Iminent
2014-02-11 22:57 - 2014-02-11 22:57 - 00001089 _____ () C:\Users\Andreas\Desktop\Continue VuuPC Installation.lnk
2014-02-11 22:47 - 2014-02-11 22:47 - 00000000 ____D () C:\Users\Andreas\Documents\Optimizer Pro
2014-02-11 22:47 - 2014-02-11 22:47 - 00000000 ____D () C:\Users\Andreas\AppData\Local\Conduit
2014-02-11 22:47 - 2014-02-11 22:47 - 00000000 ____D () C:\Program Files\Conduit
2014-02-11 22:47 - 2014-02-11 22:47 - 00000000 ____D () C:\Program Files (x86)\Conduit
2014-02-11 22:47 - 2014-02-11 22:46 - 00000000 _____ () C:\END
2014-02-11 22:46 - 2014-02-11 22:46 - 00000000 ____D () C:\Program Files\Level Quality Watcher
2014-02-11 22:46 - 2012-05-17 08:53 - 00001367 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-11 22:46 - 2012-05-15 18:39 - 00001629 _____ () C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-11 22:43 - 2014-02-11 22:43 - 00500784 _____ () C:\Users\Andreas\Downloads\Player.exe
2014-02-11 21:18 - 2011-01-26 14:20 - 00000000 ____D () C:\privat
2014-02-11 21:02 - 2013-09-28 15:57 - 00000000 ____D () C:\Program Files (x86)\BonanzaDealsLive
2014-02-11 20:58 - 2014-02-11 20:46 - 00004098 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-11 20:58 - 2014-02-11 20:46 - 00003846 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-11 20:54 - 2013-09-28 15:57 - 00000000 ____D () C:\Program Files (x86)\BonanzaDeals
2014-02-11 20:53 - 2013-09-28 15:55 - 00000866 _____ () C:\Windows\SysWOW64\InstallUtil.InstallLog
2014-02-11 20:48 - 2012-06-18 06:02 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-11 20:44 - 2014-02-11 20:44 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\AVAST Software
2014-02-11 19:57 - 2012-06-28 07:37 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-11 19:56 - 2014-02-11 19:56 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-02-11 19:56 - 2013-05-17 08:25 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-02-11 19:56 - 2013-05-17 08:25 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-02-11 19:56 - 2012-06-18 06:02 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-11 19:56 - 2012-06-18 06:02 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-11 19:56 - 2012-06-18 06:02 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-11 19:56 - 2012-06-18 06:02 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-02-11 19:56 - 2012-06-18 06:02 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-11 19:56 - 2012-06-18 06:01 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-11 19:51 - 2012-06-18 06:01 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-11 19:50 - 2012-06-18 06:02 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-02-10 21:57 - 2014-02-10 21:57 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\DigitalSites
2014-02-10 19:27 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

Some content of TEMP:
====================
C:\Users\Andreas\AppData\Local\Temp\7z920.exe
C:\Users\Andreas\AppData\Local\Temp\APNSetup.exe
C:\Users\Andreas\AppData\Local\Temp\APNStub.exe
C:\Users\Andreas\AppData\Local\Temp\appshat-distribution.exe
C:\Users\Andreas\AppData\Local\Temp\BabylonTB.exe
C:\Users\Andreas\AppData\Local\Temp\BackupSetup.exe
C:\Users\Andreas\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\Andreas\AppData\Local\Temp\cyclon-assistant-20032013.exe
C:\Users\Andreas\AppData\Local\Temp\Delta.exe
C:\Users\Andreas\AppData\Local\Temp\DeltaTB.exe
C:\Users\Andreas\AppData\Local\Temp\deploy1223275909991171245.dll
C:\Users\Andreas\AppData\Local\Temp\deploy1323444116066942106.dll
C:\Users\Andreas\AppData\Local\Temp\deploy135895251259693102.dll
C:\Users\Andreas\AppData\Local\Temp\deploy1986561114550781015.dll
C:\Users\Andreas\AppData\Local\Temp\deploy2654822834144892004.dll
C:\Users\Andreas\AppData\Local\Temp\deploy2715831815841189176.dll
C:\Users\Andreas\AppData\Local\Temp\deploy2760144987941582024.dll
C:\Users\Andreas\AppData\Local\Temp\deploy3084792971328865821.dll
C:\Users\Andreas\AppData\Local\Temp\deploy3165849169301310498.dll
C:\Users\Andreas\AppData\Local\Temp\deploy3243986059542157333.dll
C:\Users\Andreas\AppData\Local\Temp\deploy3551454936533130080.dll
C:\Users\Andreas\AppData\Local\Temp\deploy3769363320971444804.dll
C:\Users\Andreas\AppData\Local\Temp\deploy3940049561748689359.dll
C:\Users\Andreas\AppData\Local\Temp\deploy4134731276542015794.dll
C:\Users\Andreas\AppData\Local\Temp\deploy4167327489385583363.dll
C:\Users\Andreas\AppData\Local\Temp\deploy4600362563025983987.dll
C:\Users\Andreas\AppData\Local\Temp\deploy4614040283426469820.dll
C:\Users\Andreas\AppData\Local\Temp\deploy483744736765410034.dll
C:\Users\Andreas\AppData\Local\Temp\deploy4891860247131742259.dll
C:\Users\Andreas\AppData\Local\Temp\deploy502508167097564429.dll
C:\Users\Andreas\AppData\Local\Temp\deploy5250043465559935867.dll
C:\Users\Andreas\AppData\Local\Temp\deploy5280636548464139132.dll
C:\Users\Andreas\AppData\Local\Temp\deploy565860348253853329.dll
C:\Users\Andreas\AppData\Local\Temp\deploy5807726890683932397.dll
C:\Users\Andreas\AppData\Local\Temp\deploy6290024883884709013.dll
C:\Users\Andreas\AppData\Local\Temp\deploy635092091706148791.dll
C:\Users\Andreas\AppData\Local\Temp\deploy6977074889784749545.dll
C:\Users\Andreas\AppData\Local\Temp\deploy7266018333128559797.dll
C:\Users\Andreas\AppData\Local\Temp\deploy7381318553006819043.dll
C:\Users\Andreas\AppData\Local\Temp\deploy7598306199561610140.dll
C:\Users\Andreas\AppData\Local\Temp\deploy7728944584663530169.dll
C:\Users\Andreas\AppData\Local\Temp\deploy77981621359699427.dll
C:\Users\Andreas\AppData\Local\Temp\deploy8297349669357144418.dll
C:\Users\Andreas\AppData\Local\Temp\deploy8667042047984379855.dll
C:\Users\Andreas\AppData\Local\Temp\deploy8989779651679180910.dll
C:\Users\Andreas\AppData\Local\Temp\deploy9046540078041049413.dll
C:\Users\Andreas\AppData\Local\Temp\deploy9096870945898463788.dll
C:\Users\Andreas\AppData\Local\Temp\deploy9098405590459581350.dll
C:\Users\Andreas\AppData\Local\Temp\deploy9215894692249085168.dll
C:\Users\Andreas\AppData\Local\Temp\deploy968187513036998490.dll
C:\Users\Andreas\AppData\Local\Temp\dlLogic.exe
C:\Users\Andreas\AppData\Local\Temp\EnableExtDll.dll
C:\Users\Andreas\AppData\Local\Temp\Extract.exe
C:\Users\Andreas\AppData\Local\Temp\firefoxjre_exe-1.exe
C:\Users\Andreas\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Andreas\AppData\Local\Temp\FLVPlayerSetup.exe
C:\Users\Andreas\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe
C:\Users\Andreas\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Users\Andreas\AppData\Local\Temp\Funmoods.exe
C:\Users\Andreas\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Andreas\AppData\Local\Temp\ICReinstall_Setup.exe
C:\Users\Andreas\AppData\Local\Temp\ICReinstall_ZipExtractorSetup.exe
C:\Users\Andreas\AppData\Local\Temp\IE10.exe
C:\Users\Andreas\AppData\Local\Temp\IminentSetup.exe
C:\Users\Andreas\AppData\Local\Temp\Instalador.exe
C:\Users\Andreas\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Andreas\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Andreas\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Andreas\AppData\Local\Temp\MoviesToolbarSetup_Somoto.exe
C:\Users\Andreas\AppData\Local\Temp\MyBabylonTB.exe
C:\Users\Andreas\AppData\Local\Temp\propsys.dll
C:\Users\Andreas\AppData\Local\Temp\Resource.exe
C:\Users\Andreas\AppData\Local\Temp\setup.exe
C:\Users\Andreas\AppData\Local\Temp\SHSetup.exe
C:\Users\Andreas\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Andreas\AppData\Local\Temp\sp54620.exe
C:\Users\Andreas\AppData\Local\Temp\SP54945.exe
C:\Users\Andreas\AppData\Local\Temp\SP55083.exe
C:\Users\Andreas\AppData\Local\Temp\SP55085.exe
C:\Users\Andreas\AppData\Local\Temp\SP55152.exe
C:\Users\Andreas\AppData\Local\Temp\SP56215.exe
C:\Users\Andreas\AppData\Local\Temp\SP56878.exe
C:\Users\Andreas\AppData\Local\Temp\SP56929.exe
C:\Users\Andreas\AppData\Local\Temp\SP57049.exe
C:\Users\Andreas\AppData\Local\Temp\sp58915.exe
C:\Users\Andreas\AppData\Local\Temp\SP59792.exe
C:\Users\Andreas\AppData\Local\Temp\sp64126.exe
C:\Users\Andreas\AppData\Local\Temp\uninst1.exe
C:\Users\Andreas\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Andreas\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Andreas\AppData\Local\Temp\wajam_download.exe
C:\Users\Andreas\AppData\Local\Temp\WSSetup.exe
C:\Users\Andreas\AppData\Local\Temp\?odec Performer804225.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-02 10:57

==================== End Of Log ============================
         
--- --- ---
__________________

Alt 13.03.2014, 18:33   #4
Puig
 
windows7 Redirect Virus - Standard

windows7 Redirect Virus



FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2014
Ran by Andreas at 2014-03-12 19:26:16
Running from C:\Users\Andreas\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

1&1 Surf-Stick (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - )
6300 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
6300_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
6300Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
AIO_CDB_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
AMD APP SDK Runtime (Version: 2.4.650.9 - Advanced Micro Devices Inc.) Hidden
AMD Fuel (Version: 2011.0705.1115.18310 - Nombre de su organización) Hidden
AMD Media Foundation Decoders (Version: 1.0.60705.1113 - ATI Technologies Inc.) Hidden
AMD Steady Video Plug-In  (Version: 1.00.0000 - AMD) Hidden
AMD System Monitor (HKLM-x32\...\{4144F415-7434-4501-97DE-CED4FAF64E7D}) (Version: 1.0.6 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (x32 Version: 2011.0705.1115.18310 - Nombre de su organización) Hidden
ATI Catalyst Install Manager (HKLM\...\{6153098B-60DB-6A9F-EA0F-B006A96B57D5}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2013 - Avast Software)
BBSAK (HKLM-x32\...\{B23F12D4-17DE-453A-B1F4-55E501FE0EBF}) (Version: 1.9.2 - JMT Labs)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
BlackBerry Device Software v6.0.0 für das BlackBerry 9780-Smartphone (HKLM-x32\...\{7540EBC2-FA82-42F7-8B3D-D6D8239077DA}) (Version: 6.0.0.723 (Plattform 6.6.0.248) - Research in Motion Ltd.)
Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Bundled software uninstaller (HKLM-x32\...\bi_uninstaller) (Version:  - ) <==== ATTENTION
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Calener_VYP (HKLM-x32\...\Calener_VYP) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0705.1115.18310 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0705.1115.18310 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0705.1115.18310 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help English (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help French (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help German (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0705.1114.18310 - ATI) Hidden
ccc-utility64 (Version: 2011.0705.1115.18310 - ATI) Hidden
CERMA_v2_2 versión 2.2 (HKLM-x32\...\{B4CC6C30-FDF2-4347-A547-BB8D6DC57F96}_is1) (Version: 2.2 - )
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Configurador AEAT 1.12 (HKLM-x32\...\Configurador AEAT 1.12) (Version: 1.12 - AEAT)
Context2pro (HKCU\...\Context2pro) (Version:  - )
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4119 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.1.4119 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.0.13345 - Landesfinanzdirektion Thüringen)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
FilesFrog Update Checker (HKLM-x32\...\FilesFrog Update Checker) (Version:  - ) <==== ATTENTION
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.0 - BonanzaDeals) Hidden <==== ATTENTION
GoToMeeting 5.3.0.977 (HKCU\...\GoToMeeting) (Version: 5.3.0.977 - CitrixOnline)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hacer clic y ejecutar de Microsoft Office 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Hacer clic y ejecutar de Microsoft Office 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Connection Manager (HKLM-x32\...\{B65FCAA5-F3A6-4B3F-ABEE-CBC2B085796B}) (Version: 4.1.25.1 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Documentation (HKLM-x32\...\{DE15C5EC-7C30-44BF-ACEB-03960FC5601D}) (Version: 1.1.1.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Launch Box (HKLM\...\{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}) (Version: 1.0.11 - Hewlett-Packard Company)
HP Officejet 4620 series Ayuda (HKLM-x32\...\{36D47790-7562-4A7F-B933-600A700B2D40}) (Version: 6.0.0 - Hewlett Packard)
HP Officejet 4620 series Estudio para la mejora del producto (HKLM\...\{3ADC3E59-CC72-409E-8FB4-692E40C76B32}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 4620 series Software básico del dispositivo (HKLM\...\{CFA8A322-2D7F-4425-A251-F42BAF0A52D1}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{999164B6-5B78-4DD3-BACE-7292640AD0DD}) (Version: 3.1.0.9760 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{5036764A-435D-40C9-869C-31085A3D741D}) (Version: 8.7.4751.3798 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13476.3753 - Hewlett-Packard Company)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Software Framework (HKLM-x32\...\{364EB037-16AE-4B15-AC7E-EE3AEDD80700}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6319.0 - IDT)
InfinityAT (HKLM-x32\...\BB29F88B-A742-4E2C-B0F3-FFEC11E1BA06) (Version: 5.2.8 - TransAct Futures LLC)
IVA 2012 1.00 (HKLM-x32\...\1554-4768-6406-1156) (Version: 1.00 - AEAT)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Español (HKLM-x32\...\{90140011-0066-0C0A-0000-0000000FF1CE}) (Version: 14.0.5128.5002 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850C0A-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MIG Bank Trading Station - MINI (HKLM-x32\...\MIG Bank Trading Station - MINI) (Version: 4.00 - MetaQuotes Software Corp.)
Mozilla Firefox 27.0.1 (x86 es-ES) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 es-ES)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.3.0 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 es-ES) (HKLM-x32\...\Mozilla Thunderbird 24.3.0 (x86 es-ES)) (Version: 24.3.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OLYMPUS Digital Camera Updater (HKLM-x32\...\{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}) (Version: 1.0.3 - OLYMPUS IMAGING CORP.)
OLYMPUS Viewer 2 (HKLM-x32\...\{AEE39224-92BE-4389-9493-E57FF73BB96A}) (Version: 1.3.1 - OLYMPUS IMAGING CORP.)
OpenOffice.org 3.4 (HKLM-x32\...\{5D3A23FA-06EF-4640-BC24-FFD687BF3D2E}) (Version: 3.4.9590 - OpenOffice.org)
Paquete de controladores de Windows - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
PostCALENER (HKLM-x32\...\PostCALENER) (Version:  - )
PriMus-DCF v.NEXT GENERATION(c) (HKLM-x32\...\{3BFED551-630D-4C5E-A90F-A6B7E9CF3CA0}) (Version: NEXT GENERATION(c) - ACCA software S.p.A.)
QuickTime (HKLM-x32\...\InstallShield_{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653}) (Version: 7.0.2 - Apple Computer, Inc.)
QuickTime (x32 Version: 7.0.2 - Apple Computer, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
Renta 2012 1.21 (HKLM-x32\...\8421-7800-2226-7659) (Version: 1.21 - AEAT)
SavingsBull (x32 Version: 1.0.0.0 - SavingsBull) Hidden <==== ATTENTION
SavingsbullFilter (Version: 1.0.0.0 - SavingsBull Filter) Hidden <==== ATTENTION
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.1.15383.6004 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SpyHunter (HKLM\...\{1F7E4FF9-D2E5-4258-9AE1-E16E6CB3252A}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
Taxpool-Buchhalter Mini 7.10 (HKLM-x32\...\Taxpool-Buchhalter Mini) (Version: 7.10 - psynetic® Software)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for Zip Extractor (HKCU\...\DigitalSite) (Version:  - ) <==== ATTENTION
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Update_for_BonanzaDeals (HKCU\...\Bonanza) (Version:  - Update_for_BonanzaDeals) <==== ATTENTION
Utility Chest Toolbar (HKLM-x32\...\UtilityChest_49bar Uninstall) (Version:  - Mindspark Interactive Network)
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Whilokii 1.0.0 (HKLM\...\Whilokii) (Version: 1.0.0 - Whilokii) <==== ATTENTION
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zip Extractor Packages (HKCU\...\Zip Extractor Packages) (Version:  - ) <==== ATTENTION
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Restore Points  =========================

