Startseite "istart.websearches.com" und massenweise fenster öffnen sich

Elli1105 · 20.07.2014, 19:53

Liebes trojaner-board,

seit ein paar Wochen hat meine Freundin als Startseite "hxxp://istart.webssearches.com/?type=sc&ts=1401836245&from=tugs&uid=ST1000LM024XHN-M101MBB_S2WZJA0CB27285B27285"

Außerdem öffnen sich im Sekundentakt irgendwelche Werbeseiten.

Ich wende mich an euch, weil sie kein deutsch spricht und ich versuche ihr zu helfen. Ich habe leider keine Ahnung von Computern und so ^^ bin aber schnell lernfähig und versuche alles zu machen, was mir jemand sagt.
Ich werde nur nicht sofort alles umsetzen können, weil ich erst an den PC muss. Sollte aber immer innerhalb von 24 Std klappen.

Einfach bei den Programmen Deinstallieren hat nicht funktioniert.

Vielen Dank schonmal

Liebe Grüße,

Elli

schrauber · 20.07.2014, 21:04

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Elli1105 · 21.07.2014, 19:04

hallo :-)
vielen lieben dank schonmal für die reaktion. ich hab das runtergeladen und den scan gemacht. ich hoffe, ich habe die txt dateien hier nun korrekt gepostet!

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by Ola (administrator) on OLA on 21-07-2014 19:57:29
Running from D:\pobrane
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Fuyu LIMITED) C:\ProgramData\WindowsProtectManger\wprotectmanager.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\003\buuoujqmrk64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(SecureAssist) C:\Program Files\suprasavings\SecureAssist.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [DellWPF] => [X]
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6842000 2012-09-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1230992 2012-09-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2918200 2012-09-21] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5757328 2012-10-19] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" 
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp 
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-10-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\runner_avp.exe [24504 2012-10-25] (Kaspersky Lab ZAO)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0613&utm_campaign=installer&utm_content=ds&from=wpm0613&uid=ST1000LM024XHN-M101MBB_S2WZJA0CB27285B27285&ts=1402590829&type=default&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1401836245&from=tugs&uid=ST1000LM024XHN-M101MBB_S2WZJA0CB27285B27285
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1401836245&from=tugs&uid=ST1000LM024XHN-M101MBB_S2WZJA0CB27285B27285
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0613&utm_campaign=installer&utm_content=ds&from=wpm0613&uid=ST1000LM024XHN-M101MBB_S2WZJA0CB27285B27285&ts=1402590829&type=default&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1401836245&from=tugs&uid=ST1000LM024XHN-M101MBB_S2WZJA0CB27285B27285&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1401836245&from=tugs&uid=ST1000LM024XHN-M101MBB_S2WZJA0CB27285B27285
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1401836245&from=tugs&uid=ST1000LM024XHN-M101MBB_S2WZJA0CB27285B27285
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1401836245&from=tugs&uid=ST1000LM024XHN-M101MBB_S2WZJA0CB27285B27285&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1401836245&from=tugs&uid=ST1000LM024XHN-M101MBB_S2WZJA0CB27285B27285&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1401836245&from=tugs&uid=ST1000LM024XHN-M101MBB_S2WZJA0CB27285B27285
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1401836245&from=tugs&uid=ST1000LM024XHN-M101MBB_S2WZJA0CB27285B27285
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1401836245&from=tugs&uid=ST1000LM024XHN-M101MBB_S2WZJA0CB27285B27285&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1401836245&from=tugs&uid=ST1000LM024XHN-M101MBB_S2WZJA0CB27285B27285
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1401836245&from=tugs&uid=ST1000LM024XHN-M101MBB_S2WZJA0CB27285B27285&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1401836245&from=tugs&uid=ST1000LM024XHN-M101MBB_S2WZJA0CB27285B27285&q={searchTerms}
SearchScopes: HKLM - {5EB604A5-A0AC-4156-B7B9-57B83CC825A9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1401836245&from=tugs&uid=ST1000LM024XHN-M101MBB_S2WZJA0CB27285B27285&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1401836245&from=tugs&uid=ST1000LM024XHN-M101MBB_S2WZJA0CB27285B27285&q={searchTerms}
SearchScopes: HKLM-x32 - {5EB604A5-A0AC-4156-B7B9-57B83CC825A9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0613&utm_campaign=installer&utm_content=ds&from=wpm0613&uid=ST1000LM024XHN-M101MBB_S2WZJA0CB27285B27285&ts=1402590829&type=default&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.delta-homes.com/web/?utm_source=b&utm_medium=wpm0613&utm_campaign=installer&utm_content=ds&from=wpm0613&uid=ST1000LM024XHN-M101MBB_S2WZJA0CB27285B27285&ts=1402590829&type=default&q={searchTerms}
SearchScopes: HKCU - {5EB604A5-A0AC-4156-B7B9-57B83CC825A9} URL = 
BHO: Media_Play_AIR+ -> {11111111-1111-1111-1111-110511841188} -> C:\Program Files (x86)\Media_Play_AIR+\Media_Play_AIR+-bho64.dll (enter)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Media_Play_AIR+ -> {11111111-1111-1111-1111-110511841188} -> C:\Program Files (x86)\Media_Play_AIR+\Media_Play_AIR+-bho.dll (enter)
BHO-x32: LyricXeeker -> {17E58097-6CA5-448B-830F-2A19678248FB} -> C:\Program Files (x86)\LyriXeeker\125.dll (LyriXeeker Tech)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: DealPly Shopping -> {9cf699ca-2174-4ed8-bec1-ba82095edce0} -> C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2

