Ständige PopUps und Aufforderungen zum Aktualisieren des Video-Players

McGirt · 21.08.2014, 19:37

Hallo,
ich habe seit einiger Zeit Probleme mit dem Internet. Ständig öffnen sich PopUps und ich bekomme Aufforderungen den Video-Player zu aktualisieren. Ich habe auch einen Scan mit Emsisoft gemacht- hierbei gab es einige Funde. Ich habe die Funde dann in Quarantäne verschoben, aber das Problem hat sich dadurch nicht gelöst. Ich weiß leider nicht, wie ich vorgehen soll... bitte helft mir.

Gruß
Robert

schrauber · 21.08.2014, 19:39

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

McGirt · 21.08.2014, 20:23

FRST.txt

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-08-2014
Ran by Robert (administrator) on NOTEBOOK-ROBERT on 21-08-2014 21:15:26
Running from C:\Users\Robert\Downloads
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
() C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
() C:\Users\Robert\AppData\Roaming\Dealply\UpdateProc\UpdateTask.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Robert\Downloads\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Atheros Communications)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2862928 2012-07-29] (ELAN Microelectronics Corp.)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-11] (ASUS)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5264016 2012-08-16] (VIA)
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [466944 2011-09-19] ()
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78352 2012-05-23] (cyberlink)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKU\S-1-5-21-3576039111-1821954588-2524210282-1002\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-13] ()
HKU\S-1-5-21-3576039111-1821954588-2524210282-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3588952 2014-04-21] (Electronic Arts)
HKU\S-1-5-21-3576039111-1821954588-2524210282-1002\...\Run: [EPSON BX300F Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEJE.EXE [221696 2008-01-22] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3576039111-1821954588-2524210282-1002\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1339672 2013-11-04] (Comfort Software Group)
HKU\S-1-5-21-3576039111-1821954588-2524210282-1002\...\MountPoints2: {a41ca225-3913-11e2-be6a-806e6f6e6963} - "F:\start.exe" /auto
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found
AppInit_DLLs:  c:\progra~2\nvidia~1\3dvisi~1\nvstin~1.dll => c:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInit64.dll [21864 2012-08-28] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2011\mshaktuell.exe ()
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_U -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss_din2g&mntrId=E040DC85DEA51276&affID=119357&tt=040713_ctrl&tsp=4937
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=E040DC85DEA51276&affID=119357&tt=040713_ctrl&tsp=4937
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=E040DC85DEA51276&affID=119357&tt=040713_ctrl&tsp=4937
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO-x32: DealPly Shopping -> {ae48ed75-5a56-4c5f-bbce-6f1ac3875f66} -> C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=3 -> C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=9 -> C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR HomePage: hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=E040DC85DEA51276&affID=119357&tt=040713_ctrl&tsp=4937
CHR StartupUrls: "hxxp://www.transfermarkt.de/"
CHR DefaultSearchKeyword: babylon.com
CHR DefaultSearchProvider: Babylon
CHR DefaultSearchURL: hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_ss_sps&mntrId=E040DC85DEA51276&affID=119357&tt=040713_ctrl&tsp=4937
CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
CHR Extension: (Google Docs) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-12]
CHR Extension: (Google Drive) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-12]
CHR Extension: (YouTube) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-12]
CHR Extension: (Google-Suche) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-12]
CHR Extension: (AdBlock) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-10]
CHR Extension: (DealPly Germany) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf [2013-07-08]
CHR Extension: (Google Wallet) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Plus-HD-2.3) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec [2013-07-08]
CHR Extension: (Google Mail) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4741384 2014-08-01] (Emsisoft GmbH)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243728 2012-05-23] (CyberLink)
S2 dealplylive; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [148000 2013-07-08] (DealPly Technologies Ltd)
S3 dealplylivem; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [148000 2013-07-08] (DealPly Technologies Ltd)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-14] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-08-01] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-05-17] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2014-01-07] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-08-01] (Emsisoft GmbH)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2014-01-07] (Emsisoft GmbH)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
U0 msahci; 