17-02-2014 20:11:29 Windows Update
17-02-2014 20:34:15 Removed SavingsbullFilter
17-02-2014 20:40:34 Quitado Visor de Microsoft PowerPoint
17-02-2014 22:27:10 Windows Update
19-02-2014 19:28:43 Installed Java 7 Update 51
24-02-2014 18:13:11 Windows Update
24-02-2014 18:21:20 Installed HP Support Assistant
24-02-2014 18:24:26 Instalador de Módulos de Windows
24-02-2014 18:25:45 Instalador de Módulos de Windows
26-02-2014 21:48:13 Windows Update
27-02-2014 19:11:40 Windows Update
03-03-2014 17:32:41 Windows Update
10-03-2014 17:49:31 Windows Update
10-03-2014 21:52:34 Eliminado Realtek PCIE Card Reader
11-03-2014 17:31:41 Installed SpyHunter
11-03-2014 19:27:45 Removed SpyHunter
11-03-2014 19:31:32 Removed SpyHunter
11-03-2014 19:37:18 Removed SpyHunter
11-03-2014 22:08:01 Windows Update
12-03-2014 17:17:05 Removed SpyHunter
12-03-2014 17:19:19 Removed SpyHunter
12-03-2014 17:22:23 Removed SpyHunter

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {025DFF88-0205-435D-A174-9DB1481BD5A7} - System32\Tasks\{1C4D8CF3-B7CF-44CE-AED3-8BA88422A9BE} => C:\Program Files (x86)\1&amp;1 Surf-Stick\UIMain.exe
Task: {2BF1EF25-81FD-4177-8775-3C5E674D0659} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-11] (AVAST Software)
Task: {2E4DDC9F-55C2-403D-8B2A-3AB6F087C9A9} - System32\Tasks\{A12D8AFF-E76F-40AE-BC31-AEE17007C17B} => C:\Program Files (x86)\mig4setup_mini.exe
Task: {36AA7FFE-2241-46CC-BA86-8F35EA50E37A} - System32\Tasks\{05C963B2-4B62-49B3-9F7C-23C3DF62764B} => Firefox.exe 
Task: {4AB3BC9E-23D3-41D6-8048-BB45FAE5C44D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {4F2C353C-CF71-4704-8440-22CDD533C33E} - System32\Tasks\{5DE7E3DF-FA50-4DBE-998E-88868888CA9A} => C:\Program Files (x86)\1&amp;1 Surf-Stick\UIMain.exe
Task: {4FD791C4-9BDE-425C-8CE3-9619202BDDB5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {6491B479-D503-4A8C-9801-3CC119BE12C2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-11] (Google Inc.)
Task: {671058E1-04DC-4106-93FC-18F5048CC94E} - System32\Tasks\HPCeeScheduleForAndreas => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {753B19BB-EB41-4A9B-8F8F-703C8F0FA7D7} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2014-01-09] (Enigma Software Group USA, LLC.)
Task: {84D41C05-7A03-4118-8B35-963AB95B2F15} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-06-27] ()
Task: {92C4CBA6-5721-426B-AD8A-13CB73F8A9AD} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-06-15] (CyberLink)
Task: {A4E12249-B4C9-49DA-9003-B0CC2F7A5125} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {A89B0F9B-1C08-4EA9-B22E-D0BDF05D8BB6} - System32\Tasks\{1D8C15A0-7038-4518-A85C-4546547CC365} => C:\Program Files (x86)\1&amp;1 Surf-Stick\UIMain.exe
Task: {B4688716-A750-4861-B39C-3D3983839488} - System32\Tasks\{941AE965-B365-4914-B7A7-810CFBC6277F} => C:\Program Files (x86)\1&amp;1 Surf-Stick\UIMain.exe
Task: {B52F8420-525E-4DB3-8A3B-00F3F8C8A1FB} - System32\Tasks\{A31DD10B-0970-4BC6-95F7-8D234B9BB60D} => C:\SYSTEM.SAV\util\OfficeDesktopIconThread.exe [2011-03-08] (Hewlett-Packard Company)
Task: {BD546092-544A-457A-BB40-F0A078DF4410} - System32\Tasks\DigitalSite => C:\Users\Andreas\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {C646B0E5-C8DD-4D4C-9542-880E547046A7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {CC2EC510-B0D1-4ECF-B9DB-194707A01D98} - System32\Tasks\HPCustParticipation HP Officejet 4620 series => C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {E77DE4E8-F2BD-4FA0-A3C0-6BBF9CD028BC} - System32\Tasks\Digital Sites => C:\Users\Andreas\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {EBD00F86-B119-461D-9030-24C5C48A3438} - System32\Tasks\{E78F87D0-F378-4B6C-AF0B-1468DA8447E0} => C:\Program Files (x86)\mig4setup_mini.exe
Task: {F3AE0C42-19D3-4882-A53E-49763D04EA23} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-11] (Google Inc.)
Task: {F89CFD3B-37C2-418E-B480-0D1631DB90D9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {F9EFAD9B-BB87-422E-B9A4-C2D7AFC28BDB} - System32\Tasks\{EB3CFBE3-9DCB-48D8-B9A8-853A596B92B9} => C:\Program Files (x86)\mig4setup_mini.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Andreas\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\Andreas\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForAndreas.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2011-07-05 11:27 - 2011-07-05 11:27 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-01-27 21:45 - 2014-01-27 21:45 - 00710976 _____ () C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
2014-02-12 14:16 - 2014-02-12 14:16 - 00210432 _____ () c:\Program Files\SavingsbullFilter\SavingsbullFilterService64.exe
2014-02-02 11:26 - 2014-02-02 11:26 - 00317952 _____ () c:\Program Files\SavingsbullFilter\ProtocolFilters.dll
2013-11-19 00:42 - 2013-11-19 00:42 - 00110080 _____ () c:\Program Files\SavingsbullFilter\nfapi.dll
2013-09-14 12:20 - 2012-05-04 16:19 - 00274208 _____ () C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
2013-09-26 21:44 - 2014-02-25 22:19 - 00111896 _____ () C:\Program Files (x86)\Whilokii\updateWhilokii.exe
2013-10-04 11:24 - 2014-02-25 21:46 - 00111896 _____ () C:\Program Files (x86)\Whilokii\bin\utilWhilokii.exe
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-06-27 15:18 - 2011-06-27 15:18 - 00107320 _____ () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
2013-03-20 09:37 - 2013-03-20 09:37 - 00527976 _____ () C:\Users\Andreas\AppData\Local\Context2pro\contextfr.exe
2013-03-20 09:37 - 2013-03-20 09:37 - 00555112 _____ () C:\Users\Andreas\AppData\Local\Context2pro\conadvanced.exe
2013-09-14 12:20 - 2012-05-04 16:19 - 00156448 _____ () C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe
2011-07-05 11:27 - 2011-07-05 11:27 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-07-05 11:13 - 2011-07-05 11:13 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-06-17 13:42 - 2011-06-17 13:42 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-04-27 16:05 - 2011-04-27 16:05 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
2014-03-11 20:12 - 2014-03-11 17:06 - 02186752 _____ () C:\Program Files\AVAST Software\Avast\defs\14031103\algo.dll
2014-03-12 18:13 - 2014-03-12 09:40 - 02186752 _____ () C:\Program Files\AVAST Software\Avast\defs\14031200\algo.dll
2014-02-11 19:56 - 2014-02-11 19:56 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2011-04-27 16:05 - 2011-04-27 16:05 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2014-03-10 19:15 - 2014-03-10 19:15 - 03019376 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-03-10 19:15 - 2014-03-10 19:15 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-03-10 19:15 - 2014-03-10 19:15 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-02-08 14:18 - 2014-03-12 18:11 - 00398104 _____ () C:\Program Files (x86)\Whilokii\bin\Whilokii.BrowserFilter.Helper.dll
2014-02-17 22:17 - 2014-02-17 22:17 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-03-11 22:31 - 2014-03-11 22:31 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Adaptador de tunelización Teredo de Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/12/2014 07:08:21 PM) (Source: SideBySide) (User: )
Description: Error al generar el contexto de activación para "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Error en el archivo de manifiesto o directiva "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" en la línea C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Componente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (03/12/2014 07:08:21 PM) (Source: SideBySide) (User: )
Description: Error al generar el contexto de activación para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Error en el archivo de manifiesto o directiva "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" en la línea C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/12/2014 07:03:01 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.5\BonanzaDealsLiveHelper.msi

Error: (03/12/2014 06:42:53 PM) (Source: SideBySide) (User: )
Description: Error al generar el contexto de activación para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Error en el archivo de manifiesto o directiva "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" en la línea C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/12/2014 06:42:50 PM) (Source: SideBySide) (User: )
Description: Error al generar el contexto de activación para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Error en el archivo de manifiesto o directiva "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" en la línea C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/12/2014 06:42:46 PM) (Source: SideBySide) (User: )
Description: Error al generar el contexto de activación para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Error en el archivo de manifiesto o directiva "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" en la línea C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/12/2014 06:42:31 PM) (Source: SideBySide) (User: )
Description: Error al generar el contexto de activación para "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Error en el archivo de manifiesto o directiva "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" en la línea C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (03/12/2014 06:39:08 PM) (Source: SideBySide) (User: )
Description: Error al generar el contexto de activación para "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Error en el archivo de manifiesto o directiva "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" en la línea C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Una versión de componente requerida por la aplicación está en conflicto con la versión de otro componente activo.
Los componentes en conflicto son:.
Componente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Componente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (03/12/2014 06:12:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/12/2014 07:30:11 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (03/12/2014 06:13:34 PM) (Source: DCOM) (User: )
Description: {CC957078-B838-47C4-A7CF-626E7A82FC58}

Error: (03/12/2014 06:11:20 PM) (Source: Service Control Manager) (User: )
Description: El servicio Servicio HP CUE DeviceDiscovery se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (03/12/2014 06:11:20 PM) (Source: Service Control Manager) (User: )
Description: El servicio hpqcxs08 se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (03/12/2014 06:11:06 PM) (Source: Service Control Manager) (User: )
Description: El servicio Utility ChestService no pudo iniciarse debido al siguiente error: 
%%2

Error: (03/12/2014 06:10:52 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: El módulo de extensibilidad de WLAN no se pudo iniciar.

Ruta de acceso del módulo: C:\Windows\system32\Rtlihvs.dll
Código de error: 126

Error: (03/12/2014 07:44:20 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (03/12/2014 07:31:33 AM) (Source: Service Control Manager) (User: )
Description: El servicio Servicio HP CUE DeviceDiscovery se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (03/12/2014 07:31:33 AM) (Source: Service Control Manager) (User: )
Description: El servicio hpqcxs08 se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (03/12/2014 07:30:10 AM) (Source: Service Control Manager) (User: )
Description: El servicio Utility ChestService no pudo iniciarse debido al siguiente error: 
%%2

Error: (03/12/2014 07:30:02 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: El módulo de extensibilidad de WLAN no se pudo iniciar.

Ruta de acceso del módulo: C:\Windows\system32\Rtlihvs.dll
Código de error: 126


Microsoft Office Sessions:
=========================
Error: (03/12/2014 07:08:21 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\Andreas\Downloads\SoftonicDownloader_para_pdf-split-and-merge.exe

Error: (03/12/2014 07:08:21 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Andreas\Downloads\SoftonicDownloader_para_malwarebytes-anti-malware.exe

Error: (03/12/2014 07:03:01 PM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.22.5\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (03/12/2014 06:42:53 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Andreas\Downloads\SoftonicDownloader_para_malwarebytes-anti-malware.exe

Error: (03/12/2014 06:42:50 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Andreas\Downloads\SoftonicDownloader_para_malwarebytes-anti-malware.exe

Error: (03/12/2014 06:42:46 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Andreas\Downloads\SoftonicDownloader_para_malwarebytes-anti-malware.exe

Error: (03/12/2014 06:42:31 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Andreas\Downloads\SoftonicDownloader_para_malwarebytes-anti-malware.exe

Error: (03/12/2014 06:39:08 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\Andreas\Downloads\SoftonicDownloader_para_pdf-split-and-merge.exe

Error: (03/12/2014 06:12:30 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/12/2014 07:30:11 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2012-06-04 09:06:49.457
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\Sentinel64.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

  Date: 2012-06-04 09:06:49.422
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\Sentinel64.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

  Date: 2012-06-04 07:45:49.571
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\Sentinel64.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

  Date: 2012-06-04 07:45:49.531
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\Sentinel64.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

  Date: 2012-06-03 11:38:48.156
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\Sentinel64.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

  Date: 2012-06-03 11:38:48.141
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\Sentinel64.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

  Date: 2012-06-03 11:09:01.884
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\Sentinel64.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

  Date: 2012-06-03 11:09:01.854
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\Sentinel64.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

  Date: 2012-06-03 09:51:26.020
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\Sentinel64.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.

  Date: 2012-06-03 09:51:25.989
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\Sentinel64.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo dañado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.


==================== Memory info =========================== 

Percentage of memory in use: 42%
Total physical RAM: 5609.41 MB
Available physical RAM: 3217.75 MB
Total Pagefile: 11216.99 MB
Available Pagefile: 8182.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:577.01 GB) (Free:476.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:14.99 GB) (Free:1.64 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.1 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 3CC052AE)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=577 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

==================== End Of Log ============================
         
--- --- ---

Alt 13.03.2014, 19:05   #5
Puig
 
windows7 Redirect Virus - Standard

windows7 Redirect Virus



Lässt sich leider nur als Anhang und 7z - Archiv senden.