FireFox:
========
FF ProfilePath: C:\Users\Ola\AppData\Roaming\Mozilla\Firefox\Profiles\edhe82y7.default
FF NewTab: hxxp://www.delta-homes.com/newtab/?utm_source=b&utm_medium=wpm0613&utm_campaign=ST1000LM024XHN-M101MBB_S2WZJA0CB27285B27285&utm_content=nt&from=wpm0613&uid=ST1000LM024XHN-M101MBB_S2WZJA0CB27285B27285&ts=1402590829
FF Homepage: https://www.google.de/webhp?tab=ww&ei=-DywU5GuO4GshQeNvoHICA&ved=0CBEQ1S4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 - C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=3 - C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=9 - C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\delta-homes.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF Extension: Med Play Air ++ - C:\Users\Ola\AppData\Roaming\Mozilla\Firefox\Profiles\edhe82y7.default\Extensions\faf73efe-d6aa-46eb-8014-e0b47ac07ead@a90d6ab4-be69-4e96-a979-1fd9c1ae6f92.com [2014-06-29]
FF Extension: Adblock Plus - C:\Users\Ola\AppData\Roaming\Mozilla\Firefox\Profiles\edhe82y7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-08]
FF Extension: Media_Play_AIR+ - C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-3752501977-68063987-1678832158-1001\FireFox\Extensions\faf73efe-d6aa-46eb-8014-e0b47ac07ead@a90d6ab4-be69-4e96-a979-1fd9c1ae6f92.com [2014-06-04]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013-08-02]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013-08-02]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013-08-02]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013-08-02]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013-08-02]
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Ola\AppData\Roaming\Mozilla\Firefox\Profiles\edhe82y7.default\extensions\quick_start@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [shortcutff@gmail.com] - C:\Users\Ola\AppData\Roaming\Mozilla\Firefox\Profiles\edhe82y7.default\extensions\shortcutff@gmail.com
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKCU\...\Firefox\Extensions: [lyrix@lyrixeeker.co] - C:\Program Files (x86)\LyriXeeker\125.xpi
FF Extension: LyricXeeker - C:\Program Files (x86)\LyriXeeker\125.xpi [2013-07-30]

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (DealPly  Shopping) - C:\Users\Ola\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi [2013-08-02]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [odnofacmifkjndflfmmplhckcbfjckhj] - C:\Program Files (x86)\LyriXeeker\125.crx [2013-07-27]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-10-25]

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-11] (Kaspersky Lab ZAO)
R2 buuoujqmrk64; C:\Program Files\003\buuoujqmrk64.exe [706560 2014-06-04] () [File not signed]
S2 dealplylive; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [148000 2013-08-02] (DealPly Technologies Ltd)
S3 dealplylivem; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [148000 2013-08-02] (DealPly Technologies Ltd)
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [File not signed]
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-06-04] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-06-04] (globalUpdate) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-09-01] (Realtek Semiconductor)
R2 SecureAssist; C:\Program Files\SupraSavings\SecureAssist.exe [1558032 2014-03-12] (SecureAssist) [File not signed]
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915480 2013-05-23] (SoftThinks SAS)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 WindowsProtectManger; C:\ProgramData\WindowsProtectManger\wprotectmanager.exe [591776 2014-06-11] (Fuyu LIMITED)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [121728 2012-08-27] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-15] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-05-15] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [627296 2014-05-15] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-12-15] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2013-10-11] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-11] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [50448 2013-08-02] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178448 2013-08-02] (Kaspersky Lab ZAO)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
R2 SAWFP; C:\Windows\system32\Drivers\SAWFP64.sys [41768 2014-03-18] (SecureAssist)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-09-21] (Synaptics Incorporated)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-21 19:57 - 2014-07-21 19:57 - 00000000 ____D () C:\FRST
2014-07-21 19:52 - 2014-06-26 22:53 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-21 19:52 - 2014-06-26 22:53 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-21 19:48 - 2014-07-21 19:48 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-20 16:07 - 2014-07-01 00:42 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-20 16:07 - 2014-07-01 00:42 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-07-20 16:07 - 2014-07-01 00:42 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-07-20 16:07 - 2014-06-28 05:35 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-20 16:07 - 2014-06-18 01:27 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-20 16:07 - 2014-06-18 01:24 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-20 16:07 - 2014-06-11 06:18 - 04038144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-20 16:07 - 2014-06-03 00:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2014-07-20 16:07 - 2014-05-30 01:31 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-07-20 16:07 - 2014-05-30 01:03 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-07-20 16:07 - 2014-05-30 01:02 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-20 16:07 - 2014-05-30 01:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-07-20 16:06 - 2014-06-19 04:12 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-20 16:06 - 2014-06-19 04:12 - 01366528 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-20 16:06 - 2014-06-19 04:12 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-07-20 16:06 - 2014-06-19 04:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-07-20 16:06 - 2014-06-19 04:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-20 16:06 - 2014-06-19 04:11 - 19277312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-20 16:06 - 2014-06-19 04:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-20 16:06 - 2014-06-19 04:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-20 16:06 - 2014-06-19 04:10 - 15369728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-20 16:06 - 2014-06-19 04:10 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-20 16:06 - 2014-06-19 04:10 - 02650624 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-20 16:06 - 2014-06-19 04:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-20 16:06 - 2014-06-19 04:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-20 16:06 - 2014-06-19 04:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-20 16:06 - 2014-06-19 04:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-20 16:06 - 2014-06-19 04:10 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-20 16:06 - 2014-06-19 04:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-20 16:06 - 2014-06-19 04:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-20 16:06 - 2014-06-19 04:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-20 16:06 - 2014-06-19 04:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-20 16:06 - 2014-06-19 04:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-20 16:06 - 2014-06-19 02:53 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-20 16:06 - 2014-06-19 02:53 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-20 16:06 - 2014-06-19 02:53 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-20 16:06 - 2014-06-19 02:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-20 16:06 - 2014-06-19 02:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-20 16:06 - 2014-06-19 02:53 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-20 16:06 - 2014-06-19 02:53 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-07-20 16:06 - 2014-06-19 02:52 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-20 16:06 - 2014-06-19 02:52 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-20 16:06 - 2014-06-19 02:52 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-20 16:06 - 2014-06-19 02:52 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-20 16:06 - 2014-06-19 02:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-20 16:06 - 2014-06-19 02:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-20 16:06 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-20 16:06 - 2014-06-19 02:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-20 16:06 - 2014-06-19 02:52 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-20 16:06 - 2014-06-19 02:52 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-20 16:06 - 2014-06-19 02:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-20 16:06 - 2014-06-19 02:52 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-20 16:06 - 2014-06-19 02:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-20 16:06 - 2014-06-19 02:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-20 16:06 - 2014-06-19 00:05 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-07-20 16:06 - 2014-06-06 16:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-20 16:06 - 2014-06-06 12:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-20 16:06 - 2014-05-30 00:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-06 23:42 - 2014-07-06 23:48 - 00000000 ____D () C:\Users\Ola\Desktop\Stare dane programu Firefox
2014-07-06 18:36 - 2014-07-06 23:55 - 00000000 ____D () C:\Program Files (x86)\Freemake
2014-07-06 18:36 - 2014-07-06 18:36 - 00000000 ____D () C:\Users\Ola\AppData\Roaming\YoutubeToMp3Converter
2014-07-06 18:36 - 2014-07-06 18:36 - 00000000 ____D () C:\ProgramData\Freemake
2014-07-06 17:26 - 2014-07-06 17:57 - 00002376 _____ () C:\Users\Ola\Desktop\Nowy dokument tekstowy.txt
2014-06-29 18:55 - 2014-07-21 19:48 - 00485771 _____ () C:\Windows\WindowsUpdate.log
2014-06-29 18:40 - 2014-03-18 15:12 - 00041768 _____ (SecureAssist) C:\Windows\system32\Drivers\SAWFP64.sys