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-21 21:15 - 2014-08-21 21:15 - 00018949 _____ () C:\Users\Robert\Downloads\FRST.txt
2014-08-21 21:14 - 2014-08-21 21:15 - 00000000 ____D () C:\FRST
2014-08-21 21:13 - 2014-08-21 21:14 - 02101760 _____ (Farbar) C:\Users\Robert\Downloads\FRST64 (1).exe
2014-08-21 21:13 - 2014-08-21 21:13 - 02101760 _____ (Farbar) C:\Users\Robert\Downloads\FRST64.exe
2014-08-21 21:05 - 2014-08-21 21:05 - 01094144 _____ (Farbar) C:\Users\Robert\Downloads\FRST.exe
2014-08-18 19:26 - 2014-08-18 19:26 - 01137880 _____ () C:\Users\Robert\Downloads\Setup.exe
2014-08-14 22:58 - 2014-07-16 00:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-08-14 22:57 - 2014-06-11 00:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 22:57 - 2014-06-11 00:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 22:10 - 2014-07-24 14:11 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 22:10 - 2014-07-24 14:10 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 22:10 - 2014-07-24 14:10 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 22:10 - 2014-07-24 14:10 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-08-14 22:10 - 2014-07-24 14:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 19279872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 15399936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 22:10 - 2014-07-24 14:09 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 22:10 - 2014-07-24 12:52 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 22:10 - 2014-07-24 12:52 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 22:10 - 2014-07-24 12:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 14371328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 22:10 - 2014-07-24 12:51 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 22:10 - 2014-07-24 12:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 22:10 - 2014-07-24 12:29 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 22:10 - 2014-07-24 10:03 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-08-14 22:10 - 2014-06-13 03:57 - 01453400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 22:10 - 2014-06-13 03:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-14 22:09 - 2014-07-16 01:03 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-14 22:09 - 2014-07-16 00:55 - 04035072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-14 22:09 - 2014-07-12 04:36 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-14 22:08 - 2014-08-07 08:33 - 00712192 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 22:08 - 2014-08-07 05:09 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 22:08 - 2014-06-05 19:30 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-08-14 22:08 - 2014-05-03 08:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-08-14 22:08 - 2014-05-03 08:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-08-14 22:08 - 2014-05-03 06:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-08-14 22:08 - 2014-05-02 00:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-08-14 22:08 - 2014-04-30 00:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-08-14 22:08 - 2014-04-30 00:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-08-14 22:08 - 2014-04-24 01:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-08-14 22:08 - 2014-04-24 01:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-14 22:08 - 2014-04-24 01:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-08-14 22:08 - 2014-04-24 01:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-14 22:07 - 2014-06-20 01:35 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 22:07 - 2014-06-20 00:24 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 22:07 - 2014-06-05 19:56 - 00112984 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 22:07 - 2014-06-05 19:29 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 22:07 - 2014-06-05 19:29 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 22:07 - 2014-06-05 19:28 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 22:07 - 2014-06-05 19:28 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-08-14 22:07 - 2014-06-05 15:12 - 08857600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-08-14 22:07 - 2014-06-05 15:11 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 22:07 - 2014-06-05 15:11 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 22:07 - 2014-06-05 15:10 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 22:07 - 2014-06-05 15:10 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-08-14 22:07 - 2014-05-29 06:04 - 00094552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2014-08-14 22:07 - 2014-05-08 03:34 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-08-06 22:53 - 2014-08-17 23:17 - 00293272 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-05 18:08 - 2014-08-05 18:08 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-08-01 16:05 - 2014-08-17 23:16 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 16:05 - 2014-08-17 23:16 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 16:05 - 2014-08-17 23:16 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 16:05 - 2014-08-17 23:16 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-01 16:05 - 2014-08-03 00:11 - 03286528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 16:05 - 2014-08-03 00:11 - 01623040 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 16:05 - 2014-08-03 00:11 - 00773632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 16:05 - 2014-08-03 00:11 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-01 16:05 - 2014-08-03 00:11 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-08-01 16:05 - 2014-08-03 00:11 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-08-01 16:05 - 2014-08-03 00:11 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 16:05 - 2014-08-03 00:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-01 16:05 - 2014-08-03 00:11 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-22 08:04 - 2014-08-17 23:16 - 00000000 ___SD () C:\Windows\system32\CompatTel