Alt 14.03.2014, 18:36   #6
schrauber
/// the machine
/// TB-Ausbilder
 

windows7 Redirect Virus - Standard

windows7 Redirect Virus



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> windows7 Redirect Virus

Alt 18.03.2014, 18:57   #7
Puig
 
windows7 Redirect Virus - Standard

windows7 Redirect Virus



Code:
ATTFilter
Combofix Logfile:
Code:
ATTFilter
ComboFix 14-03-16.01 - Andreas 18/03/2014  18:27:19.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.34.3082.18.5609.3362 [GMT 1:00]
Running from: c:\users\Andreas\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Uniblue\SpeedUpMyPC
c:\program files (x86)\Uniblue\SpeedUpMyPC\intermediate_views.dat
c:\program files (x86)\Uniblue\SpeedUpMyPC\latest_scan_results.xsl
c:\program files (x86)\Uniblue\SpeedUpMyPC\library.dat
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\br\LC_MESSAGES\messages.mo
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\de\LC_MESSAGES\messages.mo
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\dk\LC_MESSAGES\messages.mo
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\en\LC_MESSAGES\messages.mo
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\es\LC_MESSAGES\messages.mo
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\fi\LC_MESSAGES\messages.mo
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\fr\LC_MESSAGES\messages.mo
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\gr\LC_MESSAGES\messages.mo
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\it\LC_MESSAGES\messages.mo
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\jp\LC_MESSAGES\messages.mo
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\nl\LC_MESSAGES\messages.mo
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\no\LC_MESSAGES\messages.mo
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\pl\LC_MESSAGES\messages.mo
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\pt\LC_MESSAGES\messages.mo
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\ru\LC_MESSAGES\messages.mo
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\se\LC_MESSAGES\messages.mo
c:\program files (x86)\Uniblue\SpeedUpMyPC\locale\tr\LC_MESSAGES\messages.mo
c:\program files (x86)\Uniblue\SpeedUpMyPC\repair_transform.xsl
c:\program files (x86)\Uniblue\SpeedUpMyPC\st.dat
c:\program files (x86)\Uniblue\SpeedUpMyPC\Third Party Terms\comtypes.txt
c:\program files (x86)\Uniblue\SpeedUpMyPC\Third Party Terms\cwebpage.dll.html
c:\program files (x86)\Uniblue\SpeedUpMyPC\Third Party Terms\decorator.py.txt
c:\program files (x86)\Uniblue\SpeedUpMyPC\Third Party Terms\ordereddict.py.txt
c:\program files (x86)\Uniblue\SpeedUpMyPC\Third Party Terms\py2exe.txt
c:\program files (x86)\Uniblue\SpeedUpMyPC\Third Party Terms\python-changes.txt
c:\program files (x86)\Uniblue\SpeedUpMyPC\Third Party Terms\python.txt
c:\program files (x86)\Uniblue\SpeedUpMyPC\Third Party Terms\simplejson.txt
c:\program files (x86)\Uniblue\SpeedUpMyPC\Third Party Terms\wmi.txt
c:\program files (x86)\Uniblue\SpeedUpMyPC\unins000.dat
c:\program files (x86)\Uniblue\SpeedUpMyPC\unins000.msg
c:\program files (x86)\Uniblue\SpeedUpMyPC\views.dat
c:\users\Andreas\AppData\Local\lollipop
c:\users\Andreas\g2mdlhlpx.exe
c:\users\Andreas\nsmail.tmp
c:\users\Andreas\WINDOWS
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Level Quality Watcher
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-18 to 2014-03-18  )))))))))))))))))))))))))))))))
.
.
2014-03-18 17:15 . 2014-03-07 04:43	10521840	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D627B19C-D64E-4786-8C6E-31779F610723}\mpengine.dll
2014-03-12 20:11 . 2014-03-12 20:11	--------	d-----w-	c:\program files (x86)\7-Zip
2014-03-12 18:25 . 2014-03-12 18:27	--------	d-----w-	C:\FRST
2014-03-11 19:20 . 2014-03-11 19:20	--------	d-----w-	c:\users\Andreas\AppData\Roaming\SpeedyPC Software
2014-03-11 19:20 . 2014-03-11 19:20	--------	d-----w-	c:\users\Andreas\AppData\Roaming\DriverCure
2014-03-11 19:17 . 2014-03-11 19:35	--------	d-----w-	c:\programdata\SpeedyPC Software
2014-03-11 17:32 . 2014-03-11 17:32	110080	----a-r-	c:\users\Andreas\AppData\Roaming\Microsoft\Installer\{1F7E4FF9-D2E5-4258-9AE1-E16E6CB3252A}\IconF7A21AF7.exe
2014-03-11 17:32 . 2014-03-11 17:32	110080	----a-r-	c:\users\Andreas\AppData\Roaming\Microsoft\Installer\{1F7E4FF9-D2E5-4258-9AE1-E16E6CB3252A}\IconD7F16134.exe
2014-03-11 17:32 . 2014-03-11 17:32	110080	----a-r-	c:\users\Andreas\AppData\Roaming\Microsoft\Installer\{1F7E4FF9-D2E5-4258-9AE1-E16E6CB3252A}\Icon1226A4C5.exe
2014-03-11 17:32 . 2014-03-11 17:32	--------	d-----w-	C:\sh4ldr
2014-03-11 17:32 . 2014-03-11 17:32	--------	d-----w-	c:\program files\Enigma Software Group
2014-03-11 17:31 . 2014-03-12 17:20	--------	d-----w-	c:\windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-03-11 17:30 . 2014-03-11 17:30	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2014-03-11 17:22 . 2014-02-04 02:32	624128	----a-w-	c:\windows\system32\qedit.dll
2014-03-11 17:22 . 2014-02-04 02:04	509440	----a-w-	c:\windows\SysWow64\qedit.dll
2014-03-11 17:22 . 2014-02-04 02:32	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-03-11 17:22 . 2014-02-04 02:04	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2014-03-10 20:00 . 2014-03-10 20:00	--------	d-----w-	c:\users\Andreas\AppData\Local\Skype
2014-03-10 20:00 . 2014-03-10 20:00	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2014-03-10 18:15 . 2014-03-12 17:18	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2014-02-26 21:50 . 2014-02-26 21:50	--------	d-----w-	c:\windows\Migration
2014-02-24 18:21 . 2014-02-24 18:21	--------	d-----w-	c:\programdata\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-02-24 18:08 . 2014-03-11 19:33	--------	d-----w-	c:\program files (x86)\SavingsBull
2014-02-19 19:30 . 2013-12-18 20:09	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-19 19:19 . 2014-02-19 19:19	--------	d-----w-	C:\extensions
2014-02-17 20:28 . 2014-02-17 20:33	--------	d-----w-	c:\program files (x86)\Amazon
2014-02-17 20:27 . 2014-02-17 20:32	--------	d-----w-	c:\program files (x86)\Advanced Disk Recovery
2014-02-17 20:27 . 2014-02-17 20:32	--------	d-----w-	c:\program files (x86)\PC Cleaner
2014-02-17 20:27 . 2014-02-17 20:32	--------	d-----w-	c:\program files (x86)\Systweak Support Dock
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-11 21:31 . 2012-05-17 10:33	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-11 21:31 . 2011-07-20 20:36	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-17 22:27 . 2012-06-04 10:12	88567024	----a-w-	c:\windows\system32\MRT.exe
2014-02-11 18:56 . 2014-02-11 18:56	80184	----a-w-	c:\windows\system32\drivers\aswStm.sys
2014-02-11 18:56 . 2013-05-17 07:25	207904	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2014-02-11 18:56 . 2013-05-17 07:25	65776	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2014-02-11 18:56 . 2012-06-18 05:02	421704	----a-w-	c:\windows\system32\drivers\aswSP.sys
2014-02-11 18:56 . 2012-06-18 05:02	92544	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2014-02-11 18:56 . 2012-06-18 05:02	1038072	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2014-02-11 18:56 . 2012-06-18 05:02	78648	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2014-02-11 18:56 . 2012-06-18 05:02	334136	----a-w-	c:\windows\system32\aswBoot.exe
2014-02-11 18:56 . 2012-06-18 05:01	43152	----a-w-	c:\windows\avastSS.scr
2014-01-22 14:52 . 2012-06-18 05:02	64288	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-12-27 17:10 . 2014-02-09 12:36	20312	----a-w-	c:\windows\system32\roboot64.exe
2013-12-24 23:09 . 2014-02-13 20:55	1987584	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2013-12-24 22:48 . 2014-02-13 20:55	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2013-12-21 09:53 . 2014-02-13 21:17	548864	----a-w-	c:\windows\system32\vbscript.dll
2013-12-21 08:56 . 2014-02-13 21:17	454656	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-04-19 07:06 . 2012-04-19 07:06	473600	----a-w-	c:\program files (x86)\setup.exe
2012-04-19 07:06 . 2012-04-19 07:06	3125248	----a-w-	c:\program files (x86)\openofficeorg34.msi
2010-03-05 09:46 . 2010-03-05 09:46	4620399	----a-w-	c:\program files (x86)\Setup_Installation.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"contextfr"="c:\users\Andreas\AppData\Local\Context2pro\contextfr.exe" [2013-03-20 527976]
"conadvanced"="c:\users\Andreas\AppData\Local\Context2pro\conadvanced.exe" [2013-03-20 555112]
"contextprod"="c:\users\Andreas\AppData\Local\Context2pro\contextprod.exe" [2013-03-20 555112]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-05 336384]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-07-01 169528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-12-18 40312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2012-05-23 155648]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-09-13 103992]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"UIExec"="c:\program files (x86)\1&1 Surf-Stick\UIExec.exe" [2012-05-04 156448]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2013-01-17 267792]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-11 3767096]
.
c:\users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Supervisar alertas de tinta - HP Officejet 4620 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 4620 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN32N212CD05RT;CONNECTION=USB;MONITOR=1; [2009-7-14 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 UtilityChest_49Service;Utility ChestService;c:\progra~2\UTILIT~2\bar\1.bin\49barsvc.exe;c:\progra~2\UTILIT~2\bar\1.bin\49barsvc.exe [x]
R3 Blackberry Device Manager;Blackberry Device Manager;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 netfilter64;netfilter64;c:\windows\system32\drivers\netfilter64.sys;c:\windows\SYSNATIVE\drivers\netfilter64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 SavingsbullFilterService64;SavingsbullFilterService64;c:\program files\SavingsbullFilter\SavingsbullFilterService64.exe;c:\program files\SavingsbullFilter\SavingsbullFilterService64.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\1&1 Surf-Stick\AssistantServices.exe;c:\program files (x86)\1&1 Surf-Stick\AssistantServices.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-04 21:03	1150280	----a-w-	c:\program files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 21:31]
.
2014-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-11 19:46]
.
2014-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-11 19:46]
.
2014-03-18 c:\windows\Tasks\HPCeeScheduleForAndreas.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-11 18:56	287280	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-17 525312]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-06-27 42808]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1392155160&from=tugs&uid=HitachiXHTS547575A9E384_J2540054DYL3ZEDYL3ZEX&q={searchTerms}
mDefault_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1392155160&from=tugs&uid=HitachiXHTS547575A9E384_J2540054DYL3ZEDYL3ZEX
mStart Page = hxxp://www.awesomehp.com/?type=hp&ts=1392155160&from=tugs&uid=HitachiXHTS547575A9E384_J2540054DYL3ZEDYL3ZEX
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1392155160&from=tugs&uid=HitachiXHTS547575A9E384_J2540054DYL3ZEDYL3ZEX&q={searchTerms}
Trusted Zone: gob.es\agenciatributaria
TCP: DhcpNameServer = 192.168.1.1
DPF: {2DAB6EF1-66C3-427C-87CD-8DC448C47EAE} - hxxps://www5.aeat.es/es13/h/tgvicab.cab
DPF: {947B00D2-962D-4A35-9E48-98EE6A442B41} - hxxps://www1.agenciatributaria.gob.es/ADUA/internet/aded1503.cab
DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} - hxxps://www1.agenciatributaria.gob.es/es13/h/cactivex.cab
FF - ProfilePath - c:\users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\st2jilhu.default\
FF - ExtSQL: !HIDDEN! 2012-06-04 11:04; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{06e05b40-77fa-40b6-9077-ed1a7577b1ef} - (no file)
BHO-{3444c3c5-6c56-4a16-a453-832b05bf6ea4} - (no file)
Toolbar-{3444c3c5-6c56-4a16-a453-832b05bf6ea4} - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-Wallpaper Changer - c:\program files (x86)\Wallpaper Changer\Wallpaper Changer.exe
Wow6432Node-HKLM-Run-Easybits Recovery - c:\program files (x86)\EasyBits For Kids\ezRecover.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-10 - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2014-03-18  18:51:32 - machine was rebooted
ComboFix-quarantined-files.txt  2014-03-18 17:51
.
Pre-Run: 511.895.384.064 bytes libres
Post-Run: 541.147.111.424 bytes libres
.
- - End Of File - - 55628754A5A488D966FF61678F2278CB
         
--- --- --- A36C5E4F47E84449FF07ED3517B43A31

Alt 19.03.2014, 14:39   #8
schrauber
/// the machine
/// TB-Ausbilder
 

windows7 Redirect Virus - Standard

windows7 Redirect Virus



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.03.2014, 19:59   #9
Puig
 
windows7 Redirect Virus - Standard

windows7 Redirect Virus



Hier die Logs:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.03.19.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
Andreas :: ANDREAS-HP [Administrator]

Schutz: Aktiviert

19/03/2014 18:33:56
MBAM-log-2014-03-19 (18-44-32).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 269835
Laufzeit: 6 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 3
C:\Program Files\SavingsbullFilter\SavingsbullFilterService64.exe (PUP.Optional.SavingsBull.A) -> 2064 -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Local\Context2pro\conadvanced.exe (PUP.Optional.Context2Pro.A) -> 3804 -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Local\Context2pro\contextfr.exe (PUP.Optional.Context2Pro.A) -> 3556 -> Keine Aktion durchgeführt.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 40
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Keine Aktion durchgeführt.
HKCR\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3} (PUP.Optional.ScorpionSaver) -> Keine Aktion durchgeführt.
HKCR\CLSID\{33119133-0854-469d-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{03119103-0854-469d-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Keine Aktion durchgeführt.
HKCR\Interface\{23119123-0854-469D-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Keine Aktion durchgeführt.
HKCR\UtilityChest_49.SkinLauncherSettings.1 (PUP.Optional.FunWebProducts.A) -> Keine Aktion durchgeführt.
HKCR\UtilityChest_49.SkinLauncherSettings (PUP.Optional.FunWebProducts.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3444c3c5-6c56-4a16-a453-832b05bf6ea4} (PUP.Optional.MoviesToolBar.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3444c3c5-6c56-4a16-a453-832b05bf6ea4} (PUP.Optional.MoviesToolBar.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93DBF2BB-A2B3-4683-A92E-57E60751F346} (PUP.Optional.ValueApps.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DigitalSite (PUP.Optional.DigitalSites.A) -> Keine Aktion durchgeführt.
HKLM\SYSTEM\CurrentControlSet\Services\SavingsbullFilterService64 (PUP.Optional.SavingsBull.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Context2pro (PUP.Optional.Context2Pro.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Funmoods (PUP.FunMoods) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Keine Aktion durchgeführt.
HKCU\Software\Iminent (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt.
HKCU\Software\SavingsBull (PUP.Optional.SavingsBull.A) -> Keine Aktion durchgeführt.
HKCU\Software\AppDataLow\Software\Savings Bull (PUP.Optional.SavingsBull.A) -> Keine Aktion durchgeführt.
HKCU\Software\AppDataLow\Software\SavingsBull (PUP.Optional.SavingsBull.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\BI (PUP.Optional.FilesFrog.A) -> Keine Aktion durchgeführt.
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Keine Aktion durchgeführt.
HKCU\Software\Conduit\ValueApps (PUP.Optional.ValueApps.A) -> Keine Aktion durchgeführt.
HKCU\Software\Distromatic\Toolbars (PUP.Optional.AlexaTB.A) -> Keine Aktion durchgeführt.
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\BabylonToolbar (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\SavingsbullFilter (PUP.Optional.SavingsBull.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\DATAMNGR (PUP.Optional.MoviesToolbar.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Keine Aktion durchgeführt.
HKLM\Software\awesomehpSoftware (PUP.Optional.Awesomehp.A) -> Keine Aktion durchgeführt.
HKLM\Software\Iminent (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 9
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{3444c3c5-6c56-4a16-a453-832b05bf6ea4} (PUP.Optional.MoviesToolBar.A) -> Daten: Movies Toolbar (Dist. by Somoto Ltd.) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3444c3c5-6c56-4a16-a453-832b05bf6ea4} (PUP.Optional.MoviesToolBar.A) -> Daten:  -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|conadvanced (PUP.Optional.Context2Pro.A) -> Daten: C:\Users\Andreas\AppData\Local\Context2pro\conadvanced.exe -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|contextfr (PUP.Optional.Context2Pro.A) -> Daten: C:\Users\Andreas\AppData\Local\Context2pro\contextfr.exe -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|contextprod (PUP.Optional.Context2Pro.A) -> Daten: C:\Users\Andreas\AppData\Local\Context2pro\contextprod.exe -> Keine Aktion durchgeführt.
HKCU\Software\BI|ui_path_filesfrog (PUP.Optional.FilesFrog.A) -> Daten: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker -> Keine Aktion durchgeführt.
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0Q1O2W1R1D0D1S1J -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Datamngr|uninstallstring (PUP.Optional.MoviesToolbar.A) -> Daten: C:\Program Files (x86)\Movies Toolbar\SafetyNut\uninstall.exe -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|lightningnewtab@gmail.com (PUP.Optional.Lightning.A) -> Daten: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\st2jilhu.default\extensions\lightningnewtab@gmail.com.xpi -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 3
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (PUP.Optional.Awesomehp.A) -> Bösartig: (hxxp://www.awesomehp.com/web/?type=ds&ts=1392155160&from=tugs&uid=HitachiXHTS547575A9E384_J2540054DYL3ZEDYL3ZEX&q={searchTerms}) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Awesomehp.A) -> Bösartig: (hxxp://www.awesomehp.com/?type=hp&ts=1392155160&from=tugs&uid=HitachiXHTS547575A9E384_J2540054DYL3ZEDYL3ZEX) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.
HKLM\Software\Microsoft\Internet Explorer\Main|Default_Page_URL (PUP.Optional.Awesomehp.A) -> Bösartig: (hxxp://www.awesomehp.com/?type=hp&ts=1392155160&from=tugs&uid=HitachiXHTS547575A9E384_J2540054DYL3ZEDYL3ZEX) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 25
C:\Users\Andreas\AppData\Roaming\ValueApps\CH (PUP.Optional.ValueApps.A) -> Keine Aktion durchgeführt.
C:\Program Files\SavingsbullFilter (PUP.Optional.SavingsBull.A) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Roaming\DigitalSites\UpdateProc (PUP.Optional.Updater) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Roaming\DigitalSite\UpdateProc (PUP.Optional.DigitalSite.A) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Local\Context2pro (PUP.Optional.Context2Pro.A) -> Keine Aktion durchgeführt.
C:\Program Files\Level Quality Watcher\v1.01 (PUP.Optional.Adpeak) -> Keine Aktion durchgeführt.
C:\ProgramData\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BonanzaDealsLive\Update (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BonanzaDealsLive\Update\Log (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Local\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Local\BonanzaDealsLive\CrashReports (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\BonanzaDealsLive\CrashReports (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Program Files\Conduit\ValueApps (PUP.Optional.ValueAppsplugin.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\Conduit\ValueApps (PUP.Optional.ValueAppsplugin.A) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Local\Conduit\ValueApps (PUP.Optional.ValueAppsplugin.A) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon (PUP.Optional.ValueApps) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.0.0_0 (PUP.Optional.ValueApps) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.0.0_0\js (PUP.Optional.ValueApps) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.0.0_0\mam (PUP.Optional.ValueApps) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.0.0_0\mam\scripts (PUP.Optional.ValueApps) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.0.0_0\mam\scripts\contentScripts (PUP.Optional.ValueApps) -> Keine Aktion durchgeführt.
C:\ProgramData\IePluginService (PUP.Optional.IePluginService.A) -> Keine Aktion durchgeführt.
C:\ProgramData\IePluginService\update (PUP.Optional.IePluginService.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SavingsBull (PUP.Optional.SavingsBull.A) -> Keine Aktion durchgeführt.