==================== One Month Modified Files and Folders =======

2014-07-21 19:57 - 2014-07-21 19:57 - 00000000 ____D () C:\FRST
2014-07-21 19:55 - 2013-08-02 21:38 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-21 19:54 - 2013-03-01 09:49 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-07-21 19:52 - 2014-06-04 00:59 - 00001484 _____ () C:\Windows\Tasks\dca6915e-c188-42e3-ae3b-6edb861f0320-5.job
2014-07-21 19:52 - 2014-06-04 00:59 - 00001478 _____ () C:\Windows\Tasks\dca6915e-c188-42e3-ae3b-6edb861f0320-1.job
2014-07-21 19:52 - 2014-06-04 00:59 - 00001416 _____ () C:\Windows\Tasks\dca6915e-c188-42e3-ae3b-6edb861f0320-2.job
2014-07-21 19:52 - 2014-06-04 00:57 - 00003124 _____ () C:\Windows\Tasks\dca6915e-c188-42e3-ae3b-6edb861f0320-3.job
2014-07-21 19:52 - 2014-06-04 00:57 - 00002210 _____ () C:\Windows\Tasks\dca6915e-c188-42e3-ae3b-6edb861f0320-4.job
2014-07-21 19:52 - 2014-06-04 00:57 - 00000902 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-07-21 19:52 - 2013-08-02 22:01 - 00000904 _____ () C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
2014-07-21 19:52 - 2013-08-01 21:51 - 00894976 ___SH () C:\Users\Ola\Desktop\Thumbs.db
2014-07-21 19:51 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-21 19:49 - 2012-07-26 07:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-07-21 19:48 - 2014-07-21 19:48 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-21 19:48 - 2014-06-29 18:55 - 00485771 _____ () C:\Windows\WindowsUpdate.log
2014-07-21 19:48 - 2012-07-26 12:29 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-21 19:48 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-21 19:48 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-21 19:47 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-07-21 01:06 - 2013-08-02 22:01 - 00000908 _____ () C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
2014-07-21 01:03 - 2014-06-04 00:58 - 00000906 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-07-21 01:02 - 2013-08-02 22:01 - 00000290 _____ () C:\Windows\Tasks\Dealply.job
2014-07-20 16:16 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-20 16:15 - 2013-08-15 20:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-20 16:14 - 2013-07-30 21:55 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-20 16:14 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-20 16:00 - 2013-08-06 22:22 - 00000000 ____D () C:\Users\Ola\AppData\Roaming\PCDr
2014-07-19 13:35 - 2013-07-30 21:00 - 00798118 _____ () C:\Windows\system32\perfh015.dat
2014-07-19 13:35 - 2013-07-30 21:00 - 00160398 _____ () C:\Windows\system32\perfc015.dat
2014-07-19 13:35 - 2012-07-26 12:27 - 00742838 _____ () C:\Windows\system32\perfh007.dat
2014-07-19 13:35 - 2012-07-26 12:27 - 00155896 _____ () C:\Windows\system32\perfc007.dat
2014-07-19 13:35 - 2012-07-26 09:28 - 02695612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-15 22:01 - 2013-08-02 22:01 - 00000000 ____D () C:\Program Files (x86)\DealPly
2014-07-13 20:51 - 2013-07-30 19:05 - 00000000 ____D () C:\Users\Ola
2014-07-13 20:50 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\registration
2014-07-13 14:58 - 2013-07-30 19:19 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3752501977-68063987-1678832158-1001
2014-07-13 14:47 - 2014-06-04 00:58 - 00000000 ____D () C:\Program Files\suprasavings
2014-07-13 14:46 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\SysWOW64\MSDRM
2014-07-13 14:45 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-07-13 14:41 - 2013-07-30 19:19 - 00000000 ____D () C:\Users\Ola\AppData\Local\Mozilla
2014-07-06 23:55 - 2014-07-06 18:36 - 00000000 ____D () C:\Program Files (x86)\Freemake
2014-07-06 23:48 - 2014-07-06 23:42 - 00000000 ____D () C:\Users\Ola\Desktop\Stare dane programu Firefox
2014-07-06 18:36 - 2014-07-06 18:36 - 00000000 ____D () C:\Users\Ola\AppData\Roaming\YoutubeToMp3Converter
2014-07-06 18:36 - 2014-07-06 18:36 - 00000000 ____D () C:\ProgramData\Freemake
2014-07-06 17:57 - 2014-07-06 17:26 - 00002376 _____ () C:\Users\Ola\Desktop\Nowy dokument tekstowy.txt
2014-07-03 23:28 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-07-01 00:42 - 2014-07-20 16:07 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-01 00:42 - 2014-07-20 16:07 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-07-01 00:42 - 2014-07-20 16:07 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-06-29 18:41 - 2014-03-21 12:27 - 00005624 _____ () C:\Windows\system32\SecureAssist.ini
2014-06-29 18:41 - 2014-03-21 12:27 - 00002576 _____ () C:\Windows\SysWOW64\SecureAssistOff.ini
2014-06-29 18:41 - 2014-03-21 12:27 - 00002576 _____ () C:\Windows\system32\SecureAssistOff.ini
2014-06-29 18:26 - 2014-06-04 00:57 - 00000000 ____D () C:\Users\Ola\AppData\Local\Genesis_06032257
2014-06-29 18:25 - 2014-06-04 00:58 - 00000000 ____D () C:\Program Files (x86)\Wajam
2014-06-29 18:18 - 2014-06-12 18:34 - 00000000 ____D () C:\Users\Ola\AppData\Roaming\337Games
2014-06-29 18:16 - 2013-07-30 19:08 - 00000000 ____D () C:\Users\Ola\AppData\Local\Packages
2014-06-28 05:35 - 2014-07-20 16:07 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-27 22:10 - 2012-07-26 07:26 - 00524288 ___SH () C:\Windows\system32\config\BBI(104)
2014-06-26 23:41 - 2013-07-30 19:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-26 22:53 - 2014-07-21 19:52 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-26 22:53 - 2014-07-21 19:52 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-12 11:24