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-21 21:15 - 2014-08-21 21:15 - 00018949 _____ () C:\Users\Robert\Downloads\FRST.txt
2014-08-21 21:15 - 2014-08-21 21:14 - 00000000 ____D () C:\FRST
2014-08-21 21:14 - 2014-08-21 21:13 - 02101760 _____ (Farbar) C:\Users\Robert\Downloads\FRST64 (1).exe
2014-08-21 21:13 - 2014-08-21 21:13 - 02101760 _____ (Farbar) C:\Users\Robert\Downloads\FRST64.exe
2014-08-21 21:05 - 2014-08-21 21:05 - 01094144 _____ (Farbar) C:\Users\Robert\Downloads\FRST.exe
2014-08-21 21:02 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-08-21 20:33 - 2013-01-13 14:16 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-08-21 20:29 - 2013-07-08 15:24 - 00000938 _____ () C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
2014-08-21 20:24 - 2013-07-08 15:24 - 00000326 _____ () C:\Windows\Tasks\Dealply.job
2014-08-21 20:21 - 2013-01-12 13:24 - 00001142 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-21 19:13 - 2013-01-09 20:30 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3576039111-1821954588-2524210282-1002
2014-08-21 19:11 - 2014-01-07 23:11 - 01553923 _____ () C:\Windows\WindowsUpdate.log
2014-08-21 19:01 - 2013-01-13 15:18 - 00000000 ____D () C:\Users\Robert\AppData\Local\PMB Files
2014-08-21 18:24 - 2013-12-19 07:24 - 00000159 _____ () C:\Users\Robert\AppData\Roaming\WB.CFG
2014-08-21 18:24 - 2013-02-23 19:47 - 00000000 ____D () C:\Users\Robert\AppData\Local\CrashDumps
2014-08-21 18:23 - 2013-01-09 20:23 - 00000401 _____ () C:\Users\Robert\AppData\Roaming\sp_data.sys
2014-08-21 18:22 - 2013-07-08 15:26 - 00001232 _____ () C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job
2014-08-21 18:22 - 2013-07-08 15:26 - 00001228 _____ () C:\Windows\Tasks\Plus-HD-2.3-updater.job
2014-08-21 18:22 - 2013-07-08 15:26 - 00001132 _____ () C:\Windows\Tasks\Plus-HD-2.3-enabler.job
2014-08-21 18:22 - 2013-07-08 15:25 - 00001940 _____ () C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job
2014-08-21 18:22 - 2013-07-08 15:24 - 00000934 _____ () C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
2014-08-21 18:22 - 2013-01-12 13:24 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-18 19:26 - 2014-08-18 19:26 - 01137880 _____ () C:\Users\Robert\Downloads\Setup.exe
2014-08-18 00:57 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-08-17 23:24 - 2012-08-03 01:02 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-08-17 23:24 - 2012-08-03 01:02 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-08-17 23:24 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-17 23:17 - 2014-08-06 22:53 - 00293272 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-17 23:17 - 2012-11-28 06:29 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-17 23:17 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-17 23:17 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-08-17 23:16 - 2014-08-01 16:05 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-17 23:16 - 2014-08-01 16:05 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-17 23:16 - 2014-08-01 16:05 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-17 23:16 - 2014-08-01 16:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-17 23:16 - 2014-07-22 08:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-17 23:16 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-08-17 23:16 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-08-17 23:16 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-16 01:16 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-08-14 23:02 - 2013-07-18 18:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 23:01 - 2013-01-10 22:23 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 21:22 - 2013-01-12 13:25 - 00002177 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-07 08:33 - 2014-08-14 22:08 - 00712192 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 05:09 - 2014-08-14 22:08 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 07:27 - 2013-07-08 15:25 - 00000000 ____D () C:\Program Files (x86)\Plus-HD-2.3
2014-08-05 18:08 - 2014-08-05 18:08 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-08-03 00:11 - 2014-08-01 16:05 - 03286528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-03 00:11 - 2014-08-01 16:05 - 01623040 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-03 00:11 - 2014-08-01 16:05 - 00773632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-03 00:11 - 2014-08-01 16:05 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-03 00:11 - 2014-08-01 16:05 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-08-03 00:11 - 2014-08-01 16:05 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-08-03 00:11 - 2014-08-01 16:05 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-03 00:11 - 2014-08-01 16:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-03 00:11 - 2014-08-01 16:05 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-02 10:16 - 2013-04-07 17:11 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-08-02 02:15 - 2012-07-26 10:14 - 00704480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-02 02:15 - 2012-07-26 10:14 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-24 14:11 - 2014-08-14 22:10 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-24 14:10 - 2014-08-14 22:10 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-24 14:10 - 2014-08-14 22:10 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-24 14:10 - 2014-08-14 22:10 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-07-24 14:10 - 2014-08-14 22:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-07-24 14:09 - 2014-08-14 22:10 - 19279872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-24 14:09 - 2014-08-14 22:10 - 15399936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-24 14:09 - 2014-08-14 22:10 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-24 14:09 - 2014-08-14 22:10 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-24 14:09 - 2014-08-14 22:10 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-24 14:09 - 2014-08-14 22:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-24 14:09 - 2014-08-14 22:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-24 14:09 - 2014-08-14 22:10 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-24 14:09 - 2014-08-14 22:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-24 14:09 - 2014-08-14 22:10 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-24 14:09 - 2014-08-14 22:10 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-24 14:09 - 2014-08-14 22:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-24 14:09 - 2014-08-14 22:10 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-24 14:09 - 2014-08-14 22:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-24 14:09 - 2014-08-14 22:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-24 14:09 - 2014-08-14 22:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-24 12:52 - 2014-08-14 22:10 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-24 12:52 - 2014-08-14 22:10 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-24 12:52 - 2014-08-14 22:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-07-24 12:51 - 2014-08-14 22:10 - 14371328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-24 12:51 - 2014-08-14 22:10 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-24 12:51 - 2014-08-14 22:10 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-24 12:51 - 2014-08-14 22:10 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-24 12:51 - 2014-08-14 22:10 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-24 12:51 - 2014-08-14 22:10 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-24 12:51 - 2014-08-14 22:10 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-24 12:51 - 2014-08-14 22:10 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-24 12:51 - 2014-08-14 22:10 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-24 12:51 - 2014-08-14 22:10 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-24 12:51 - 2014-08-14 22:10 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-24 12:51 - 2014-08-14 22:10 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-24 12:51 - 2014-08-14 22:10 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-24 12:51 - 2014-08-14 22:10 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-24 12:51 - 2014-08-14 22:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-24 12:51 - 2014-08-14 22:10 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-24 12:33 - 2014-08-14 22:10 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-24 12:29 - 2014-08-14 22:10 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-24 10:03 - 2014-08-14 22:10 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-07-22 08:04 - 2012-07-26 11:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-22 08:04 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-22 08:04 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe


Some content of TEMP:
====================
C:\Users\Robert\AppData\Local\Temp\Sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-14 22:56

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2014
Ran by Robert at 2014-08-21 21:15:47
Running from C:\Users\Robert\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Adobe Reader X (10.1.8) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.8.142.61628 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.8.142.61628 - Alcor Micro Corp.) Hidden
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.2 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.7 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.018 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0005 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.7 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0023 - ASUS)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - ‪Canon Inc.‬)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MG5400 series Benutzerregistrierung (HKLM-x32\...\Canon MG5400 series Benutzerregistrierung) (Version:  - Canon Inc.‎)
Canon MG5400 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5400_series) (Version: 1.00 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Command & Conquer™ and The Covert Operations™ (HKLM-x32\...\{050E298D-C9B8-4582-A332-26201268A297}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Command & Conquer™ Tiberian Sun™ and Firestorm™ (HKLM-x32\...\{78F60BDD-1923-4CF7-B6BD-087D06D7B5BB}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Dealply (HKCU\...\Dealply) (Version:  - ) <==== ATTENTION
DealPly (remove only) (HKLM-x32\...\DealPly) (Version: 4.8.7.2 - DealPly Technologies Ltd.) <==== ATTENTION
Emsisoft Anti-Malware (HKLM-x32\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 7.0 - Emsisoft GmbH)
EPSON BX300F Series Printer Uninstall (HKLM\...\EPSON BX300F Series) (Version:  - SEIKO EPSON Corporation)
Epson Easy Photo Print 2 (HKLM-x32\...\{DEDB47A3-C988-4A43-A645-E2CEA571E680}) (Version: 2.0.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EPSON Stylus Office BX300F_TX300F Handbuch (HKLM-x32\...\EPSON Stylus Office BX300F_TX300F Benutzerhandbuch) (Version:  - )
ETDWare PS/2-X64 11.5.0.9_WHQL (HKLM\...\Elantech) (Version: 11.5.0.9 - ELAN Microelectronic Corp.)
Free Alarm Clock 3.0.3 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.0 - Comfort Software Group)
FUSSBALL MANAGER 12 (HKLM-x32\...\FUSSBALL MANAGER 12) (Version: 1.0.0.3 - Electronic Arts)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
NVIDIA 3D Vision Driver 306.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 306.14 - NVIDIA Corporation)
NVIDIA Control Panel 306.14 (Version: 306.14 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 306.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.14 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0613 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.0614 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Plus-HD-2.3 (HKLM-x32\...\Plus-HD-2.3) (Version: 1.27.153.8 - Plus HD) <==== ATTENTION
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WestwoodChat (HKLM-x32\...\{7CAE6A67-AF7B-4A6A-8705-8AFACA45BB60}) (Version: 1.0.0.0 - WestwoodChat)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WISO Steuer-Sparbuch 2011 (HKLM-x32\...\{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}) (Version: 18.00.6928 - Buhl Data Service GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