Infizierte Dateien: 63
C:\ProgramData\DSearchLink\DSearchLink.exe (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe (PUP.Optional.DigitalSites.A) -> Keine Aktion durchgeführt.
C:\Users\Andreas\Downloads\7ZipSetup.exe (PUP.Optional.Somoto.A) -> Keine Aktion durchgeführt.
C:\Users\Andreas\Downloads\Player.exe (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\Andreas\Downloads\SoftonicDownloader_para_malwarebytes-anti-malware.exe (PUP.Optional.Softonic.A) -> Keine Aktion durchgeführt.
C:\Users\Andreas\Downloads\SoftonicDownloader_para_pdf-split-and-merge.exe (PUP.Optional.Softonic) -> Keine Aktion durchgeführt.
C:\Users\Andreas\Downloads\UltimateCodec.exe (PUP.Optional.BundleInstaller.A) -> Keine Aktion durchgeführt.
C:\Users\Andreas\Downloads\ZipExtractorSetup.exe (PUP.Optional.InstallCore) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Roaming\ValueApps\CH\TBVerifier.dll (PUP.Optional.ValueApps.A) -> Keine Aktion durchgeführt.
C:\Program Files\SavingsbullFilter\sample.dll (PUP.Optional.SavingsBull.A) -> Keine Aktion durchgeführt.
C:\Program Files\SavingsbullFilter\Installbat64.dll (PUP.Optional.SavingsBull.A) -> Keine Aktion durchgeführt.
C:\Program Files\SavingsbullFilter\Microsoft.Deployment.WindowsInstaller.dll (PUP.Optional.SavingsBull.A) -> Keine Aktion durchgeführt.
C:\Program Files\SavingsbullFilter\Microsoft.Deployment.WindowsInstaller.xml (PUP.Optional.SavingsBull.A) -> Keine Aktion durchgeführt.
C:\Program Files\SavingsbullFilter\netfilter64.sys (PUP.Optional.SavingsBull.A) -> Keine Aktion durchgeführt.
C:\Program Files\SavingsbullFilter\nfapi.dll (PUP.Optional.SavingsBull.A) -> Keine Aktion durchgeführt.
C:\Program Files\SavingsbullFilter\nfregdrv.exe (PUP.Optional.SavingsBull.A) -> Keine Aktion durchgeführt.
C:\Program Files\SavingsbullFilter\ProtocolFilters.dll (PUP.Optional.SavingsBull.A) -> Keine Aktion durchgeführt.
C:\Program Files\SavingsbullFilter\SavingsbullFilterService64.exe (PUP.Optional.SavingsBull.A) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe (PUP.Optional.Updater) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Roaming\DigitalSites\UpdateProc\config.dat (PUP.Optional.Updater) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Roaming\DigitalSites\UpdateProc\info.dat (PUP.Optional.Updater) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Roaming\DigitalSites\UpdateProc\STTL.DAT (PUP.Optional.Updater) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Roaming\DigitalSites\UpdateProc\TTL.DAT (PUP.Optional.Updater) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Roaming\DigitalSite\UpdateProc\config.dat (PUP.Optional.DigitalSite.A) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Roaming\DigitalSite\UpdateProc\info.dat (PUP.Optional.DigitalSite.A) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Roaming\DigitalSite\UpdateProc\prod.dat (PUP.Optional.DigitalSite.A) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Roaming\DigitalSite\UpdateProc\STTL.DAT (PUP.Optional.DigitalSite.A) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Roaming\DigitalSite\UpdateProc\TTL.DAT (PUP.Optional.DigitalSite.A) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Local\Context2pro\notifications.exe (PUP.Optional.Context2Pro.A) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Local\Context2pro\conadvanced.exe (PUP.Optional.Context2Pro.A) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Local\Context2pro\Context2pro_Uninstaller.exe (PUP.Optional.Context2Pro.A) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Local\Context2pro\contextfr.exe (PUP.Optional.Context2Pro.A) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Local\Context2pro\contextnav.exe (PUP.Optional.Context2Pro.A) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Local\Context2pro\contextprod.exe (PUP.Optional.Context2Pro.A) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Local\Context2pro\libwindoc.exe (PUP.Optional.Context2Pro.A) -> Keine Aktion durchgeführt.
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe (PUP.Optional.Adpeak) -> Keine Aktion durchgeführt.
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe (PUP.Optional.Adpeak) -> Keine Aktion durchgeführt.
C:\ProgramData\BonanzaDealsLive\Update\Log\BonanzaDealsLive.log (PUP.Optional.BonanzaDeals.A) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.0.0_0\background.html (PUP.Optional.ValueApps) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.0.0_0\icon.png (PUP.Optional.ValueApps) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.0.0_0\icon128.png (PUP.Optional.ValueApps) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.0.0_0\icon16.png (PUP.Optional.ValueApps) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.0.0_0\icon48.png (PUP.Optional.ValueApps) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.0.0_0\manifest.json (PUP.Optional.ValueApps) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.0.0_0\options.html (PUP.Optional.ValueApps) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.0.0_0\popup.html (PUP.Optional.ValueApps) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.0.0_0\js\background.js (PUP.Optional.ValueApps) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.0.0_0\js\options.js (PUP.Optional.ValueApps) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.0.0_0\mam\background.html (PUP.Optional.ValueApps) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.0.0_0\mam\settings.json (PUP.Optional.ValueApps) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.0.0_0\mam\scripts\background.js (PUP.Optional.ValueApps) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.0.0_0\mam\scripts\iframeHost.html (PUP.Optional.ValueApps) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.0.0_0\mam\scripts\iframeHost.js (PUP.Optional.ValueApps) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.0.0_0\mam\scripts\popup.js (PUP.Optional.ValueApps) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.0.0_0\mam\scripts\contentScripts\contentScript.js (PUP.Optional.ValueApps) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SavingsBull\bootstrap.js.old (PUP.Optional.SavingsBull.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SavingsBull\CustomActionInstall (PUP.Optional.SavingsBull.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SavingsBull\CustomActionUninstall (PUP.Optional.SavingsBull.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SavingsBull\ff_main.js.old (PUP.Optional.SavingsBull.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SavingsBull\Microsoft.Deployment.WindowsInstaller.dll (PUP.Optional.SavingsBull.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SavingsBull\Microsoft.Deployment.WindowsInstaller.xml (PUP.Optional.SavingsBull.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\SavingsBull\SendJson.dll (PUP.Optional.SavingsBull.A) -> Keine Aktion durchgeführt.

(Ende)
         
Code:
ATTFilter
# AdwCleaner v3.022 - Reporte Creado 19/03/2014 en 19:01:45
# Actualizado 13/03/2014 por Xplode
# Sistema Operativo : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nombre de usuario : Andreas - ANDREAS-HP
# Ejecutado desde : C:\Users\Andreas\Downloads\adwcleaner.exe
# Opción : Limpiar

***** [ Servicios ] *****


***** [ Archivos / Carpetas ] *****


***** [ Accesos directos ] *****

Acceso directo Desinfectado : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Acceso directo Desinfectado : C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Acceso directo Desinfectado : C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Acceso directo Desinfectado : C:\Users\Andreas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Acceso directo Desinfectado : C:\Users\Andreas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Acceso directo Desinfectado : C:\Users\Andreas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registro ] *****

Clave Borrar : HKLM\SOFTWARE\Classes\Prod.cap
Clave Borrar : HKLM\SOFTWARE\Classes\UtilityChest_49.DynamicBarButton
Clave Borrar : HKLM\SOFTWARE\Classes\UtilityChest_49.DynamicBarButton.1
Clave Borrar : HKLM\SOFTWARE\Classes\UtilityChest_49.FeedManager
Clave Borrar : HKLM\SOFTWARE\Classes\UtilityChest_49.FeedManager.1
Clave Borrar : HKLM\SOFTWARE\Classes\UtilityChest_49.HTMLMenu
Clave Borrar : HKLM\SOFTWARE\Classes\UtilityChest_49.HTMLMenu.1
Clave Borrar : HKLM\SOFTWARE\Classes\UtilityChest_49.HTMLPanel
Clave Borrar : HKLM\SOFTWARE\Classes\UtilityChest_49.HTMLPanel.1
Clave Borrar : HKLM\SOFTWARE\Classes\UtilityChest_49.MultipleButton
Clave Borrar : HKLM\SOFTWARE\Classes\UtilityChest_49.MultipleButton.1
Clave Borrar : HKLM\SOFTWARE\Classes\UtilityChest_49.PseudoTransparentPlugin
Clave Borrar : HKLM\SOFTWARE\Classes\UtilityChest_49.PseudoTransparentPlugin.1
Clave Borrar : HKLM\SOFTWARE\Classes\UtilityChest_49.Radio
Clave Borrar : HKLM\SOFTWARE\Classes\UtilityChest_49.Radio.1
Clave Borrar : HKLM\SOFTWARE\Classes\UtilityChest_49.RadioSettings
Clave Borrar : HKLM\SOFTWARE\Classes\UtilityChest_49.RadioSettings.1
Clave Borrar : HKLM\SOFTWARE\Classes\UtilityChest_49.ScriptButton
Clave Borrar : HKLM\SOFTWARE\Classes\UtilityChest_49.ScriptButton.1
Clave Borrar : HKLM\SOFTWARE\Classes\UtilityChest_49.SettingsPlugin
Clave Borrar : HKLM\SOFTWARE\Classes\UtilityChest_49.SettingsPlugin.1
Clave Borrar : HKLM\SOFTWARE\Classes\UtilityChest_49.SkinLauncher
Clave Borrar : HKLM\SOFTWARE\Classes\UtilityChest_49.SkinLauncher.1
Clave Borrar : HKLM\SOFTWARE\Classes\UtilityChest_49.ThirdPartyInstaller
Clave Borrar : HKLM\SOFTWARE\Classes\UtilityChest_49.ThirdPartyInstaller.1
Clave Borrar : HKLM\SOFTWARE\Classes\UtilityChest_49.ToolbarProtector
Clave Borrar : HKLM\SOFTWARE\Classes\UtilityChest_49.ToolbarProtector.1
Clave Borrar : HKLM\SOFTWARE\Classes\UtilityChest_49.UrlAlertButton
Clave Borrar : HKLM\SOFTWARE\Classes\UtilityChest_49.UrlAlertButton.1
Clave Borrar : HKLM\SOFTWARE\Classes\UtilityChest_49.XMLSessionPlugin
Clave Borrar : HKLM\SOFTWARE\Classes\UtilityChest_49.XMLSessionPlugin.1
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Clave Borrar : HKCU\Software\92d7ddbc3ebf43
Clave Borrar : HKLM\SOFTWARE\92d7ddbc3ebf43
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_pdf-split-and-merge_RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_pdf-split-and-merge_RASMANCS
Clave Borrar : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Clave Borrar : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{23699B0B-C14D-4054-A545-FC0927BB0879}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{25151605-D156-49DD-A659-20E69C1EE15F}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{268CA04C-106C-4636-B707-95E8CD5859E0}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{2BB3E614-F616-42DD-A99A-69C1FC268741}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{35274ADF-B8DE-4909-80D1-A26269216903}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{3F2F1B3C-EDA7-46EC-A1CA-12A67CD00A82}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{5BBF357E-EA8C-48BF-83CA-DE279FB83BBA}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{698E7AA1-A28E-4064-A9AB-822171AF4EF4}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{6AAFD84D-5F7F-42E5-9FB4-157925C3ED2F}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{83CE5D73-E3DE-4DC5-82C2-3B65DFD0A849}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{878A5A0A-DC0A-4C37-BBE2-18C30E50F449}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{8C428C4B-C9E2-4B74-B791-88C3FEE48F36}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{929825DF-A1B4-40C9-8F3C-6DA06BADC150}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{9F19923D-2A4C-45EF-A026-AE7DEE5D022C}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{A72B8EA8-5B63-4C90-9FE8-D9C76C99DE32}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{C86BFADB-406F-47C7-A8D8-FAA37B39089F}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{D92EDE9A-70A4-469F-AF8F-38C3F278B0A1}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{F67A3AA8-88EE-4A3A-863A-B13A19F8696C}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{F8E1BDAB-F48F-46F9-8693-4EECB83D1AD7}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{0E1FE4D8-70CE-417E-8FF4-C2B17FF3DD07}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{13B8FF9D-DEB0-4070-B846-D049218307B3}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{1E877590-30B7-400E-A835-B942489EB7BC}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Clave Borrar : HKLM\SOFTWARE\Classes\TypeLib\{103E3C9A-E8AE-4B19-A339-01FE9439763E}
Clave Borrar : HKLM\SOFTWARE\Classes\TypeLib\{24486CE9-7BC2-4516-B743-39FFDD4F861B}
Clave Borrar : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Clave Borrar : HKLM\SOFTWARE\Classes\TypeLib\{326C4F48-FE3B-4E54-9118-9B6C3B6C9B1E}
Clave Borrar : HKLM\SOFTWARE\Classes\TypeLib\{39D884BB-2881-4F3A-B9B9-2D3AF4C2C191}
Clave Borrar : HKLM\SOFTWARE\Classes\TypeLib\{59E5BDB9-126F-4575-901E-D32132A19B94}
Clave Borrar : HKLM\SOFTWARE\Classes\TypeLib\{5CF866F0-10A3-4ED4-9BE3-668F2F148E2F}
Clave Borrar : HKLM\SOFTWARE\Classes\TypeLib\{618B2F0C-A1AF-4D1D-9354-CF0C42AF5BCB}
Clave Borrar : HKLM\SOFTWARE\Classes\TypeLib\{8EFEE482-37BC-4F3D-83E6-CB5BBE077E43}
Clave Borrar : HKLM\SOFTWARE\Classes\TypeLib\{CE1482C8-E8FD-4277-9A4F-094D712F6B60}
Clave Borrar : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Clave Borrar : HKLM\SOFTWARE\Classes\TypeLib\{EEFDBFA7-0F18-4216-8F90-6B6F71D6AB83}
Clave Borrar : HKLM\SOFTWARE\Classes\TypeLib\{F12BA68C-976E-4567-BA3B-629DFCEBC5FE}
Clave Borrar : HKLM\SOFTWARE\Classes\TypeLib\{F66F6A81-E727-4774-B461-8A5CB7F7DE07}
Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06E05B40-77FA-40B6-9077-ED1A7577B1EF}
Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Clave Borrar : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Clave Borrar : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Clave Borrar : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25151605-D156-49DD-A659-20E69C1EE15F}
Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{268CA04C-106C-4636-B707-95E8CD5859E0}
Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{698E7AA1-A28E-4064-A9AB-822171AF4EF4}
Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C428C4B-C9E2-4B74-B791-88C3FEE48F36}
Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9F19923D-2A4C-45EF-A026-AE7DEE5D022C}
Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F67A3AA8-88EE-4A3A-863A-B13A19F8696C}
Clave Borrar : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0E1FE4D8-70CE-417E-8FF4-C2B17FF3DD07}
Clave Borrar : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{13B8FF9D-DEB0-4070-B846-D049218307B3}
Clave Borrar : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E877590-30B7-400E-A835-B942489EB7BC}
Clave Borrar : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{878A5A0A-DC0A-4C37-BBE2-18C30E50F449}
Clave Borrar : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{992177A5-DF3C-4EC2-B779-6A5F94704CCC}
Clave Borrar : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DFBAF9B2-2093-4D16-9D1F-348AE68408E4}
Clave Borrar : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Clave Borrar : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Clave Borrar : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{84DC9F6C-C9A5-4C64-AB67-D6EF60F963C8}
Clave Borrar : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Clave Borrar : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Clave Borrar : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Clave Borrar : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{84DC9F6C-C9A5-4C64-AB67-D6EF60F963C8}
Clave Borrar : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Clave Borrar : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{0E1FE4D8-70CE-417E-8FF4-C2B17FF3DD07}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{13B8FF9D-DEB0-4070-B846-D049218307B3}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{1E877590-30B7-400E-A835-B942489EB7BC}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Clave Borrar : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Clave Borrar : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Clave Borrar : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Clave Borrar : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Clave Borrar : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Clave Borrar : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Clave Borrar : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{93DBF2BB-A2B3-4683-A92E-57E60751F346}
Clave Borrar : HKCU\Software\Conduit
Clave Borrar : HKCU\Software\Delta
Clave Borrar : HKCU\Software\distromatic
Clave Borrar : HKCU\Software\dsiteproducts
Clave Borrar : HKCU\Software\lollipop
Clave Borrar : HKCU\Software\OCS
Clave Borrar : HKCU\Software\Softonic
Clave Borrar : HKCU\Software\systweak
Clave Borrar : HKCU\Software\UtilityChest_49
Clave Borrar : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Clave Borrar : HKCU\Software\AppDataLow\Software\Conduit
Clave Borrar : HKCU\Software\AppDataLow\Software\SmartBar
Clave Borrar : HKCU\Software\AppDataLow\Software\UtilityChest_49
Clave Borrar : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Clave Borrar : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Clave Borrar : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Clave Borrar : HKLM\Software\Babylon
Clave Borrar : HKLM\Software\Delta
Clave Borrar : HKLM\Software\SafetyNut
Clave Borrar : HKLM\Software\supTab
Clave Borrar : HKLM\Software\supWPM
Clave Borrar : HKLM\Software\systweak
Clave Borrar : HKLM\Software\UtilityChest_49
Clave Borrar : HKLM\Software\Wpm
Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UtilityChest_49bar Uninstall
Clave Borrar : [x64] HKLM\SOFTWARE\Iminent
Clave Borrar : [x64] HKLM\SOFTWARE\Savings Bull
Clave Borrar : [x64] HKLM\SOFTWARE\SavingsBull Filter
Clave Borrar : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{813BA625-B0FA-48D8-9B75-59759C88C219}
Clave Borrar : HKLM\Software\Classes\Installer\Features\1708EDD6AB4EB164A86999D0AF0ABE1D
Clave Borrar : HKLM\Software\Classes\Installer\Features\526AB318AF0B8D84B9579557C9882C91
Clave Borrar : HKLM\Software\Classes\Installer\Products\1708EDD6AB4EB164A86999D0AF0ABE1D
Clave Borrar : HKLM\Software\Classes\Installer\Products\526AB318AF0B8D84B9579557C9882C91

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.16521

Ajustes Restaurar : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Ajustes Restaurar : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v27.0.1 (es-ES)

[ Archivo : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\st2jilhu.default\prefs.js ]