==================== End Of Log ============================

--- --- ---

und hier der addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2014
Ran by Ola at 2014-07-21 19:58:38
Running from D:\pobrane
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Out of date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)
AMD Accelerated Video Transcoding (Version: 12.5.100.21025 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1016.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{B9C542F2-31A8-8EC1-B349-28C74D2A865C}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.1025.346.4844 - Ihr Firmenname) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1025.346.4844 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1025.346.4844 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.1025.346.4844 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1025.0345.4844 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1025.0345.4844 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1025.0345.4844 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1025.0345.4844 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1025.0345.4844 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1025.0345.4844 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1025.0345.4844 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1025.0345.4844 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1025.0345.4844 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1025.0345.4844 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1025.0345.4844 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1025.0345.4844 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1025.0345.4844 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1025.0345.4844 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1025.0345.4844 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1025.0345.4844 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1025.346.4844 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415a - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (x32 Version: 10.0.1.1913 - CyberLink Corp.) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1904 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1904 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.4318.52 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dealply (HKCU\...\Dealply) (Version:  - ) <==== ATTENTION
DealPly (remove only) (HKLM-x32\...\DealPly) (Version: 4.8.7.3 - DealPly Technologies Ltd.) <==== ATTENTION
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D9ED3EFC-AB00-4CE0-ADED-80EE6B1158A7}) (Version: 2.2.2000.0 - Dell Products, LP)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.2.12.17 - Synaptics Incorporated)
EPSON XP-205 207 Series Printer Uninstall (HKLM\...\EPSON XP-205 207 Series) (Version:  - SEIKO EPSON Corporation)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Update Helper (x32 Version: 1.3.23.0 - DealPly Technologies Ltd) Hidden <==== ATTENTION
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{E77289CF-12B9-4CAB-A49E-FEAE947F4D95}) (Version: 15.5.4.0423 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{0728A184-F899-4356-B93D-8228674F0DEB}) (Version: 2.6.1209.0268 - Motorola Solutions, Inc.)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Kaspersky Internet Security 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
LyricXeeker (HKLM-x32\...\lyrix@lyrixeeker.co) (Version:  - LyriXeeker Tech)
Media_Play_AIR+ (HKLM-x32\...\Media_Play_AIR+) (Version: 1.34.5.29 - enter) <==== ATTENTION
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 pl) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 pl)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Nero 9 Essentials (HKLM-x32\...\{c405b51f-19fb-49ce-b717-c2795fe06fb1}) (Version:  - Nero AG)
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.12.100 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.4.10.100 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Obsługa programów Apple (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PowerXpressHybrid (x32 Version: 1.00.0000 - Ihr Firmenname) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.012 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6741 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SupraSavings (Version: 1.0.0.0 - SupraSavings) Hidden <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Überwachungstool für die Intel® Turbo-Boost-Technik 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
webssearches uninstaller (HKLM-x32\...\webssearches uninstaller) (Version:  - webssearches) <==== ATTENTION
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

13-07-2014 15:22:36 Geplanter Prüfpunkt
13-07-2014 18:48:15 Operacja przywracania
20-07-2014 14:12:03 Windows Update