01-08-2014 14:05:08 Windows Update
10-08-2014 00:36:48 Geplanter Prüfpunkt
14-08-2014 20:56:33 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {066DFB8B-A3D8-4370-AEB2-6B5D62254B31} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {22961A22-4E18-4971-9DB9-96890356976F} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {266F8AF4-38CF-4434-8ECC-6A5A5F4F32F1} - System32\Tasks\Plus-HD-2.3-chromeinstaller => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-chromeinstaller.exe
Task: {2C2A8A76-B562-43FC-A4AB-38269485703F} - System32\Tasks\{B96D26A6-CDFC-4999-9CCE-CC8FB9B0C9B6} => Chrome.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/go/help.faq.installer?LastError=1603
Task: {36715AC5-E12A-497A-AA08-1E1F98CB47B3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-12] (Google Inc.)
Task: {4E56DD3F-08AA-4164-A77E-ED91F5656960} - System32\Tasks\Plus-HD-2.3-codedownloader => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-codedownloader.exe
Task: {6B7282B3-8300-4231-A7A0-706D6FD76F37} - System32\Tasks\DealPlyLiveUpdateTaskMachineUA => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-07-08] (DealPly Technologies Ltd) <==== ATTENTION
Task: {79BCF45B-5C4F-4055-8CBC-529EB24FB898} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-12] (Google Inc.)
Task: {8C698B20-F203-4A15-AB50-40725A2BD7A6} - System32\Tasks\Plus-HD-2.3-enabler => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-enabler.exe
Task: {94AA133D-61D8-4F07-A20B-6018E6713CD1} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {A24746EC-75B9-490A-803D-7C13A1B698DA} - System32\Tasks\DealPlyLiveUpdateTaskMachineCore => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-07-08] (DealPly Technologies Ltd) <==== ATTENTION
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B0DC36D8-0CF6-41B9-99CE-0372867B9CCA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {B89118AF-0A9B-4CD0-8A76-A531FC1A50FA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-08-14] (Microsoft Corporation)
Task: {BBB6AE1C-6581-449A-8F12-DABCC743E138} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2012-09-27] ()
Task: {C49DD75C-0798-4B0D-8CEC-280403CD7E5F} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {E26D882E-177E-4473-9CDC-BC3A2FF5B22D} - System32\Tasks\Plus-HD-2.3-updater => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-updater.exe
Task: {E3C30000-A2C7-43D9-BB00-AD680B2C476D} - System32\Tasks\BitGuard => Sc.exe start BitGuard
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {EC95E03C-A32F-4D5B-99CA-45F5FD04E544} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-08-06] (ASUS)
Task: {F6B9B61B-0584-42FB-AD76-C14FEFCE5A99} - System32\Tasks\Dealply => C:\Users\Robert\AppData\Roaming\Dealply\UpdateProc\UpdateTask.exe [2013-07-08] () <==== ATTENTION
Task: C:\Windows\Tasks\Dealply.job => C:\Users\Robert\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Plus-HD-2.3-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-2.3-codedownloader.job => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-2.3-enabler.job => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-2.3-updater.job => C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-updater.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-04-07 17:12 - 2012-03-28 14:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2012-08-24 19:26 - 2012-08-24 19:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-05-14 06:36 - 2014-05-14 06:36 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-08-10 20:28 - 2012-08-10 20:28 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-08-10 20:23 - 2012-08-10 20:23 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2012-11-28 06:36 - 2012-08-16 12:04 - 00078480 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2012-11-28 06:36 - 2012-08-16 12:04 - 00386192 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2012-11-28 06:41 - 2011-09-19 12:40 - 00466944 _____ () C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
2013-07-08 15:24 - 2013-07-08 15:24 - 00102968 _____ () C:\Users\Robert\AppData\Roaming\Dealply\UpdateProc\UpdateTask.exe
2014-08-01 16:58 - 2014-08-01 16:58 - 00703800 _____ () C:\Program Files (x86)\Emsisoft Anti-Malware\fw32.dll
2012-11-28 06:31 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-09-11 16:01 - 2012-09-11 16:01 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2014-08-13 21:22 - 2014-08-07 05:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-13 21:22 - 2014-08-07 05:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-13 21:22 - 2014-08-07 05:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-13 21:22 - 2014-08-07 05:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-13 21:22 - 2014-08-07 05:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll
2014-08-13 21:22 - 2014-08-07 05:20 - 14669128 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKCU\...\StartupApproved\Run: => "Optimizer Pro"
HKCU\...\StartupApproved\Run: => "EADM"
HKCU\...\StartupApproved\Run: => "Skype"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/21/2014 07:03:27 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (08/21/2014 06:24:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: UPDATE~1.EXE, Version: 0.0.0.0, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16864, Zeitstempel: 0x531d2be6
Ausnahmecode: 0x40010006
Fehleroffset: 0x00010f22
ID des fehlerhaften Prozesses: 0x384
Startzeit der fehlerhaften Anwendung: 0xUPDATE~1.EXE0
Pfad der fehlerhaften Anwendung: UPDATE~1.EXE1
Pfad des fehlerhaften Moduls: UPDATE~1.EXE2
Berichtskennung: UPDATE~1.EXE3
Vollständiger Name des fehlerhaften Pakets: UPDATE~1.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: UPDATE~1.EXE5