Linea borrada : user_pref("CT3241944.1000082.isDisplayHidden", "true");
Linea borrada : user_pref("CT3241944.1000082.isPlayDisplay", "true");
Linea borrada : user_pref("CT3241944.1000234.TWC_TMP_city", "MADRID");
Linea borrada : user_pref("CT3241944.1000234.TWC_TMP_country", "ES");
Linea borrada : user_pref("CT3241944.1000234.TWC_locId", "SPXX0050");
Linea borrada : user_pref("CT3241944.1000234.TWC_location", "Madrid, EspaÃÃâ€*’Ãâ€Â*’Ãâ€ÂÂ*’ÃÃâ€*’â[...]
Linea borrada : user_pref("CT3241944.1000234.TWC_region", "ES");
Linea borrada : user_pref("CT3241944.1000234.TWC_temp_dis", "c");
Linea borrada : user_pref("CT3241944.1000234.TWC_wind_dis", "kmh");
Linea borrada : user_pref("extensions.crossrider.bic", "14422ebd76d36df960ca527520aa738a");
Linea borrada : user_pref("extensions.delta.admin", false);
Linea borrada : user_pref("extensions.delta.aflt", "babsst");
Linea borrada : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Linea borrada : user_pref("extensions.delta.autoRvrt", "false");
Linea borrada : user_pref("extensions.delta.dfltLng", "es");
Linea borrada : user_pref("extensions.delta.excTlbr", false);
Linea borrada : user_pref("extensions.delta.ffxUnstlRst", true);
Linea borrada : user_pref("extensions.delta.id", "b49482c2000000000000000000000000");
Linea borrada : user_pref("extensions.delta.instlDay", "15976");
Linea borrada : user_pref("extensions.delta.instlRef", "sst");
Linea borrada : user_pref("extensions.delta.newTab", false);
Linea borrada : user_pref("extensions.delta.prdct", "delta");
Linea borrada : user_pref("extensions.delta.prtnrId", "delta");
Linea borrada : user_pref("extensions.delta.rvrt", "false");
Linea borrada : user_pref("extensions.delta.smplGrp", "none");
Linea borrada : user_pref("extensions.delta.tlbrId", "base");
Linea borrada : user_pref("extensions.delta.tlbrSrchUrl", "");
Linea borrada : user_pref("extensions.delta.vrsn", "1.8.24.6");
Linea borrada : user_pref("extensions.delta.vrsnTs", "1.8.24.616:58:47");
Linea borrada : user_pref("extensions.delta.vrsni", "1.8.24.6");
Linea borrada : user_pref("extensions.delta_i.babExt", "");
Linea borrada : user_pref("extensions.delta_i.babTrack", "affID=119357&tt=240913_238&tsp=5019");
Linea borrada : user_pref("extensions.delta_i.srcExt", "ss");
Linea borrada : user_pref("iminent.LayoutId", "1");
Linea borrada : user_pref("iminent.ShowThankyouPixel", "0");
Linea borrada : user_pref("iminent.externalScripts.iRobinHood.menuURL", "hxxp://iminent.donation-tools.org/home.aspx?pkgId=wrDCtcK4wrnCtsKxwrPCt8K3");
Linea borrada : user_pref("iminent.registerToolbarEvent102", "1392748912208");
Linea borrada : user_pref("iminent.registerToolbarEvent109", "1393522911968");
Linea borrada : user_pref("iminent.registerToolbarEvent111", "1393522912022");
Linea borrada : user_pref("iminent.registerToolbarEvent112", "1393522912831");
Linea borrada : user_pref("iminent.registerToolbarEvent122", "1393522912072");
Linea borrada : user_pref("iminent.trackExternalScripts1", "1393968454280");
Linea borrada : user_pref("iminent.trackExternalScripts2", "1393968454341");
Linea borrada : user_pref("iminent.trackExternalScripts3", "1394482076557");
Linea borrada : user_pref("iminent.version", "8.10.2.1");
Linea borrada : user_pref("valueApps.ct3319214./9B+7E+x305.storedInFile", true);
Linea borrada : user_pref("valueApps.ct3319214./9B+7E,x305.storedInFile", true);
Linea borrada : user_pref("valueApps.ct3319214./9B+7E-x305.storedInFile", true);
Linea borrada : user_pref("valueApps.ct3319214./9B+7E.:2z527.storedInFile", true);
Linea borrada : user_pref("valueApps.ct3319214./9B+7E.x305.storedInFile", true);
Linea borrada : user_pref("valueApps.ct3319214./9B+7E/x305.storedInFile", true);
Linea borrada : user_pref("valueApps.ct3319214./9B+7E06CG5EL8:", "6E6D6870726F70737773");
Linea borrada : user_pref("valueApps.ct3319214./9B+7E06CG5EL8:.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214./9B+7E06CG5EL;8I:K", "247E2D2F226A74736E76787576797D79242F4B49474F42357D5D5C3D");
Linea borrada : user_pref("valueApps.ct3319214./9B+7E06CG5EL;8I:K.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214./9B+7E0x305.storedInFile", true);
Linea borrada : user_pref("valueApps.ct3319214./9B+7E1x305.storedInFile", true);
Linea borrada : user_pref("valueApps.ct3319214./9B+7E2x305.storedInFile", true);
Linea borrada : user_pref("valueApps.ct3319214./9B+7E3x305.storedInFile", true);
Linea borrada : user_pref("valueApps.ct3319214./9B+7E4x305.storedInFile", true);
Linea borrada : user_pref("valueApps.ct3319214./9B+7E5x305.storedInFile", true);
Linea borrada : user_pref("valueApps.ct3319214./9B+7E6x305.storedInFile", true);
Linea borrada : user_pref("valueApps.ct3319214./9B+7E7x305.storedInFile", true);
Linea borrada : user_pref("valueApps.ct3319214./9B+7E8x305.storedInFile", true);
Linea borrada : user_pref("valueApps.ct3319214./9B+7E9x305.storedInFile", true);
Linea borrada : user_pref("valueApps.ct3319214./9B+7E:x305.storedInFile", true);
Linea borrada : user_pref("valueApps.ct3319214./9B+7E;x305.storedInFile", true);
Linea borrada : user_pref("valueApps.ct3319214./9B+7E<x305.storedInFile", true);
Linea borrada : user_pref("valueApps.ct3319214./9B+7E=x305.storedInFile", true);
Linea borrada : user_pref("valueApps.ct3319214./9B+7E>x305.storedInFile", true);
Linea borrada : user_pref("valueApps.ct3319214./9B+7E?x305.storedInFile", true);
Linea borrada : user_pref("valueApps.ct3319214./9B+7E@x305.storedInFile", true);
Linea borrada : user_pref("valueApps.ct3319214./9B+7EAx305.storedInFile", true);
Linea borrada : user_pref("valueApps.ct3319214./9B+7EBE3G=;D9N9=D", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Linea borrada : user_pref("valueApps.ct3319214./9B+7EBE3G=;D9N9=D.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214./9B+7EBx305.storedInFile", true);
Linea borrada : user_pref("valueApps.ct3319214./9B+7ECx305.storedInFile", true);
Linea borrada : user_pref("valueApps.ct3319214./9B+7EDx305.storedInFile", true);
Linea borrada : user_pref("valueApps.ct3319214./9B+7Etx305.storedInFile", true);
Linea borrada : user_pref("valueApps.ct3319214./9B-0?3G>D", "3B3F6F3E6D6B6C737A77734777207D7E7C4E254D5151522A21232656552A575D5C2B2B5E");
Linea borrada : user_pref("valueApps.ct3319214./9B-0?3G>D.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214./9B-0?3G@6:5;", "");
Linea borrada : user_pref("valueApps.ct3319214./9B-0?3G@6:5;.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214./9B-0?3GFA7EF", "2B2E2C3D");
Linea borrada : user_pref("valueApps.ct3319214./9B-0?3GFA7EF.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214./9B-3=3ECCJA=F>", "247E333D2C452F4135276F297B7E7D21202F26313E4249357D37382F3A494D5D513F283338435D6554695B65546D57695D5D686365533C70766C66755E");
Linea borrada : user_pref("valueApps.ct3319214./9B-3=3ECCJA=F>.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214./9B/>01=9A6K6<IM;KRIE@PDAWM", "6A696B7273747576");
Linea borrada : user_pref("valueApps.ct3319214./9B/>01=9A6K6<IM;KRIE@PDAWM.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214./9B3=>@44I48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
Linea borrada : user_pref("valueApps.ct3319214./9B3=>@44I48?.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214./9B5BA==9CJAG", "3A3F6B6B6A6D6F417A6F7147754779777C7D4E7B4F");
Linea borrada : user_pref("valueApps.ct3319214./9B5BA==9CJAG.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214./9B6B11G4C56B>F;P;ANR@P", "6E6D6870726F70737677747278");
Linea borrada : user_pref("valueApps.ct3319214./9B6B11G4C56B>F;P;ANR@P.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214./9B90E@.3C;7B=?OFB>>RHIQS", "393F352F3E");
Linea borrada : user_pref("valueApps.ct3319214./9B90E@.3C;7B=?OFB>>RHIQS.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214./9B9643G3/9E", "6A");
Linea borrada : user_pref("valueApps.ct3319214./9B9643G3/9E.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214./9B;45>:BI9I7IE", "2B2E2C3D");
Linea borrada : user_pref("valueApps.ct3319214./9B;45>:BI9I7IE.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214./9B<:222H64<", "393F352F3E");
Linea borrada : user_pref("valueApps.ct3319214./9B<:222H64<.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214./9B<:222H64<L8DAJ", "6D70706E7674737976772A787A727976757E7C");
Linea borrada : user_pref("valueApps.ct3319214./9B<:222H64<L8DAJ.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214./9B=+03EH8H8J?:", "4443");
Linea borrada : user_pref("valueApps.ct3319214./9B=+03EH8H8J?:.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214./9B?+E2A52D8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Linea borrada : user_pref("valueApps.ct3319214./9B?+E2A52D8.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214./9B?B0D:8AJ62<H", "6D");
Linea borrada : user_pref("valueApps.ct3319214./9B?B0D:8AJ62<H.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214./9BA@0<0BI6A7GN:6@L?", "6C");
Linea borrada : user_pref("valueApps.ct3319214./9BA@0<0BI6A7GN:6@L?.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214.PG_ENABLE", "74727565");
Linea borrada : user_pref("valueApps.ct3319214.PG_ENABLE.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214.SF_JUST_INSTALLED", "46414C5345");
Linea borrada : user_pref("valueApps.ct3319214.SF_JUST_INSTALLED.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214.SF_STATUS", "454E41424C4544");
Linea borrada : user_pref("valueApps.ct3319214.SF_STATUS.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214.SF_USER_ID", "6369645F3131323230313432323438333137323637373033");
Linea borrada : user_pref("valueApps.ct3319214.SF_USER_ID.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214._key_cl_active", "36383566343066362D356237372D343863362D626634322D336162366132633833303439");
Linea borrada : user_pref("valueApps.ct3319214._key_cl_active.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214.cb_experience_000", "3131");
Linea borrada : user_pref("valueApps.ct3319214.cb_experience_000.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214.cb_firstuse0100", "31");
Linea borrada : user_pref("valueApps.ct3319214.cb_firstuse0100.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214.cb_user_id_000", "43423635333031393733303832305F313339323332343933333532385F46697265666F78");
Linea borrada : user_pref("valueApps.ct3319214.cb_user_id_000.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214.cbfirsttime", "5475652046656220313120323031342032323A34383A323720474D542B30313030");
Linea borrada : user_pref("valueApps.ct3319214.cbfirsttime.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214.mam_gk_appStateReportTime", "31333934353538363535323739");
Linea borrada : user_pref("valueApps.ct3319214.mam_gk_appStateReportTime.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214.mam_gk_appState_Clarity_Active", "6F6E");
Linea borrada : user_pref("valueApps.ct3319214.mam_gk_appState_Clarity_Active.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214.mam_gk_appsConfig.storedInFile", true);
Linea borrada : user_pref("valueApps.ct3319214.mam_gk_appsDefaultEnabled", "6E756C6C");
Linea borrada : user_pref("valueApps.ct3319214.mam_gk_appsDefaultEnabled.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214.mam_gk_calledSetupService", "31");
Linea borrada : user_pref("valueApps.ct3319214.mam_gk_calledSetupService.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214.mam_gk_currentBadgeValue", "31");
Linea borrada : user_pref("valueApps.ct3319214.mam_gk_currentBadgeValue.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214.mam_gk_currentVersion", "312E31332E302E3137");
Linea borrada : user_pref("valueApps.ct3319214.mam_gk_currentVersion.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214.mam_gk_first_time", "31");
Linea borrada : user_pref("valueApps.ct3319214.mam_gk_first_time.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214.mam_gk_lastInstallationSessionGuid", "7B31386631623232332D663033312D346231612D623065382D3731376439366331316430657D");
Linea borrada : user_pref("valueApps.ct3319214.mam_gk_lastInstallationSessionGuid.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214.mam_gk_lastLoginTime", "31333934353538363535363336");
Linea borrada : user_pref("valueApps.ct3319214.mam_gk_lastLoginTime.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214.mam_gk_localization.storedInFile", true);
Linea borrada : user_pref("valueApps.ct3319214.mam_gk_mamEnabled", "74727565");
Linea borrada : user_pref("valueApps.ct3319214.mam_gk_mamEnabled.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214.mam_gk_newApps", "5B5D");
Linea borrada : user_pref("valueApps.ct3319214.mam_gk_newApps.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214.mam_gk_settings1.13.0.17.storedInFile", true);
Linea borrada : user_pref("valueApps.ct3319214.mam_gk_showWelcomeGadget", "66616C7365");
Linea borrada : user_pref("valueApps.ct3319214.mam_gk_showWelcomeGadget.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214.mam_gk_stamp", "313130325F31");
Linea borrada : user_pref("valueApps.ct3319214.mam_gk_stamp.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214.mam_gk_userBornDate", "3230313430323132");
Linea borrada : user_pref("valueApps.ct3319214.mam_gk_userBornDate.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214.mam_gk_userId", "64303234643635632D313064632D346264612D393962662D353263313965613137316538");
Linea borrada : user_pref("valueApps.ct3319214.mam_gk_userId.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214.mam_gk_user_approval_interacted", "");
Linea borrada : user_pref("valueApps.ct3319214.mam_gk_user_approval_interacted.storedInFile", false);
Linea borrada : user_pref("valueApps.ct3319214.url_history0001", "73746172743A3A3A636C69636B68616E646C65723A3A3A313339323332343933343638362C2C2C73746172743A3A3A636C69636B68616E646C65723A3A3A31333932373531303135383437[...]
Linea borrada : user_pref("valueApps.ct3319214.url_history0001.storedInFile", true);

-\\ Google Chrome v33.0.1750.154

[ Archivo : C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Borrar : homepage
Borrar : search_url
Borrar : keyword