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {08ED697A-FC59-44FA-A491-5196A213AE72} - System32\Tasks\Dealply => C:\Users\Ola\AppData\Roaming\Dealply\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1CCBE0E0-521F-447C-9D06-D2D953FE2F55} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {33235810-E825-440E-B410-190658C67ED9} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {48DE106D-98FA-4D8C-B95B-00E27BCE5BAF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-07-20] (Microsoft Corporation)
Task: {60BDBD4B-3C1B-43D9-85F3-EBA531BA8867} - System32\Tasks\dca6915e-c188-42e3-ae3b-6edb861f0320-4 => C:\Program Files (x86)\Media_Play_AIR+\dca6915e-c188-42e3-ae3b-6edb861f0320-4.exe [2014-06-04] (enter) <==== ATTENTION
Task: {8C3EA0A2-9FC4-46E1-B221-6F1DD233BCA8} - System32\Tasks\dca6915e-c188-42e3-ae3b-6edb861f0320-5 => C:\Program Files (x86)\Media_Play_AIR+\dca6915e-c188-42e3-ae3b-6edb861f0320-5.exe [2014-06-04] (enter) <==== ATTENTION
Task: {A27D6B25-9CDB-46EA-B917-0EAF9E16DA90} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AF483225-1AA2-4CD5-9603-544DFC4A1FFD} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-06-04] (globalUpdate)
Task: {B21FB3A1-59F1-4820-AFC4-8068BDDECD76} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-06-04] (globalUpdate)
Task: {B685531C-B596-4B7A-AEF6-99C523AD8716} - System32\Tasks\DealPlyLiveUpdateTaskMachineCore => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-08-02] (DealPly Technologies Ltd) <==== ATTENTION
Task: {B757880D-C392-452F-83C2-FFA13033D6E4} - System32\Tasks\dca6915e-c188-42e3-ae3b-6edb861f0320-1 => C:\Program Files (x86)\Media_Play_AIR+\Media_Play_AIR+-codedownloader.exe [2014-06-04] (enter) <==== ATTENTION
Task: {BE178653-CE15-4313-9380-FD617E1878F9} - System32\Tasks\dca6915e-c188-42e3-ae3b-6edb861f0320-3 => C:\Program Files (x86)\Media_Play_AIR+\dca6915e-c188-42e3-ae3b-6edb861f0320-3.exe [2014-06-04] (enter) <==== ATTENTION
Task: {BFF9A87E-6118-4F87-BAFA-FCFF14D5DA1C} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D7F7A4A5-E3CA-409C-9ABA-9C194E176C27} - System32\Tasks\dca6915e-c188-42e3-ae3b-6edb861f0320-2 => C:\Program Files (x86)\Media_Play_AIR+\dca6915e-c188-42e3-ae3b-6edb861f0320-2.exe [2014-06-04] (enter) <==== ATTENTION
Task: {DB7AD99D-FF93-4351-88CB-4F64822297B8} - System32\Tasks\DealPlyUpdate => C:\Program
Task: {E70CA81A-8080-4A80-BF82-026465059141} - System32\Tasks\DealPlyLiveUpdateTaskMachineUA => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-08-02] (DealPly Technologies Ltd) <==== ATTENTION
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\Windows\Tasks\dca6915e-c188-42e3-ae3b-6edb861f0320-1.job => C:\Program Files (x86)\Media_Play_AIR+\Media_Play_AIR+-codedownloader.exe
Task: C:\Windows\Tasks\dca6915e-c188-42e3-ae3b-6edb861f0320-2.job => C:\Program Files (x86)\Media_Play_AIR+\dca6915e-c188-42e3-ae3b-6edb861f0320-2.exe
Task: C:\Windows\Tasks\dca6915e-c188-42e3-ae3b-6edb861f0320-3.job => C:\Program Files (x86)\Media_Play_AIR+\dca6915e-c188-42e3-ae3b-6edb861f0320-3.exe
Task: C:\Windows\Tasks\dca6915e-c188-42e3-ae3b-6edb861f0320-4.job => C:\Program Files (x86)\Media_Play_AIR+\dca6915e-c188-42e3-ae3b-6edb861f0320-4.exe
Task: C:\Windows\Tasks\dca6915e-c188-42e3-ae3b-6edb861f0320-5.job => C:\Program Files (x86)\Media_Play_AIR+\dca6915e-c188-42e3-ae3b-6edb861f0320-5.exe
Task: C:\Windows\Tasks\Dealply.job => C:\Users\Ola\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe
Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\LyricXeeker Update.job => C:\Program Files (x86)\LyriXeeker\LyriXupdate.exe

==================== Loaded Modules (whitelisted) =============

2014-06-04 00:58 - 2014-06-04 00:58 - 00706560 _____ () C:\Program Files\003\buuoujqmrk64.exe
2013-03-01 09:42 - 2012-04-25 04:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-03-21 12:55 - 2014-03-21 12:55 - 00162816 _____ () c:\program files\suprasavings\pcproxydll64.dll
2013-03-01 17:15 - 2012-10-16 12:38 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-17 21:39 - 2013-08-02 21:53 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
2014-06-18 21:11 - 2014-06-18 21:11 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-08-17 21:38 - 2012-08-17 21:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
2014-06-23 21:19 - 2014-06-23 21:19 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\b1c5b85477b09ceb4fa27fdf6e37e617\PSIClient.ni.dll
2013-03-01 09:29 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAWFP => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/21/2014 07:47:35 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (07/21/2014 07:47:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Ola)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/21/2014 07:47:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Ola)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/21/2014 07:47:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Ola)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/21/2014 07:47:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Ola)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/21/2014 07:47:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Ola)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/21/2014 07:47:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Ola)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/21/2014 01:07:24 AM) (Source: ATIeRecord) (EventID: 16388) (User: )
Description: ATI EEU Client event error

Error: (07/21/2014 01:03:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233
Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x1944
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5

Error: (07/21/2014 01:03:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 30.0.0.5269, Zeitstempel: 0x5391420b
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16578, Zeitstempel: 0x515fac6e
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000daa3c
ID des fehlerhaften Prozesses: 0xba0
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Vollständiger Name des fehlerhaften Pakets: firefox.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: firefox.exe5


System errors:
=============
Error: (07/21/2014 07:54:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Dell Digital Delivery Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/21/2014 07:49:24 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.

Error: (07/21/2014 07:48:54 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.

Error: (07/21/2014 07:48:24 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.

Error: (07/21/2014 07:47:54 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SftService erreicht.