Error: (08/20/2014 10:24:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: UPDATE~1.EXE, Version: 0.0.0.0, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16864, Zeitstempel: 0x531d2be6
Ausnahmecode: 0x40010006
Fehleroffset: 0x00010f22
ID des fehlerhaften Prozesses: 0xc58
Startzeit der fehlerhaften Anwendung: 0xUPDATE~1.EXE0
Pfad der fehlerhaften Anwendung: UPDATE~1.EXE1
Pfad des fehlerhaften Moduls: UPDATE~1.EXE2
Berichtskennung: UPDATE~1.EXE3
Vollständiger Name des fehlerhaften Pakets: UPDATE~1.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: UPDATE~1.EXE5

Error: (08/20/2014 09:38:40 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (08/19/2014 09:24:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: UPDATE~1.EXE, Version: 0.0.0.0, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16864, Zeitstempel: 0x531d2be6
Ausnahmecode: 0x40010006
Fehleroffset: 0x00010f22
ID des fehlerhaften Prozesses: 0x1950
Startzeit der fehlerhaften Anwendung: 0xUPDATE~1.EXE0
Pfad der fehlerhaften Anwendung: UPDATE~1.EXE1
Pfad des fehlerhaften Moduls: UPDATE~1.EXE2
Berichtskennung: UPDATE~1.EXE3
Vollständiger Name des fehlerhaften Pakets: UPDATE~1.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: UPDATE~1.EXE5