*************************

AdwCleaner[R0].txt - [45348 octets] - [19/03/2014 18:56:55]
AdwCleaner[R1].txt - [41366 octets] - [19/03/2014 19:00:20]
AdwCleaner[S0].txt - [3914 octets] - [19/03/2014 18:58:09]
AdwCleaner[S1].txt - [37583 octets] - [19/03/2014 19:01:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [37644 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Andreas on 19/03/2014 at 19:17:06,93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\speedypc software
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2334838483-4133862729-1016828376-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\speedypc software
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatewhilokii_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatewhilokii_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{39201A40-FC19-4B3A-9C4F-667BB6A02AB1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AC3FD9EA-0A53-4EB3-AF72-00BBE159B55A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{39201A40-FC19-4B3A-9C4F-667BB6A02AB1}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\speedypc software"
Successfully deleted: [Folder] "C:\Users\Andreas\AppData\Roaming\speedypc software"
Successfully deleted: [Empty Folder] C:\Users\Andreas\appdata\local\{052C4DEC-7EF3-4A16-83CF-0E9EC216F884}
Successfully deleted: [Empty Folder] C:\Users\Andreas\appdata\local\{0E63275A-85A4-48F4-ADD1-90F194C3E82A}
Successfully deleted: [Empty Folder] C:\Users\Andreas\appdata\local\{659FCAE3-6961-4B6D-8088-38672D981688}
Successfully deleted: [Empty Folder] C:\Users\Andreas\appdata\local\{6720CF05-29CE-4B46-A3F6-D35FAE6BF1D8}
Successfully deleted: [Empty Folder] C:\Users\Andreas\appdata\local\{74F2E0A6-7A59-49B7-BA2D-24AD993FEEB7}
Successfully deleted: [Empty Folder] C:\Users\Andreas\appdata\local\{9BE9ABE0-808F-4FA3-ADB8-56B72B6F5D3A}
Successfully deleted: [Empty Folder] C:\Users\Andreas\appdata\local\{B0E5DB39-493C-4D5D-A769-0E69C9736C54}
Successfully deleted: [Empty Folder] C:\Users\Andreas\appdata\local\{B4C8C286-161B-4BBB-9124-154CA645DE53}
Successfully deleted: [Empty Folder] C:\Users\Andreas\appdata\local\{DE1BC479-6C90-4D9A-8BF3-34E3AB9D1993}
Successfully deleted: [Empty Folder] C:\Users\Andreas\appdata\local\{E71EBFB6-A6C2-49EC-ABD3-28544D4EF3E6}



~~~ FireFox

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\49ffxtbr@utilitychest_49.com
Emptied folder: C:\Users\Andreas\AppData\Roaming\mozilla\firefox\profiles\st2jilhu.default\minidumps [168 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19/03/2014 at 19:32:44,19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Andreas (administrator) on ANDREAS-HP on 19-03-2014 19:45:38
Running from C:\Users\Andreas\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Spanish Modern Sort
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
() C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-10] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [525312 2010-12-17] (IDT, Inc.)
HKLM\...\Run: [SetDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPQuickWebProxy] - C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-07-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\qttask.exe [155648 2012-05-23] (Apple Computer, Inc.)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPConnectionManager] - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-09-13] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [UIExec] - C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe [156448 2012-05-04] ()
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-11] (AVAST Software)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2334838483-4133862729-1016828376-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Supervisar alertas de tinta - HP Officejet 4620 series.lnk
ShortcutTarget: Supervisar alertas de tinta - HP Officejet 4620 series.lnk -> C:\Program Files\HP\HP Officejet 4620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {39201A40-FC19-4B3A-9C4F-667BB6A02AB1} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=105&systemid=473&v=a11465-148&apn_uid=2331992103804423&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/1185-111090-7840-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/1185-111090-7840-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - 371749EC7A94488FB1ECF9797D04316C URL = hxxp://start.funmoods.com/results.php?f=4&a=promose&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/1185-111090-7840-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: No Name - {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} -  No File
BHO-x32: No Name - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Aplicación auxiliar de inicio de sesión de Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {2DAB6EF1-66C3-427C-87CD-8DC448C47EAE} https://www5.aeat.es/es13/h/tgvicab.cab
DPF: HKLM-x32 {947B00D2-962D-4A35-9E48-98EE6A442B41} https://www1.agenciatributaria.gob.es/ADUA/internet/aded1503.cab
DPF: HKLM-x32 {B785FA3C-1DE9-4D20-8396-613C486FE95E} https://www1.agenciatributaria.gob.es/es13/h/cactivex.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\st2jilhu.default
FF SearchEngineOrder.1: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @UtilityChest_49.com/Plugin - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\NP49Stub.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\st2jilhu.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\st2jilhu.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\st2jilhu.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\st2jilhu.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\drae.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-es.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-es.xml
FF Extension: United States English Spellchecker - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\st2jilhu.default\Extensions\en-US@dictionaries.addons.mozilla.org [2013-03-25]
FF Extension: HP Detect - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\st2jilhu.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2012-06-04]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-03]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-06-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-06-18]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-06-04]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchProvider: Amazon
CHR DefaultSearchURL: hxxp://www.google.com
CHR Extension: (Google Docs) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-11]
CHR Extension: (Google Drive) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-11]
CHR Extension: (YouTube) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-11]
CHR Extension: (Búsqueda de Google) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-11]
CHR Extension: (Skype Click to Call) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-02-25]
CHR Extension: (Google Wallet) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-11]
CHR Extension: (Gmail) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-11]
CHR HKLM-x32\...\Chrome\Extension: [dljhohhmfjfhgfhpgkfefjoojfobodhn] - C:\Program Files (x86)\Whilokii\dljhohhmfjfhgfhpgkfefjoojfobodhn.crx [2014-02-11]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-02-11]
CHR HKLM-x32\...\Chrome\Extension: [iaimhpklononapfjngelgdokckfjekfc] - C:\Program Files (x86)\Whilokii\iaimhpklononapfjngelgdokckfjekfc.crx [2014-02-11]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-05] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-11] (AVAST Software)
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 UI Assistant Service; C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe [274208 2012-05-04] ()

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-02-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-02-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-11] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-11] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2014-01-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-02-11] ()
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [61592 2013-12-17] (NetFilterSDK.com)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-19 19:45 - 2014-03-19 19:45 - 00022734 _____ () C:\Users\Andreas\Downloads\FRST.txt
2014-03-19 19:41 - 2014-03-19 19:42 - 02157056 _____ (Farbar) C:\Users\Andreas\Downloads\FRST64.exe
2014-03-19 19:32 - 2014-03-19 19:32 - 00003543 _____ () C:\Users\Andreas\Desktop\JRT.txt
2014-03-19 19:17 - 2014-03-19 19:17 - 00000000 ____D () C:\Windows\ERUNT
2014-03-19 19:15 - 2014-03-19 19:15 - 01037734 _____ (Thisisu) C:\Users\Andreas\Downloads\JRT.exe
2014-03-19 19:06 - 2014-03-19 19:06 - 00037973 _____ () C:\Users\Andreas\Desktop\AdwCleaner[S1].txt
2014-03-19 18:55 - 2014-03-19 19:01 - 00000000 ____D () C:\AdwCleaner
2014-03-19 18:54 - 2014-03-19 18:54 - 01950720 _____ () C:\Users\Andreas\Downloads\adwcleaner.exe
2014-03-19 18:29 - 2014-03-19 18:32 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-19 18:29 - 2014-03-19 18:29 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Malwarebytes
2014-03-19 18:29 - 2014-03-19 18:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-19 18:28 - 2014-03-19 18:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-19 18:28 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-19 18:26 - 2014-03-19 18:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Andreas\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-19 18:17 - 2014-03-19 18:17 - 00000000 ____D () C:\Windows\SysWOW64\sda
2014-03-19 18:16 - 2014-03-19 18:16 - 09888360 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsPStorIcon.dll
2014-03-19 18:16 - 2014-03-19 18:16 - 00338536 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsPStor.sys
2014-03-19 18:13 - 2014-03-19 18:13 - 00001995 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk
2014-03-19 18:13 - 2014-03-19 18:13 - 00000000 ____D () C:\ProgramData\Visan
2014-03-19 18:13 - 2014-03-19 18:13 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-03-19 18:13 - 2014-03-19 18:13 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-03-18 18:51 - 2014-03-18 18:51 - 00028667 _____ () C:\ComboFix.txt
2014-03-18 18:24 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-18 18:24 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-18 18:24 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-18 18:24 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-18 18:24 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-18 18:24 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-18 18:24 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-18 18:24 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-18 18:23 - 2014-03-18 18:51 - 00000000 ____D () C:\Qoobox
2014-03-18 18:23 - 2014-03-18 18:49 - 00000000 ____D () C:\Windows\erdnt
2014-03-18 18:15 - 2014-03-18 18:15 - 05190594 ____R (Swearware) C:\Users\Andreas\Desktop\ComboFix.exe
2014-03-12 21:18 - 2014-03-12 21:18 - 00008197 _____ () C:\Users\Andreas\Desktop\gmer.7z
2014-03-12 21:11 - 2014-03-12 21:11 - 01110476 _____ () C:\Users\Andreas\Downloads\7z920.exe
2014-03-12 21:11 - 2014-03-12 21:11 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-03-12 20:41 - 2014-03-12 20:41 - 00419222 _____ () C:\Users\Andreas\Desktop\gmer.txt
2014-03-12 20:19 - 2014-03-12 20:19 - 00380416 _____ () C:\Users\Andreas\Desktop\Gmer-19357.exe
2014-03-12 19:26 - 2014-03-12 19:27 - 00052615 _____ () C:\Users\Andreas\Desktop\Addition.txt
2014-03-12 19:25 - 2014-03-19 19:45 - 00000000 ____D () C:\FRST
2014-03-12 19:25 - 2014-03-12 19:27 - 00072070 _____ () C:\Users\Andreas\Desktop\FRST.txt
2014-03-12 19:21 - 2014-03-12 19:21 - 02157056 _____ (Farbar) C:\Users\Andreas\Desktop\FRST64.exe
2014-03-12 19:16 - 2014-03-12 19:17 - 00000476 _____ () C:\Users\Andreas\Desktop\defogger_disable.log
2014-03-12 19:16 - 2014-03-12 19:16 - 00000000 _____ () C:\Users\Andreas\defogger_reenable
2014-03-12 19:14 - 2014-03-12 19:14 - 00050477 _____ () C:\Users\Andreas\Desktop\Defogger.exe
2014-03-11 20:57 - 2014-03-18 21:03 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForAndreas
2014-03-11 20:57 - 2014-03-18 21:03 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForAndreas.job
2014-03-11 20:41 - 2014-03-11 20:41 - 553205555 _____ () C:\Windows\MEMORY.DMP
2014-03-11 20:41 - 2014-03-11 20:41 - 00275064 _____ () C:\Windows\Minidump\031114-132039-01.dmp
2014-03-11 20:41 - 2014-03-11 20:41 - 00000000 ____D () C:\Windows\Minidump
2014-03-11 20:15 - 2014-03-11 20:15 - 05095824 _____ (SpeedyPC Software, Inc.) C:\Users\Andreas\Downloads\SpeedyPC Pro Installer.exe
2014-03-11 18:33 - 2014-03-11 18:33 - 00000000 _____ () C:\autoexec.bat
2014-03-11 18:32 - 2014-03-11 18:32 - 00002262 _____ () C:\Users\Andreas\Desktop\SpyHunter.lnk
2014-03-11 18:32 - 2014-03-11 18:32 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-03-11 18:32 - 2014-03-11 18:32 - 00000000 ____D () C:\sh4ldr
2014-03-11 18:32 - 2014-03-11 18:32 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-03-11 18:31 - 2014-03-12 18:20 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-03-11 18:27 - 2014-03-11 18:27 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Andreas\Downloads\SpyHunter-Installer.exe
2014-03-11 18:24 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-11 18:24 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-11 18:24 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-11 18:24 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-11 18:24 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-11 18:24 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-11 18:24 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-11 18:24 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-11 18:24 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-11 18:24 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-11 18:24 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-11 18:24 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-11 18:24 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-11 18:24 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-11 18:24 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-11 18:24 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-11 18:24 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-11 18:24 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-11 18:24 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-11 18:24 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-11 18:24 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-11 18:24 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-11 18:24 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-11 18:24 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-11 18:24 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-11 18:24 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-11 18:24 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-11 18:24 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-11 18:24 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-11 18:24 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-11 18:24 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-11 18:24 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-11 18:24 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-11 18:24 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-11 18:24 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-11 18:24 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-11 18:24 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-11 18:24 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-11 18:24 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-11 18:24 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-11 18:24 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-11 18:24 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-11 18:24 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-11 18:24 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-11 18:22 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-11 18:22 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-11 18:22 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-11 18:22 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-10 23:05 - 2014-03-10 23:05 - 00001205 _____ () C:\Users\Andreas\Downloads\FixNCR.reg
2014-03-10 21:00 - 2014-03-10 21:00 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-10 21:00 - 2014-03-10 21:00 - 00000000 ____D () C:\Users\Andreas\AppData\Local\Skype
2014-03-10 19:15 - 2014-03-12 18:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-27 21:57 - 2014-03-19 18:48 - 11639954 _____ () C:\Windows\system32\SavingsBullFilterService.log
2014-02-27 21:57 - 2014-02-27 21:57 - 00000000 _____ () C:\Windows\SysWOW64\Service.log
2014-02-27 21:57 - 2014-02-27 21:57 - 00000000 _____ () C:\Windows\system32\Service.log
2014-02-24 19:26 - 2014-02-24 19:26 - 00002221 _____ () C:\Users\Andreas\Desktop\HP Support Assistant.lnk
2014-02-24 19:21 - 2014-02-24 19:21 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-02-19 20:30 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-19 20:30 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-19 20:30 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-19 20:30 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-19 20:29 - 2014-02-19 20:30 - 00005173 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-19 20:19 - 2014-02-19 20:19 - 00000000 ____D () C:\extensions
2014-02-17 22:17 - 2014-02-17 22:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-17 22:01 - 2014-02-17 22:01 - 06790649 _____ () C:\Users\Andreas\Downloads\wordpress-3.8.1-es_ES(1).zip
2014-02-17 21:48 - 2014-02-17 21:59 - 00000022 _____ () C:\Users\Andreas\Downloads\wordpress-3.8.1-es_ES.zip
2014-02-17 21:28 - 2014-02-17 21:33 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-02-17 21:27 - 2014-02-17 21:32 - 00000000 ____D () C:\Program Files (x86)\Systweak Support Dock
2014-02-17 21:27 - 2014-02-17 21:32 - 00000000 ____D () C:\Program Files (x86)\PC Cleaner
2014-02-17 21:27 - 2014-02-17 21:32 - 00000000 ____D () C:\Program Files (x86)\Advanced Disk Recovery

==================== One Month Modified Files and Folders =======

2014-03-19 19:45 - 2014-03-19 19:45 - 00022734 _____ () C:\Users\Andreas\Downloads\FRST.txt
2014-03-19 19:45 - 2014-03-12 19:25 - 00000000 ____D () C:\FRST
2014-03-19 19:42 - 2014-03-19 19:41 - 02157056 _____ (Farbar) C:\Users\Andreas\Downloads\FRST64.exe
2014-03-19 19:40 - 2012-09-12 14:04 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Skype
2014-03-19 19:32 - 2014-03-19 19:32 - 00003543 _____ () C:\Users\Andreas\Desktop\JRT.txt
2014-03-19 19:31 - 2012-05-17 11:33 - 00000838 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-19 19:17 - 2014-03-19 19:17 - 00000000 ____D () C:\Windows\ERUNT
2014-03-19 19:15 - 2014-03-19 19:15 - 01037734 _____ (Thisisu) C:\Users\Andreas\Downloads\JRT.exe
2014-03-19 19:12 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-19 19:12 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-19 19:06 - 2014-03-19 19:06 - 00037973 _____ () C:\Users\Andreas\Desktop\AdwCleaner[S1].txt
2014-03-19 19:04 - 2014-02-11 20:46 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-19 19:04 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-19 19:04 - 2009-07-14 05:51 - 00115328 _____ () C:\Windows\setupact.log
2014-03-19 19:03 - 2014-02-11 20:46 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-19 19:03 - 2012-02-20 11:18 - 01611200 _____ () C:\Windows\WindowsUpdate.log
2014-03-19 19:01 - 2014-03-19 18:55 - 00000000 ____D () C:\AdwCleaner
2014-03-19 19:01 - 2012-05-15 18:39 - 00000977 _____ () C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-19 18:58 - 2014-02-11 20:48 - 00001288 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-19 18:58 - 2012-05-17 08:53 - 00001053 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-19 18:54 - 2014-03-19 18:54 - 01950720 _____ () C:\Users\Andreas\Downloads\adwcleaner.exe
2014-03-19 18:54 - 2012-05-15 18:39 - 00003994 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{81EDD4D1-C001-44A4-A67F-76F8783CE17C}
2014-03-19 18:49 - 2010-11-21 04:47 - 00804022 _____ () C:\Windows\PFRO.log
2014-03-19 18:48 - 2014-02-27 21:57 - 11639954 _____ () C:\Windows\system32\SavingsBullFilterService.log
2014-03-19 18:32 - 2014-03-19 18:29 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-19 18:32 - 2014-03-19 18:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-19 18:29 - 2014-03-19 18:29 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Malwarebytes
2014-03-19 18:29 - 2014-03-19 18:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-19 18:26 - 2014-03-19 18:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Andreas\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-19 18:19 - 2011-07-21 06:53 - 00748422 _____ () C:\Windows\system32\perfh00A.dat
2014-03-19 18:19 - 2011-07-21 06:53 - 00159604 _____ () C:\Windows\system32\perfc00A.dat
2014-03-19 18:19 - 2009-07-14 06:13 - 01679834 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-19 18:18 - 2012-05-17 08:24 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-03-19 18:17 - 2014-03-19 18:17 - 00000000 ____D () C:\Windows\SysWOW64\sda
2014-03-19 18:17 - 2012-06-04 19:04 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\HpUpdate
2014-03-19 18:17 - 2011-07-20 21:55 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-19 18:16 - 2014-03-19 18:16 - 09888360 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsPStorIcon.dll
2014-03-19 18:16 - 2014-03-19 18:16 - 00338536 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsPStor.sys
2014-03-19 18:16 - 2012-02-20 11:28 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-03-19 18:16 - 2011-02-10 20:23 - 00000000 ____D () C:\SWSetup
2014-03-19 18:13 - 2014-03-19 18:13 - 00001995 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk
2014-03-19 18:13 - 2014-03-19 18:13 - 00000000 ____D () C:\ProgramData\Visan
2014-03-19 18:13 - 2014-03-19 18:13 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-03-19 18:13 - 2014-03-19 18:13 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-03-19 18:13 - 2013-06-27 19:30 - 00002248 _____ () C:\Users\Public\Desktop\HP Officejet 4620 series.lnk
2014-03-18 21:25 - 2013-08-15 17:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 21:25 - 2012-06-04 11:12 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 21:03 - 2014-03-11 20:57 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForAndreas
2014-03-18 21:03 - 2014-03-11 20:57 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForAndreas.job
2014-03-18 19:03 - 2012-06-01 09:31 - 00000000 ____D () C:\Users\Andreas\AppData\Local\CrashDumps
2014-03-18 18:51 - 2014-03-18 18:51 - 00028667 _____ () C:\ComboFix.txt
2014-03-18 18:51 - 2014-03-18 18:23 - 00000000 ____D () C:\Qoobox
2014-03-18 18:51 - 2011-01-26 14:22 - 00000000 ____D () C:\Users\privat
2014-03-18 18:49 - 2014-03-18 18:23 - 00000000 ____D () C:\Windows\erdnt
2014-03-18 18:45 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-18 18:42 - 2009-07-14 03:34 - 73400320 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-03-18 18:42 - 2009-07-14 03:34 - 17563648 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-03-18 18:42 - 2009-07-14 03:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-03-18 18:42 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-03-18 18:42 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-03-18 18:40 - 2012-05-15 18:38 - 00000000 ____D () C:\Users\Andreas
2014-03-18 18:15 - 2014-03-18 18:15 - 05190594 ____R (Swearware) C:\Users\Andreas\Desktop\ComboFix.exe
2014-03-18 18:08 - 2012-09-24 07:15 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-13 19:02 - 2011-01-26 14:20 - 00000000 ____D () C:\privat
2014-03-13 18:57 - 2013-09-28 18:57 - 00000174 _____ () C:\Users\Andreas\AppData\Roaming\WB.CFG
2014-03-13 18:19 - 2012-05-17 08:47 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-03-12 22:44 - 2012-05-17 08:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-12 21:18 - 2014-03-12 21:18 - 00008197 _____ () C:\Users\Andreas\Desktop\gmer.7z
2014-03-12 21:11 - 2014-03-12 21:11 - 01110476 _____ () C:\Users\Andreas\Downloads\7z920.exe
2014-03-12 21:11 - 2014-03-12 21:11 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-03-12 20:41 - 2014-03-12 20:41 - 00419222 _____ () C:\Users\Andreas\Desktop\gmer.txt
2014-03-12 20:19 - 2014-03-12 20:19 - 00380416 _____ () C:\Users\Andreas\Desktop\Gmer-19357.exe
2014-03-12 19:27 - 2014-03-12 19:26 - 00052615 _____ () C:\Users\Andreas\Desktop\Addition.txt
2014-03-12 19:27 - 2014-03-12 19:25 - 00072070 _____ () C:\Users\Andreas\Desktop\FRST.txt
2014-03-12 19:21 - 2014-03-12 19:21 - 02157056 _____ (Farbar) C:\Users\Andreas\Desktop\FRST64.exe
2014-03-12 19:17 - 2014-03-12 19:16 - 00000476 _____ () C:\Users\Andreas\Desktop\defogger_disable.log
2014-03-12 19:16 - 2014-03-12 19:16 - 00000000 _____ () C:\Users\Andreas\defogger_reenable
2014-03-12 19:14 - 2014-03-12 19:14 - 00050477 _____ () C:\Users\Andreas\Desktop\Defogger.exe
2014-03-12 18:20 - 2014-03-11 18:31 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-03-12 18:18 - 2014-03-10 19:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-12 07:30 - 2009-07-14 05:45 - 00295192 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-11 22:31 - 2012-05-17 11:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 22:31 - 2012-05-17 11:33 - 00003776 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 22:31 - 2011-07-20 21:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 21:57 - 2012-09-12 14:04 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-11 20:41 - 2014-03-11 20:41 - 553205555 _____ () C:\Windows\MEMORY.DMP
2014-03-11 20:41 - 2014-03-11 20:41 - 00275064 _____ () C:\Windows\Minidump\031114-132039-01.dmp
2014-03-11 20:41 - 2014-03-11 20:41 - 00000000 ____D () C:\Windows\Minidump
2014-03-11 20:15 - 2014-03-11 20:15 - 05095824 _____ (SpeedyPC Software, Inc.) C:\Users\Andreas\Downloads\SpeedyPC Pro Installer.exe
2014-03-11 18:33 - 2014-03-11 18:33 - 00000000 _____ () C:\autoexec.bat
2014-03-11 18:32 - 2014-03-11 18:32 - 00002262 _____ () C:\Users\Andreas\Desktop\SpyHunter.lnk
2014-03-11 18:32 - 2014-03-11 18:32 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-03-11 18:32 - 2014-03-11 18:32 - 00000000 ____D () C:\sh4ldr
2014-03-11 18:32 - 2014-03-11 18:32 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-03-11 18:27 - 2014-03-11 18:27 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Andreas\Downloads\SpyHunter-Installer.exe
2014-03-10 23:05 - 2014-03-10 23:05 - 00001205 _____ () C:\Users\Andreas\Downloads\FixNCR.reg
2014-03-10 21:00 - 2014-03-10 21:00 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-10 21:00 - 2014-03-10 21:00 - 00000000 ____D () C:\Users\Andreas\AppData\Local\Skype
2014-03-10 21:00 - 2012-09-12 14:04 - 00000000 ____D () C:\ProgramData\Skype
2014-03-10 19:20 - 2012-05-23 17:26 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\SoftGrid Client
2014-03-10 18:48 - 2012-08-01 17:22 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-03-05 22:23 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-01 07:05 - 2014-03-11 18:24 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-11 18:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-11 18:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-11 18:24 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-11 18:24 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-11 18:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-11 18:24 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-11 18:24 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-11 18:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-11 18:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-11 18:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-11 18:24 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-11 18:24 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-11 18:24 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-11 18:24 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-11 18:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-11 18:24 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-11 18:24 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-11 18:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-11 18:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-11 18:24 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-11 18:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-11 18:24 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-11 18:24 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-11 18:24 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-11 18:24 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-11 18:24 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-11 18:24 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-11 18:24 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-11 18:24 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-11 18:24 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-11 18:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-11 18:24 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-11 18:24 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-11 18:24 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-11 18:24 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-11 18:24 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-11 18:24 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-11 18:24 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-11 18:24 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-27 21:57 - 2014-02-27 21:57 - 00000000 _____ () C:\Windows\SysWOW64\Service.log
2014-02-27 21:57 - 2014-02-27 21:57 - 00000000 _____ () C:\Windows\system32\Service.log
2014-02-27 20:13 - 2012-02-20 11:25 - 01654420 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-24 22:03 - 2009-07-14 06:08 - 00032520 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-24 19:26 - 2014-02-24 19:26 - 00002221 _____ () C:\Users\Andreas\Desktop\HP Support Assistant.lnk
2014-02-24 19:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Help
2014-02-24 19:22 - 2011-07-20 21:32 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-02-24 19:21 - 2014-02-24 19:21 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-02-24 19:19 - 2011-07-20 21:44 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-02-19 20:30 - 2014-02-19 20:29 - 00005173 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-19 20:30 - 2012-10-02 07:26 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-19 20:19 - 2014-02-19 20:19 - 00000000 ____D () C:\extensions
2014-02-17 22:17 - 2014-02-17 22:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-17 22:01 - 2014-02-17 22:01 - 06790649 _____ () C:\Users\Andreas\Downloads\wordpress-3.8.1-es_ES(1).zip
2014-02-17 21:59 - 2014-02-17 21:48 - 00000022 _____ () C:\Users\Andreas\Downloads\wordpress-3.8.1-es_ES.zip
2014-02-17 21:35 - 2012-05-15 18:39 - 00000000 ___RD () C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-17 21:33 - 2014-02-17 21:28 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-02-17 21:32 - 2014-02-17 21:27 - 00000000 ____D () C:\Program Files (x86)\Systweak Support Dock
2014-02-17 21:32 - 2014-02-17 21:27 - 00000000 ____D () C:\Program Files (x86)\PC Cleaner
2014-02-17 21:32 - 2014-02-17 21:27 - 00000000 ____D () C:\Program Files (x86)\Advanced Disk Recovery

Some content of TEMP:
====================
C:\Users\Andreas\AppData\Local\Temp\Extract.exe
C:\Users\Andreas\AppData\Local\Temp\Quarantine.exe
C:\Users\Andreas\AppData\Local\Temp\SP55085.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-02 10:57

==================== End Of Log ============================
         
--- --- ---

Alt 20.03.2014, 10:21   #10
schrauber
/// the machine
/// TB-Ausbilder
 

windows7 Redirect Virus - Standard

windows7 Redirect Virus




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.03.2014, 23:42   #11
Puig
 
windows7 Redirect Virus - Standard

windows7 Redirect Virus



hier die logs

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=68f9a7052feddf49baa5900bde6790ad
# engine=17531
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-20 10:11:06
# local_time=2014-03-20 11:11:06 (+0100, Hora estándar romance)
# country="Spain"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 77 3209376 3212073 0 0
# compatibility_mode=5893 16776573 100 94 101312 146983316 0 0
# scanned=186391
# found=3
# cleaned=0
# scan_time=15505
sh=6205DDE47C041E3B67EFC540F89F24344835EE11 ft=0 fh=0000000000000000 vn="Win32/AdWare.Adpeak.B application" ac=I fn="C:\temp\t.msi"
sh=0F6821D458BDD279645C0F1F8F19E6DF3BA5B5D1 ft=1 fh=c71c0011a03764d3 vn="a variant of Win32/Kryptik.BWAM trojan" ac=I fn="C:\Users\Andreas\Downloads\FileZilla_3.7.3_win32-setup.exe"
sh=6205DDE47C041E3B67EFC540F89F24344835EE11 ft=0 fh=0000000000000000 vn="Win32/AdWare.Adpeak.B application" ac=I fn="C:\Windows\Installer\18bc2.msi"
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.80  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java 7 Update 51  
 Adobe Flash Player 12.0.0.77  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox (27.0.1) 
 Mozilla Thunderbird (24.3.0) 
 Google Chrome 33.0.1750.146  
 Google Chrome 33.0.1750.154  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 6% 
````````````````````End of Log``````````````````````
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Andreas (administrator) on ANDREAS-HP on 20-03-2014 23:37:36
Running from C:\Users\Andreas\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Spanish Modern Sort
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Apple Computer, Inc.) C:\Program Files (x86)\QuickTime\qttask.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
() C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-10] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [525312 2010-12-17] (IDT, Inc.)
HKLM\...\Run: [SetDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPQuickWebProxy] - C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-07-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\qttask.exe [155648 2012-05-23] (Apple Computer, Inc.)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPConnectionManager] - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-09-13] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [UIExec] - C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe [156448 2012-05-04] ()
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-11] (AVAST Software)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-12] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-2334838483-4133862729-1016828376-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Supervisar alertas de tinta - HP Officejet 4620 series.lnk
ShortcutTarget: Supervisar alertas de tinta - HP Officejet 4620 series.lnk -> C:\Program Files\HP\HP Officejet 4620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {39201A40-FC19-4B3A-9C4F-667BB6A02AB1} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=105&systemid=473&v=a11465-148&apn_uid=2331992103804423&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/1185-111090-7840-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/1185-111090-7840-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - 371749EC7A94488FB1ECF9797D04316C URL = hxxp://start.funmoods.com/results.php?f=4&a=promose&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/1185-111090-7840-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: No Name - {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} -  No File
BHO-x32: No Name - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Aplicación auxiliar de inicio de sesión de Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {2DAB6EF1-66C3-427C-87CD-8DC448C47EAE} https://www5.aeat.es/es13/h/tgvicab.cab
DPF: HKLM-x32 {947B00D2-962D-4A35-9E48-98EE6A442B41} https://www1.agenciatributaria.gob.es/ADUA/internet/aded1503.cab
DPF: HKLM-x32 {B785FA3C-1DE9-4D20-8396-613C486FE95E} https://www1.agenciatributaria.gob.es/es13/h/cactivex.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\st2jilhu.default
FF SearchEngineOrder.1: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @UtilityChest_49.com/Plugin - C:\Program Files (x86)\UtilityChest_49\bar\1.bin\NP49Stub.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\st2jilhu.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\st2jilhu.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\st2jilhu.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\st2jilhu.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\drae.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-es.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-es.xml
FF Extension: United States English Spellchecker - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\st2jilhu.default\Extensions\en-US@dictionaries.addons.mozilla.org [2013-03-25]
FF Extension: HP Detect - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\st2jilhu.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2012-06-04]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-03]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-06-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-06-18]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-06-04]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchProvider: Amazon
CHR DefaultSearchURL: hxxp://www.google.com
CHR Extension: (Google Docs) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-11]
CHR Extension: (Google Drive) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-11]
CHR Extension: (YouTube) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-11]
CHR Extension: (Búsqueda de Google) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-11]
CHR Extension: (Skype Click to Call) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-02-25]
CHR Extension: (Google Wallet) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-11]
CHR Extension: (Gmail) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-11]
CHR HKLM-x32\...\Chrome\Extension: [dljhohhmfjfhgfhpgkfefjoojfobodhn] - C:\Program Files (x86)\Whilokii\dljhohhmfjfhgfhpgkfefjoojfobodhn.crx [2014-02-11]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-02-11]
CHR HKLM-x32\...\Chrome\Extension: [iaimhpklononapfjngelgdokckfjekfc] - C:\Program Files (x86)\Whilokii\iaimhpklononapfjngelgdokckfjekfc.crx [2014-02-11]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-03-03]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-05] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-11] (AVAST Software)
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 UI Assistant Service; C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe [274208 2012-05-04] ()