Error: (07/21/2014 07:47:31 PM) (Source: DCOM) (EventID: 10010) (User: Ola)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (07/21/2014 07:47:31 PM) (Source: DCOM) (EventID: 10010) (User: Ola)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (07/21/2014 07:47:31 PM) (Source: DCOM) (EventID: 10010) (User: Ola)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (07/21/2014 07:47:31 PM) (Source: DCOM) (EventID: 10010) (User: Ola)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (07/21/2014 07:47:31 PM) (Source: DCOM) (EventID: 10010) (User: Ola)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca


Microsoft Office Sessions:
=========================
Error: (07/21/2014 07:47:35 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (07/21/2014 07:47:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Ola)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (07/21/2014 07:47:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Ola)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (07/21/2014 07:47:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Ola)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (07/21/2014 07:47:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Ola)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (07/21/2014 07:47:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Ola)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (07/21/2014 07:47:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Ola)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927141

Error: (07/21/2014 01:07:24 AM) (Source: ATIeRecord) (EventID: 16388) (User: )
Description: 

Error: (07/21/2014 01:03:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141b194401cfa46b16826383C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll08f2f6ee-1062-11e4-be8e-6036ddc8a522

Error: (07/21/2014 01:03:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe30.0.0.52695391420bntdll.dll6.2.9200.16578515fac6ec0000374000daa3cba001cfa46b0c1f6142C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Windows\SYSTEM32\ntdll.dll04fe2b68-1062-11e4-be8e-6036ddc8a522


==================== Memory info =========================== 

Percentage of memory in use: 28%
Total physical RAM: 8061.27 MB
Available physical RAM: 5734.45 MB
Total Pagefile: 9277.27 MB
Available Pagefile: 6851.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:105.94 GB) (Free:4.8 GB) NTFS
Drive d: (Volume) (Fixed) (Total:810.55 GB) (Free:810.34 GB) NTFS
Drive f: (PBR Image) (Fixed) (Total:13.88 GB) (Free:0.27 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================

schrauber · 22.07.2014, 11:03

Adware & Co. deinstallieren

Lade Dir bitte von hier Revo Uninstaller herunter.
Installiere und starte das Programm.
Suche im Uninstallerfeld nach den Programmen, die unter:

diesen Zusatz haben:
Wähle die Programme nacheinander aus und klicke jedesmal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Elli1105 · 22.07.2014, 21:16

Guten Abend

revo uninstaller: erledigt!
mbam.txt hier:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
Malwarebytes | Free Anti-Malware & Internet Security Software


Protection, 2014-07-22 21:00:18, SYSTEM, OLA, Protection, Malware Protection, Starting, 
Protection, 2014-07-22 21:00:18, SYSTEM, OLA, Protection, Malware Protection, Started, 
Protection, 2014-07-22 21:00:18, SYSTEM, OLA, Protection, Malicious Website Protection, Starting, 
Protection, 2014-07-22 21:00:18, SYSTEM, OLA, Protection, Malicious Website Protection, Started, 
Update, 2014-07-22 21:00:26, SYSTEM, OLA, Manual, Rootkit Database, 2014.2.20.1, 2014.7.17.1, 
Update, 2014-07-22 21:00:42, SYSTEM, OLA, Manual, Malware Database, 2014.3.4.9, 2014.7.22.8, 
Protection, 2014-07-22 21:00:56, SYSTEM, OLA, Protection, Refresh, Starting, 
Protection, 2014-07-22 21:00:56, SYSTEM, OLA, Protection, Malicious Website Protection, Stopping, 
Protection, 2014-07-22 21:00:57, SYSTEM, OLA, Protection, Malicious Website Protection, Stopped, 
Protection, 2014-07-22 21:01:01, SYSTEM, OLA, Protection, Refresh, Success, 
Protection, 2014-07-22 21:01:01, SYSTEM, OLA, Protection, Malicious Website Protection, Starting, 
Protection, 2014-07-22 21:01:01, SYSTEM, OLA, Protection, Malicious Website Protection, Started, 
Protection, 2014-07-22 21:01:20, SYSTEM, OLA, Protection, Refresh, Starting, 
Protection, 2014-07-22 21:01:20, SYSTEM, OLA, Protection, Malicious Website Protection, Stopping, 
Protection, 2014-07-22 21:01:20, SYSTEM, OLA, Protection, Malicious Website Protection, Stopped, 
Protection, 2014-07-22 21:01:26, SYSTEM, OLA, Protection, Refresh, Success, 
Protection, 2014-07-22 21:01:26, SYSTEM, OLA, Protection, Malicious Website Protection, Starting, 
Protection, 2014-07-22 21:01:26, SYSTEM, OLA, Protection, Malicious Website Protection, Started, 
Detection, 2014-07-22 21:06:00, SYSTEM, OLA, Protection, Malware Protection, File, PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe, Quarantine, [2c643b673249c6704320170e1ee336ca]

(end)

adw cleaner hier:

Code:

ATTFilter

# AdwCleaner v3.216 - Bericht erstellt am 22/07/2014 um 21:25:05
# Aktualisiert 17/07/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Ola - OLA
# Gestartet von : D:\pobrane\adwcleaner_3.216.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : dealplylive
[#] Dienst Gelöscht : dealplylivem
[#] Dienst Gelöscht : globalUpdate
[#] Dienst Gelöscht : globalUpdatem
Dienst Gelöscht : SecureAssist
Dienst Gelöscht : WindowsProtectManger

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\WindowsProtectManger
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\RegClean Pro
Ordner Gelöscht : C:\Program Files\003
Ordner Gelöscht : C:\Program Files\SupraSavings
Ordner Gelöscht : C:\Users\Ola\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Ola\AppData\Roaming\337Games
Ordner Gelöscht : C:\Users\Ola\AppData\Roaming\Activeris
Ordner Gelöscht : C:\Users\Ola\AppData\Roaming\SupTab
Ordner Gelöscht : C:\Users\Ola\AppData\Roaming\Systweak
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Windows\SysWOW64\SecureAssist.ini
Datei Gelöscht : C:\Windows\SysWOW64\SecureAssistOff.ini
Datei Gelöscht : C:\Windows\System32\drivers\SAWFP64.sys
Datei Gelöscht : C:\Windows\System32\SecureAssist.ini
Datei Gelöscht : C:\Windows\System32\SecureAssistOff.ini
Datei Gelöscht : C:\Windows\Tasks\Dealply.job