Error: (08/19/2014 09:15:56 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (08/18/2014 07:35:39 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (08/18/2014 00:24:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: UPDATE~1.EXE, Version: 0.0.0.0, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16864, Zeitstempel: 0x531d2be6
Ausnahmecode: 0x40010006
Fehleroffset: 0x00010f22
ID des fehlerhaften Prozesses: 0x338
Startzeit der fehlerhaften Anwendung: 0xUPDATE~1.EXE0
Pfad der fehlerhaften Anwendung: UPDATE~1.EXE1
Pfad des fehlerhaften Moduls: UPDATE~1.EXE2
Berichtskennung: UPDATE~1.EXE3
Vollständiger Name des fehlerhaften Pakets: UPDATE~1.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: UPDATE~1.EXE5

Error: (08/17/2014 00:24:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: UPDATE~1.EXE, Version: 0.0.0.0, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16864, Zeitstempel: 0x531d2be6
Ausnahmecode: 0x40010006
Fehleroffset: 0x00010f22
ID des fehlerhaften Prozesses: 0x1090
Startzeit der fehlerhaften Anwendung: 0xUPDATE~1.EXE0
Pfad der fehlerhaften Anwendung: UPDATE~1.EXE1
Pfad des fehlerhaften Moduls: UPDATE~1.EXE2
Berichtskennung: UPDATE~1.EXE3
Vollständiger Name des fehlerhaften Pakets: UPDATE~1.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: UPDATE~1.EXE5

Error: (08/16/2014 01:24:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: UPDATE~1.EXE, Version: 0.0.0.0, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.2.9200.16864, Zeitstempel: 0x531d2be6
Ausnahmecode: 0x40010006
Fehleroffset: 0x00010f22
ID des fehlerhaften Prozesses: 0x1a04
Startzeit der fehlerhaften Anwendung: 0xUPDATE~1.EXE0
Pfad der fehlerhaften Anwendung: UPDATE~1.EXE1
Pfad des fehlerhaften Moduls: UPDATE~1.EXE2
Berichtskennung: UPDATE~1.EXE3
Vollständiger Name des fehlerhaften Pakets: UPDATE~1.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: UPDATE~1.EXE5


System errors:
=============
Error: (08/06/2014 10:53:16 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎06.‎08.‎2014 um 07:53:56 unerwartet heruntergefahren.

Error: (08/02/2014 00:54:13 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.107
registriert werden. Der Computer mit IP-Adresse 192.168.2.102 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (07/14/2014 03:33:51 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎14.‎07.‎2014 um 14:03:25 unerwartet heruntergefahren.

Error: (07/03/2014 11:39:43 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎03.‎07.‎2014 um 00:52:26 unerwartet heruntergefahren.

Error: (07/01/2014 01:29:56 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎30.‎06.‎2014 um 01:30:48 unerwartet heruntergefahren.

Error: (06/26/2014 09:29:13 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.

Error: (06/26/2014 09:29:12 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.

Error: (06/26/2014 09:29:07 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.

Error: (06/26/2014 09:29:07 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.

Error: (06/22/2014 02:29:30 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 10. Der Windows-SChannel-Fehlerstatus lautet: 10.


Microsoft Office Sessions:
=========================
Error: (08/21/2014 07:03:27 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (08/21/2014 06:24:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: UPDATE~1.EXE0.0.0.02a425e19KERNELBASE.dll6.2.9200.16864531d2be64001000600010f2238401cfbd5c5062b755C:\Users\Robert\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXEC:\Windows\SYSTEM32\KERNELBASE.dll8ee8db0c-294f-11e4-bebf-dc85dea51276

Error: (08/20/2014 10:24:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: UPDATE~1.EXE0.0.0.02a425e19KERNELBASE.dll6.2.9200.16864531d2be64001000600010f22c5801cfbcb4ad0a5552C:\Users\Robert\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXEC:\Windows\SYSTEM32\KERNELBASE.dllebf37583-28a7-11e4-bebf-dc85dea51276

Error: (08/20/2014 09:38:40 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (08/19/2014 09:24:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: UPDATE~1.EXE0.0.0.02a425e19KERNELBASE.dll6.2.9200.16864531d2be64001000600010f22195001cfbbe320dbcec7C:\Users\Robert\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXEC:\Windows\SYSTEM32\KERNELBASE.dll5fec705c-27d6-11e4-bebf-dc85dea51276

Error: (08/19/2014 09:15:56 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (08/18/2014 07:35:39 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (08/18/2014 00:24:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: UPDATE~1.EXE0.0.0.02a425e19KERNELBASE.dll6.2.9200.16864531d2be64001000600010f2233801cfba69f155ba48C:\Users\Robert\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXEC:\Windows\SYSTEM32\KERNELBASE.dll2fdbcc0b-265d-11e4-bebf-dc85dea51276