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-02-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-02-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-11] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-11] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2014-01-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-02-11] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [61592 2013-12-17] (NetFilterSDK.com)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-20 23:35 - 2014-03-20 23:35 - 00001086 _____ () C:\Users\Andreas\Desktop\seccheckup.txt
2014-03-20 23:26 - 2014-03-20 23:26 - 00987442 _____ () C:\Users\Andreas\Desktop\SecurityCheck.exe
2014-03-20 18:28 - 2014-03-20 18:28 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-20 18:23 - 2014-03-20 18:28 - 02347384 _____ (ESET) C:\Users\Andreas\Downloads\esetsmartinstaller_enu.exe
2014-03-19 19:45 - 2014-03-20 23:37 - 00023190 _____ () C:\Users\Andreas\Downloads\FRST.txt
2014-03-19 19:41 - 2014-03-19 19:42 - 02157056 _____ (Farbar) C:\Users\Andreas\Downloads\FRST64.exe
2014-03-19 19:32 - 2014-03-19 19:32 - 00003543 _____ () C:\Users\Andreas\Desktop\JRT.txt
2014-03-19 19:17 - 2014-03-19 19:17 - 00000000 ____D () C:\Windows\ERUNT
2014-03-19 19:15 - 2014-03-19 19:15 - 01037734 _____ (Thisisu) C:\Users\Andreas\Downloads\JRT.exe
2014-03-19 19:06 - 2014-03-19 19:06 - 00037973 _____ () C:\Users\Andreas\Desktop\AdwCleaner[S1].txt
2014-03-19 18:55 - 2014-03-19 19:01 - 00000000 ____D () C:\AdwCleaner
2014-03-19 18:54 - 2014-03-19 18:54 - 01950720 _____ () C:\Users\Andreas\Downloads\adwcleaner.exe
2014-03-19 18:29 - 2014-03-19 18:32 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-19 18:29 - 2014-03-19 18:29 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Malwarebytes
2014-03-19 18:29 - 2014-03-19 18:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-19 18:28 - 2014-03-19 18:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-19 18:28 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-19 18:26 - 2014-03-19 18:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Andreas\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-19 18:17 - 2014-03-19 18:17 - 00000000 ____D () C:\Windows\SysWOW64\sda
2014-03-19 18:16 - 2014-03-19 18:16 - 09888360 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsPStorIcon.dll
2014-03-19 18:16 - 2014-03-19 18:16 - 00338536 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsPStor.sys
2014-03-19 18:13 - 2014-03-19 18:13 - 00001995 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk
2014-03-19 18:13 - 2014-03-19 18:13 - 00000000 ____D () C:\ProgramData\Visan
2014-03-19 18:13 - 2014-03-19 18:13 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-03-19 18:13 - 2014-03-19 18:13 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-03-18 18:51 - 2014-03-18 18:51 - 00028667 _____ () C:\ComboFix.txt
2014-03-18 18:24 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-18 18:24 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-18 18:24 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-18 18:24 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-18 18:24 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-18 18:24 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-18 18:24 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-18 18:24 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-18 18:23 - 2014-03-18 18:51 - 00000000 ____D () C:\Qoobox
2014-03-18 18:23 - 2014-03-18 18:49 - 00000000 ____D () C:\Windows\erdnt
2014-03-18 18:15 - 2014-03-18 18:15 - 05190594 ____R (Swearware) C:\Users\Andreas\Desktop\ComboFix.exe
2014-03-12 21:18 - 2014-03-12 21:18 - 00008197 _____ () C:\Users\Andreas\Desktop\gmer.7z
2014-03-12 21:11 - 2014-03-12 21:11 - 01110476 _____ () C:\Users\Andreas\Downloads\7z920.exe
2014-03-12 21:11 - 2014-03-12 21:11 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-03-12 20:41 - 2014-03-12 20:41 - 00419222 _____ () C:\Users\Andreas\Desktop\gmer.txt
2014-03-12 20:19 - 2014-03-12 20:19 - 00380416 _____ () C:\Users\Andreas\Desktop\Gmer-19357.exe
2014-03-12 19:26 - 2014-03-12 19:27 - 00052615 _____ () C:\Users\Andreas\Desktop\Addition.txt
2014-03-12 19:25 - 2014-03-20 23:37 - 00000000 ____D () C:\FRST
2014-03-12 19:25 - 2014-03-12 19:27 - 00072070 _____ () C:\Users\Andreas\Desktop\FRST.txt
2014-03-12 19:21 - 2014-03-12 19:21 - 02157056 _____ (Farbar) C:\Users\Andreas\Desktop\FRST64.exe
2014-03-12 19:16 - 2014-03-12 19:17 - 00000476 _____ () C:\Users\Andreas\Desktop\defogger_disable.log
2014-03-12 19:16 - 2014-03-12 19:16 - 00000000 _____ () C:\Users\Andreas\defogger_reenable
2014-03-12 19:14 - 2014-03-12 19:14 - 00050477 _____ () C:\Users\Andreas\Desktop\Defogger.exe
2014-03-11 20:57 - 2014-03-20 18:16 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForAndreas
2014-03-11 20:57 - 2014-03-20 18:16 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForAndreas.job
2014-03-11 20:41 - 2014-03-11 20:41 - 553205555 _____ () C:\Windows\MEMORY.DMP
2014-03-11 20:41 - 2014-03-11 20:41 - 00275064 _____ () C:\Windows\Minidump\031114-132039-01.dmp
2014-03-11 20:41 - 2014-03-11 20:41 - 00000000 ____D () C:\Windows\Minidump
2014-03-11 20:15 - 2014-03-11 20:15 - 05095824 _____ (SpeedyPC Software, Inc.) C:\Users\Andreas\Downloads\SpeedyPC Pro Installer.exe
2014-03-11 18:33 - 2014-03-11 18:33 - 00000000 _____ () C:\autoexec.bat
2014-03-11 18:32 - 2014-03-11 18:32 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-03-11 18:31 - 2014-03-20 19:19 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-03-11 18:27 - 2014-03-11 18:27 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Andreas\Downloads\SpyHunter-Installer.exe
2014-03-11 18:24 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-11 18:24 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-11 18:24 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-11 18:24 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-11 18:24 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-11 18:24 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-11 18:24 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-11 18:24 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-11 18:24 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-11 18:24 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-11 18:24 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-11 18:24 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-11 18:24 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-11 18:24 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-11 18:24 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-11 18:24 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-11 18:24 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-11 18:24 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-11 18:24 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-11 18:24 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-11 18:24 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-11 18:24 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-11 18:24 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-11 18:24 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-11 18:24 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-11 18:24 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-11 18:24 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-11 18:24 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-11 18:24 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-11 18:24 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-11 18:24 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-11 18:24 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-11 18:24 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-11 18:24 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-11 18:24 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-11 18:24 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-11 18:24 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-11 18:24 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-11 18:24 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-11 18:24 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-11 18:24 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-11 18:24 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-11 18:24 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-11 18:24 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-11 18:22 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-11 18:22 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-11 18:22 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-11 18:22 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-10 23:05 - 2014-03-10 23:05 - 00001205 _____ () C:\Users\Andreas\Downloads\FixNCR.reg
2014-03-10 21:00 - 2014-03-10 21:00 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-10 21:00 - 2014-03-10 21:00 - 00000000 ____D () C:\Users\Andreas\AppData\Local\Skype
2014-03-10 19:15 - 2014-03-20 18:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-27 21:57 - 2014-03-19 18:48 - 11639954 _____ () C:\Windows\system32\SavingsBullFilterService.log
2014-02-27 21:57 - 2014-02-27 21:57 - 00000000 _____ () C:\Windows\SysWOW64\Service.log
2014-02-27 21:57 - 2014-02-27 21:57 - 00000000 _____ () C:\Windows\system32\Service.log
2014-02-24 19:26 - 2014-02-24 19:26 - 00002221 _____ () C:\Users\Andreas\Desktop\HP Support Assistant.lnk
2014-02-24 19:21 - 2014-02-24 19:21 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-02-19 20:30 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-19 20:30 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-19 20:30 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-19 20:30 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-19 20:29 - 2014-02-19 20:30 - 00005173 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-19 20:19 - 2014-02-19 20:19 - 00000000 ____D () C:\extensions