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\Ola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Ola\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Ola\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Ola\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EF41A4-BA24-4E49-A2C0-E1D047299287}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{130CCD34-0382-48E5-B307-0E7E72166828}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{26D25DD5-F17A-4D93-9A94-997E2124EEB4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{30279F40-D76B-443C-A34D-F43B35B35CE1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{796D0AA0-DC0E-44C9-A398-C874F04D55A4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CE2102F0-DF63-452E-9CA7-0F75FF4DDD4B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{DADFCC6F-66D2-4E1D-A01B-7064CAD2F583}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EBE666C3-F26C-4CF6-8ABA-3D5F5D2625E1}
Schlüssel Gelöscht : HKCU\Software\genesis
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\lyrixeeker
Schlüssel Gelöscht : HKLM\Software\delta-homesSoftware
Schlüssel Gelöscht : HKLM\Software\GlobalUpdate
Schlüssel Gelöscht : HKLM\Software\installedbrowserextensions
Schlüssel Gelöscht : HKLM\Software\SupDp
Schlüssel Gelöscht : HKLM\Software\SupTab
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\installedbrowserextensions

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16921

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v30.0 (pl)

[ Datei : C:\Users\Ola\AppData\Roaming\Mozilla\Firefox\Profiles\edhe82y7.default\prefs.js ]

Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://www.delta-homes.com/newtab/?utm_source=b&utm_medium=wpm0613&utm_campaign=ST1000LM024XHN-M101MBB_S2WZJA0CB27285B27285&utm_content=nt&from=wpm0613&uid=ST1000LM024[...]
Zeile gelöscht : user_pref("extensions.afaf73efed6aa46eb8014e0b47ac07eada90d6ab4be694e96a9791fd9c1ae6f92com58488.58488.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Zeile gelöscht : user_pref("extensions.crossrider.bic", "14663f55726b3ea2795e887d56bfa271");

-\\ Google Chrome v

[ Datei : C:\Users\Ola\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [6970 octets] - [22/07/2014 21:24:03]
AdwCleaner[S0].txt - [5565 octets] - [22/07/2014 21:25:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5625 octets] ##########

jrt txt hier:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Ola on 2014-07-22 at 21:29:45,15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Ola\AppData\Roaming\mozilla\firefox\profiles\edhe82y7.default\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2014-07-22 at 21:36:03,57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

nach dem adw cleaner und neustart, war beim öffnen bereits wieder google als startseite

hier noch die neue frst log

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by Ola (administrator) on OLA on 22-07-2014 21:37:10
Running from D:\pobrane
Platform: Windows 8 (X64) OS Language: Niemiecki (Niemcy)
Internet Explorer Version 10
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Thisisu) D:\pobrane\JRT.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [DellWPF] => [X]
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6842000 2012-09-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1230992 2012-09-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2918200 2012-09-21] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5757328 2012-10-19] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" 
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp 
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-10-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {5EB604A5-A0AC-4156-B7B9-57B83CC825A9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {5EB604A5-A0AC-4156-B7B9-57B83CC825A9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKCU - {5EB604A5-A0AC-4156-B7B9-57B83CC825A9} URL = 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2

FireFox:
========
FF ProfilePath: C:\Users\Ola\AppData\Roaming\Mozilla\Firefox\Profiles\edhe82y7.default
FF Homepage: https://www.google.de/webhp?tab=ww&ei=-DywU5GuO4GshQeNvoHICA&ved=0CBEQ1S4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: Adblock Plus - C:\Users\Ola\AppData\Roaming\Mozilla\Firefox\Profiles\edhe82y7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-08]
FF HKLM-x32\...\Firefox\Extensions: [shortcutff@gmail.com] - C:\Users\Ola\AppData\Roaming\Mozilla\Firefox\Profiles\edhe82y7.default\extensions\shortcutff@gmail.com
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKCU\...\Firefox\Extensions: [lyrix@lyrixeeker.co] - C:\Program Files (x86)\LyriXeeker\125.xpi

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [odnofacmifkjndflfmmplhckcbfjckhj] - C:\Program Files (x86)\LyriXeeker\125.crx []

==================== Services (Whitelisted) =================

S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-09-01] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915480 2013-05-23] (SoftThinks SAS)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [121728 2012-08-27] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-09-21] (Synaptics Incorporated)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
S2 SAWFP; \??\C:\Windows\system32\Drivers\SAWFP64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-22 21:36 - 2014-07-22 21:36 - 00000739 _____ () C:\Users\Ola\Desktop\JRT.txt
2014-07-22 21:29 - 2014-07-22 21:29 - 00000000 ____D () C:\Windows\ERUNT
2014-07-22 21:26 - 2014-07-22 21:26 - 00000312 _____ () C:\Windows\PFRO.log
2014-07-22 21:24 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-22 21:23 - 2014-07-22 21:25 - 00000000 ____D () C:\AdwCleaner
2014-07-22 21:22 - 2014-07-22 21:22 - 00001953 _____ () C:\Users\Ola\Desktop\mbam.txt
2014-07-22 21:03 - 2014-01-19 09:38 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-07-22 21:00 - 2014-07-22 21:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-22 20:59 - 2014-07-22 20:59 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-22 20:59 - 2014-07-22 20:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-22 20:59 - 2014-07-22 20:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-22 20:59 - 2014-07-22 20:59 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-22 20:59 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-22 20:59 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-22 20:59 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-22 20:50 - 2014-07-22 20:50 - 00001266 _____ () C:\Users\Ola\Desktop\Revo Uninstaller.lnk
2014-07-22 20:50 - 2014-07-22 20:50 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-21 19:57 - 2014-07-22 21:37 - 00000000 ____D () C:\FRST
2014-07-21 19:48 - 2014-07-21 19:48 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-06 23:42 - 2014-07-06 23:48 - 00000000 ____D () C:\Users\Ola\Desktop\Stare dane programu Firefox
2014-07-06 18:36 - 2014-07-06 23:55 - 00000000 ____D () C:\Program Files (x86)\Freemake
2014-07-06 18:36 - 2014-07-06 18:36 - 00000000 ____D () C:\Users\Ola\AppData\Roaming\YoutubeToMp3Converter
2014-07-06 18:36 - 2014-07-06 18:36 - 00000000 ____D () C:\ProgramData\Freemake
2014-07-06 17:26 - 2014-07-06 17:57 - 00002376 _____ () C:\Users\Ola\Desktop\Nowy dokument tekstowy.txt
2014-06-29 18:55 - 2014-07-22 21:25 - 00683737 _____ () C:\Windows\WindowsUpdate.log
2014-06-26 23:41 - 2014-06-26 23:41 - 00291704 _____ () C:\Windows\system32\FNTCACHE.DAT

==================== One Month Modified Files and Folders =======

2014-07-22 21:37 - 2014-07-21 19:57 - 00000000 ____D () C:\FRST
2014-07-22 21:37 - 2013-07-30 19:19 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3752501977-68063987-1678832158-1001
2014-07-22 21:36 - 2014-07-22 21:36 - 00000739 _____ () C:\Users\Ola\Desktop\JRT.txt
2014-07-22 21:34 - 2013-03-01 09:49 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-07-22 21:29 - 2014-07-22 21:29 - 00000000 ____D () C:\Windows\ERUNT
2014-07-22 21:27 - 2014-07-22 21:00 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-22 21:26 - 2014-07-22 21:26 - 00000312 _____ () C:\Windows\PFRO.log
2014-07-22 21:26 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-22 21:25 - 2014-07-22 21:23 - 00000000 ____D () C:\AdwCleaner
2014-07-22 21:25 - 2014-06-29 18:55 - 00683737 _____ () C:\Windows\WindowsUpdate.log
2014-07-22 21:25 - 2013-07-30 19:19 - 00001063 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-22 21:25 - 2013-07-30 19:19 - 00001051 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-22 21:25 - 2013-07-30 19:11 - 00000995 _____ () C:\Users\Ola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-22 21:25 - 2012-07-26 07:26 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-07-22 21:22 - 2014-07-22 21:22 - 00001953 _____ () C:\Users\Ola\Desktop\mbam.txt
2014-07-22 21:17 - 2013-03-01 09:50 - 00000000 ____D () C:\Temp
2014-07-22 21:03 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-22 21:02 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-07-22 21:01 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-22 20:59 - 2014-07-22 20:59 - 00001104 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-22 20:59 - 2014-07-22 20:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-22 20:59 - 2014-07-22 20:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-22 20:59 - 2014-07-22 20:59 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-22 20:51 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-07-22 20:50 - 2014-07-22 20:50 - 00001266 _____ () C:\Users\Ola\Desktop\Revo Uninstaller.lnk
2014-07-22 20:50 - 2014-07-22 20:50 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-22 20:38 - 2013-07-30 19:05 - 00000000 ____D () C:\Users\Ola
2014-07-22 20:37 - 2012-07-26 12:29 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-22 20:37 - 2012-07-26 07:38 - 00000000 ____D () C:\Windows\system32\Sysprep
2014-07-22 20:36 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-22 20:36 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-22 20:36 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\registration
2014-07-22 20:36 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-07-22 20:33 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-22 14:28 - 2013-08-01 21:51 - 00894976 ___SH () C:\Users\Ola\Desktop\Thumbs.db
2014-07-21 19:48 - 2014-07-21 19:48 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-20 16:15 - 2013-08-15 20:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-20 16:00 - 2013-08-06 22:22 - 00000000 ____D () C:\Users\Ola\AppData\Roaming\PCDr
2014-07-19 13:35 - 2013-07-30 21:00 - 00798118 _____ () C:\Windows\system32\perfh015.dat
2014-07-19 13:35 - 2013-07-30 21:00 - 00160398 _____ () C:\Windows\system32\perfc015.dat
2014-07-19 13:35 - 2012-07-26 12:27 - 00742838 _____ () C:\Windows\system32\perfh007.dat
2014-07-19 13:35 - 2012-07-26 12:27 - 00155896 _____ () C:\Windows\system32\perfc007.dat
2014-07-19 13:35 - 2012-07-26 09:28 - 02695612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-13 14:46 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\SysWOW64\MSDRM
2014-07-13 14:45 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-07-13 14:41 - 2013-07-30 19:19 - 00000000 ____D () C:\Users\Ola\AppData\Local\Mozilla
2014-07-06 23:55 - 2014-07-06 18:36 - 00000000 ____D () C:\Program Files (x86)\Freemake
2014-07-06 23:48 - 2014-07-06 23:42 - 00000000 ____D () C:\Users\Ola\Desktop\Stare dane programu Firefox
2014-07-06 18:36 - 2014-07-06 18:36 - 00000000 ____D () C:\Users\Ola\AppData\Roaming\YoutubeToMp3Converter
2014-07-06 18:36 - 2014-07-06 18:36 - 00000000 ____D () C:\ProgramData\Freemake
2014-07-06 17:57 - 2014-07-06 17:26 - 00002376 _____ () C:\Users\Ola\Desktop\Nowy dokument tekstowy.txt
2014-07-03 23:28 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-06-29 18:26 - 2014-06-04 00:57 - 00000000 ____D () C:\Users\Ola\AppData\Local\Genesis_06032257
2014-06-29 18:16 - 2013-07-30 19:08 - 00000000 ____D () C:\Users\Ola\AppData\Local\Packages
2014-06-27 22:10 - 2012-07-26 07:26 - 00524288 ___SH () C:\Windows\system32\config\BBI(104)
2014-06-26 23:41 - 2014-06-26 23:41 - 00291704 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-26 23:41 - 2013-07-30 19:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Users\Ola\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-12 11:24

==================== End Of Log ============================

--- --- ---

--- --- ---

Ich hoffe, ich habe alles korrekt ausgeführt und gepostet.

Liebste Grüße,

Elli

schrauber · 23.07.2014, 12:10

ja

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Startseite "istart.websearches.com" und massenweise fenster öffnen sich

Plagegeister aller Art und deren Bekämpfung: Startseite "istart.websearches.com" und massenweise fenster öffnen sich