==================== One Month Modified Files and Folders =======

2014-03-20 23:37 - 2014-03-19 19:45 - 00023190 _____ () C:\Users\Andreas\Downloads\FRST.txt
2014-03-20 23:37 - 2014-03-12 19:25 - 00000000 ____D () C:\FRST
2014-03-20 23:36 - 2012-09-12 14:04 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Skype
2014-03-20 23:35 - 2014-03-20 23:35 - 00001086 _____ () C:\Users\Andreas\Desktop\seccheckup.txt
2014-03-20 23:31 - 2012-05-17 11:33 - 00000838 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-20 23:26 - 2014-03-20 23:26 - 00987442 _____ () C:\Users\Andreas\Desktop\SecurityCheck.exe
2014-03-20 23:03 - 2014-02-11 20:46 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-20 21:03 - 2014-02-11 20:46 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-20 19:51 - 2012-02-20 11:18 - 01632805 _____ () C:\Windows\WindowsUpdate.log
2014-03-20 19:35 - 2012-05-15 18:39 - 00003994 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{81EDD4D1-C001-44A4-A67F-76F8783CE17C}
2014-03-20 19:19 - 2014-03-11 18:31 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-03-20 18:45 - 2014-03-10 19:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-20 18:28 - 2014-03-20 18:28 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-20 18:28 - 2014-03-20 18:23 - 02347384 _____ (ESET) C:\Users\Andreas\Downloads\esetsmartinstaller_enu.exe
2014-03-20 18:19 - 2011-07-21 06:53 - 00748422 _____ () C:\Windows\system32\perfh00A.dat
2014-03-20 18:19 - 2011-07-21 06:53 - 00159604 _____ () C:\Windows\system32\perfc00A.dat
2014-03-20 18:19 - 2009-07-14 06:13 - 01679834 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-20 18:16 - 2014-03-11 20:57 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForAndreas
2014-03-20 18:16 - 2014-03-11 20:57 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForAndreas.job
2014-03-20 18:16 - 2012-05-17 08:47 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-03-20 18:16 - 2012-05-17 08:24 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-03-20 18:11 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-20 18:11 - 2009-07-14 05:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-20 18:04 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-20 18:03 - 2009-07-14 05:51 - 00115440 _____ () C:\Windows\setupact.log
2014-03-19 19:42 - 2014-03-19 19:41 - 02157056 _____ (Farbar) C:\Users\Andreas\Downloads\FRST64.exe
2014-03-19 19:32 - 2014-03-19 19:32 - 00003543 _____ () C:\Users\Andreas\Desktop\JRT.txt
2014-03-19 19:17 - 2014-03-19 19:17 - 00000000 ____D () C:\Windows\ERUNT
2014-03-19 19:15 - 2014-03-19 19:15 - 01037734 _____ (Thisisu) C:\Users\Andreas\Downloads\JRT.exe
2014-03-19 19:06 - 2014-03-19 19:06 - 00037973 _____ () C:\Users\Andreas\Desktop\AdwCleaner[S1].txt
2014-03-19 19:01 - 2014-03-19 18:55 - 00000000 ____D () C:\AdwCleaner
2014-03-19 19:01 - 2012-05-15 18:39 - 00000977 _____ () C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-19 18:58 - 2014-02-11 20:48 - 00001288 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-19 18:58 - 2012-05-17 08:53 - 00001053 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-19 18:54 - 2014-03-19 18:54 - 01950720 _____ () C:\Users\Andreas\Downloads\adwcleaner.exe
2014-03-19 18:49 - 2010-11-21 04:47 - 00804022 _____ () C:\Windows\PFRO.log
2014-03-19 18:48 - 2014-02-27 21:57 - 11639954 _____ () C:\Windows\system32\SavingsBullFilterService.log
2014-03-19 18:32 - 2014-03-19 18:29 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-19 18:32 - 2014-03-19 18:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-19 18:29 - 2014-03-19 18:29 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Malwarebytes
2014-03-19 18:29 - 2014-03-19 18:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-19 18:26 - 2014-03-19 18:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Andreas\Desktop\mbam-setup-1.75.0.1300.exe
2014-03-19 18:17 - 2014-03-19 18:17 - 00000000 ____D () C:\Windows\SysWOW64\sda
2014-03-19 18:17 - 2012-06-04 19:04 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\HpUpdate
2014-03-19 18:17 - 2011-07-20 21:55 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-19 18:16 - 2014-03-19 18:16 - 09888360 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsPStorIcon.dll
2014-03-19 18:16 - 2014-03-19 18:16 - 00338536 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsPStor.sys
2014-03-19 18:16 - 2012-02-20 11:28 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-03-19 18:16 - 2011-02-10 20:23 - 00000000 ____D () C:\SWSetup
2014-03-19 18:13 - 2014-03-19 18:13 - 00001995 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk
2014-03-19 18:13 - 2014-03-19 18:13 - 00000000 ____D () C:\ProgramData\Visan
2014-03-19 18:13 - 2014-03-19 18:13 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-03-19 18:13 - 2014-03-19 18:13 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-03-19 18:13 - 2013-06-27 19:30 - 00002248 _____ () C:\Users\Public\Desktop\HP Officejet 4620 series.lnk
2014-03-18 21:27 - 2013-08-15 17:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 21:25 - 2012-06-04 11:12 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 19:03 - 2012-06-01 09:31 - 00000000 ____D () C:\Users\Andreas\AppData\Local\CrashDumps
2014-03-18 18:51 - 2014-03-18 18:51 - 00028667 _____ () C:\ComboFix.txt
2014-03-18 18:51 - 2014-03-18 18:23 - 00000000 ____D () C:\Qoobox
2014-03-18 18:51 - 2011-01-26 14:22 - 00000000 ____D () C:\Users\privat
2014-03-18 18:49 - 2014-03-18 18:23 - 00000000 ____D () C:\Windows\erdnt
2014-03-18 18:45 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-18 18:42 - 2009-07-14 03:34 - 73400320 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-03-18 18:42 - 2009-07-14 03:34 - 17563648 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-03-18 18:42 - 2009-07-14 03:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-03-18 18:42 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-03-18 18:42 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-03-18 18:40 - 2012-05-15 18:38 - 00000000 ____D () C:\Users\Andreas
2014-03-18 18:15 - 2014-03-18 18:15 - 05190594 ____R (Swearware) C:\Users\Andreas\Desktop\ComboFix.exe
2014-03-18 18:08 - 2012-09-24 07:15 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-13 19:02 - 2011-01-26 14:20 - 00000000 ____D () C:\privat
2014-03-13 18:57 - 2013-09-28 18:57 - 00000174 _____ () C:\Users\Andreas\AppData\Roaming\WB.CFG
2014-03-12 22:44 - 2012-05-17 08:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-12 21:18 - 2014-03-12 21:18 - 00008197 _____ () C:\Users\Andreas\Desktop\gmer.7z
2014-03-12 21:11 - 2014-03-12 21:11 - 01110476 _____ () C:\Users\Andreas\Downloads\7z920.exe
2014-03-12 21:11 - 2014-03-12 21:11 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-03-12 20:41 - 2014-03-12 20:41 - 00419222 _____ () C:\Users\Andreas\Desktop\gmer.txt
2014-03-12 20:19 - 2014-03-12 20:19 - 00380416 _____ () C:\Users\Andreas\Desktop\Gmer-19357.exe
2014-03-12 19:27 - 2014-03-12 19:26 - 00052615 _____ () C:\Users\Andreas\Desktop\Addition.txt
2014-03-12 19:27 - 2014-03-12 19:25 - 00072070 _____ () C:\Users\Andreas\Desktop\FRST.txt
2014-03-12 19:21 - 2014-03-12 19:21 - 02157056 _____ (Farbar) C:\Users\Andreas\Desktop\FRST64.exe
2014-03-12 19:17 - 2014-03-12 19:16 - 00000476 _____ () C:\Users\Andreas\Desktop\defogger_disable.log
2014-03-12 19:16 - 2014-03-12 19:16 - 00000000 _____ () C:\Users\Andreas\defogger_reenable
2014-03-12 19:14 - 2014-03-12 19:14 - 00050477 _____ () C:\Users\Andreas\Desktop\Defogger.exe
2014-03-12 07:30 - 2009-07-14 05:45 - 00295192 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-11 22:31 - 2012-05-17 11:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 22:31 - 2012-05-17 11:33 - 00003776 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 22:31 - 2011-07-20 21:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 21:57 - 2012-09-12 14:04 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-11 20:41 - 2014-03-11 20:41 - 553205555 _____ () C:\Windows\MEMORY.DMP
2014-03-11 20:41 - 2014-03-11 20:41 - 00275064 _____ () C:\Windows\Minidump\031114-132039-01.dmp
2014-03-11 20:41 - 2014-03-11 20:41 - 00000000 ____D () C:\Windows\Minidump
2014-03-11 20:15 - 2014-03-11 20:15 - 05095824 _____ (SpeedyPC Software, Inc.) C:\Users\Andreas\Downloads\SpeedyPC Pro Installer.exe
2014-03-11 18:33 - 2014-03-11 18:33 - 00000000 _____ () C:\autoexec.bat
2014-03-11 18:32 - 2014-03-11 18:32 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-03-11 18:27 - 2014-03-11 18:27 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Andreas\Downloads\SpyHunter-Installer.exe
2014-03-10 23:05 - 2014-03-10 23:05 - 00001205 _____ () C:\Users\Andreas\Downloads\FixNCR.reg
2014-03-10 21:00 - 2014-03-10 21:00 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-10 21:00 - 2014-03-10 21:00 - 00000000 ____D () C:\Users\Andreas\AppData\Local\Skype
2014-03-10 21:00 - 2012-09-12 14:04 - 00000000 ____D () C:\ProgramData\Skype
2014-03-10 19:20 - 2012-05-23 17:26 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\SoftGrid Client
2014-03-10 18:48 - 2012-08-01 17:22 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-03-05 22:23 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-01 07:05 - 2014-03-11 18:24 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-11 18:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-11 18:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-11 18:24 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-11 18:24 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-11 18:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-11 18:24 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-11 18:24 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-11 18:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-11 18:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-11 18:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-11 18:24 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-11 18:24 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-11 18:24 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-11 18:24 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-11 18:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-11 18:24 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-11 18:24 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-11 18:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-11 18:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-11 18:24 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-11 18:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-11 18:24 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-11 18:24 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-11 18:24 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-11 18:24 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-11 18:24 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-11 18:24 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-11 18:24 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-11 18:24 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-11 18:24 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-11 18:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-11 18:24 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-11 18:24 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-11 18:24 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-11 18:24 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-11 18:24 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-11 18:24 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-11 18:24 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-11 18:24 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-27 21:57 - 2014-02-27 21:57 - 00000000 _____ () C:\Windows\SysWOW64\Service.log
2014-02-27 21:57 - 2014-02-27 21:57 - 00000000 _____ () C:\Windows\system32\Service.log
2014-02-27 20:13 - 2012-02-20 11:25 - 01654420 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-24 22:03 - 2009-07-14 06:08 - 00032520 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-24 19:26 - 2014-02-24 19:26 - 00002221 _____ () C:\Users\Andreas\Desktop\HP Support Assistant.lnk
2014-02-24 19:26 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Help
2014-02-24 19:22 - 2011-07-20 21:32 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-02-24 19:21 - 2014-02-24 19:21 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-02-24 19:19 - 2011-07-20 21:44 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-02-19 20:30 - 2014-02-19 20:29 - 00005173 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-19 20:30 - 2012-10-02 07:26 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-19 20:19 - 2014-02-19 20:19 - 00000000 ____D () C:\extensions

Some content of TEMP:
====================
C:\Users\Andreas\AppData\Local\Temp\Extract.exe
C:\Users\Andreas\AppData\Local\Temp\Quarantine.exe
C:\Users\Andreas\AppData\Local\Temp\SP55085.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-02 10:57

==================== End Of Log ============================
         
--- --- ---

Alt 21.03.2014, 12:17   #12
schrauber
/// the machine
/// TB-Ausbilder
 

windows7 Redirect Virus - Standard

windows7 Redirect Virus



Adobe updaten.

Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 26.03.2014, 14:22   #13
Puig
 
windows7 Redirect Virus - Standard

windows7 Redirect Virus



Guten Tag Schrauber,

hat alles hervorragend geklappt, bisher funktioniert mein PC wieder einwandfrei.
Werde euch weiterempfehlen und eine Spende auf euer Konto überweisen.

Gruss
Puig

Alt 27.03.2014, 12:07   #14
schrauber
/// the machine
/// TB-Ausbilder
 

windows7 Redirect Virus - Standard

windows7 Redirect Virus



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu windows7 Redirect Virus
pup.funmoods, pup.optional.alexatb.a, pup.optional.awesomehp.a, pup.optional.babylon.a, pup.optional.babylontoolbar.a, pup.optional.bonanzadeals.a, pup.optional.conduit.a, pup.optional.context2pro.a, pup.optional.datamngr.a, pup.optional.delta.a, pup.optional.digitalsites.a, pup.optional.filesfrog.a, pup.optional.funwebproducts.a, pup.optional.iminent.a, pup.optional.installcore.a, pup.optional.lightning.a, pup.optional.moviestoolbar.a, pup.optional.qone8, pup.optional.savingsbull.a, pup.optional.scorpionsaver, pup.optional.updater, pup.optional.valueapps.a, pup.optional.wajam.a, redirect google virus, spyhunter entfernen



Ähnliche Themen: windows7 Redirect Virus


  1. redirect virus
    Alles rund um Windows - 22.09.2015 (19)
  2. redirect Virus
    Log-Analyse und Auswertung - 12.03.2014 (1)
  3. Google Redirect Virus
    Plagegeister aller Art und deren Bekämpfung - 22.08.2013 (37)
  4. Google Redirect Virus
    Log-Analyse und Auswertung - 23.07.2013 (9)
  5. Google Redirect Virus (?)
    Plagegeister aller Art und deren Bekämpfung - 15.04.2013 (11)
  6. google redirect virus
    Log-Analyse und Auswertung - 11.01.2013 (6)
  7. Google Redirect Virus
    Plagegeister aller Art und deren Bekämpfung - 05.01.2013 (18)
  8. Redirect Virus
    Plagegeister aller Art und deren Bekämpfung - 23.12.2012 (8)
  9. Google Redirect-Virus
    Log-Analyse und Auswertung - 02.11.2012 (3)
  10. Google redirect Virus
    Log-Analyse und Auswertung - 01.10.2012 (11)
  11. google redirect virus
    Log-Analyse und Auswertung - 11.09.2012 (9)
  12. Google Redirect Virus
    Plagegeister aller Art und deren Bekämpfung - 21.07.2012 (3)
  13. Redirect-Virus?
    Plagegeister aller Art und deren Bekämpfung - 02.07.2012 (23)
  14. redirect trojaner/virus
    Plagegeister aller Art und deren Bekämpfung - 16.04.2012 (11)
  15. Google Redirect Virus
    Plagegeister aller Art und deren Bekämpfung - 05.04.2012 (29)
  16. Redirect-Virus
    Plagegeister aller Art und deren Bekämpfung - 29.02.2012 (21)
  17. Search Redirect Virus
    Plagegeister aller Art und deren Bekämpfung - 19.09.2011 (16)

Zum Thema windows7 Redirect Virus - Habe ein Redirect Problem und zusätzlich permanent Werbe-Popups, sowie ein Programm namens "spyhunter" installiert, dass sich nicht deinstallieren lässt. Ansonsten alle Schritte der Anleitung befolgt. Musste Dateien anhängen, da zu - windows7 Redirect Virus...
Archiv
Du betrachtest: windows7 Redirect Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.