Error: (08/17/2014 00:24:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: UPDATE~1.EXE0.0.0.02a425e19KERNELBASE.dll6.2.9200.16864531d2be64001000600010f22109001cfb9a0c6ebbdc8C:\Users\Robert\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXEC:\Windows\SYSTEM32\KERNELBASE.dll058a5240-2594-11e4-bebe-dc85dea51276

Error: (08/16/2014 01:24:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: UPDATE~1.EXE0.0.0.02a425e19KERNELBASE.dll6.2.9200.16864531d2be64001000600010f221a0401cfb8dffe465ef2C:\Users\Robert\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXEC:\Windows\SYSTEM32\KERNELBASE.dll3d18ff70-24d3-11e4-bebe-dc85dea51276


CodeIntegrity Errors:
===================================
  Date: 2014-04-03 00:22:35.293
  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume7\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.

  Date: 2014-04-03 00:22:35.183
  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume7\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.

  Date: 2014-04-03 00:22:35.054
  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume7\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.

  Date: 2014-04-03 00:22:34.919
  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume7\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.

  Date: 2014-03-31 21:50:07.009
  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume7\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.

  Date: 2014-03-31 21:50:06.906
  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume7\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.

  Date: 2014-03-31 21:50:06.781
  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume7\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.

  Date: 2014-03-31 21:50:06.649
  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume7\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.

  Date: 2014-03-30 13:18:45.290
  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume7\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.

  Date: 2014-03-30 13:18:45.183
  Description: Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume7\Program Files (x86)\Emsisoft Anti-Malware\a2hooks64.dll with signing level Unsigned while the system requires signing level 6 or better to load.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 24%
Total physical RAM: 8145.33 MB
Available physical RAM: 6156.09 MB
Total Pagefile: 9361.33 MB
Available Pagefile: 6552.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:117.94 GB) (Free:28.33 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Data1) (Fixed) (Total:339.31 GB) (Free:172.92 GB) NTFS
Drive e: (Data2) (Fixed) (Total:339.31 GB) (Free:314.65 GB) NTFS
Drive f: (ST2011) (CDROM) (Total:0.67 GB) (Free:0 GB) CDFS
Drive g: () (Removable) (Total:29.49 GB) (Free:24.99 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 29D75BF4)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 119.2 GB) (Disk ID: A3362226)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 29.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

schrauber · 22.08.2014, 19:15

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

McGirt · 23.08.2014, 16:08

so, jetzt Combofix

Code:

ATTFilter

ComboFix 14-08-21.01 - Robert 23/08/2014  16:59:05.1.8 - x64
Microsoft Windows 8  6.2.9200.0.1252.49.1031.18.8145.6331 [GMT 2:00]
ausgeführt von:: c:\users\Robert\Downloads\ComboFix.exe
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\DealPly.xpi
c:\program files (x86)\DealPly\DealPlyIE.dll
c:\program files (x86)\DealPly\DealPlyIE64.dll
c:\program files (x86)\DealPly\DealPlyUpdateVer.exe
c:\program files (x86)\DealPly\icon.ico
c:\program files (x86)\DealPly\uninst.exe
c:\programdata\SetStretch.exe
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_omfoidjpeklpjhlhabhcomekbkclkbec_0
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_omfoidjpeklpjhlhabhcomekbkclkbec_0\18
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_omfoidjpeklpjhlhabhcomekbkclkbec_0\19
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\background.html
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\crossriderManifest.json
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\manifest.xml
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins.json
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\1_base.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\102_dealply_m.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\103_intext_5_m.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\104_jollywallet_m.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\105_corticas_m.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\119_similar_web_m.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\120_luck_m.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\123_intext_adv_m.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\14_CrossriderUtils.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\155_ibario_pops_m.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\17_jQuery.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\177_crossriderDashboard.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\178_revizer_ws_dynamic_m.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\179_revizer_p_dynamic_m.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\180_bpo_serp_m.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\182_openUrl.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\183_tabsWrapper.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\184_noproblemppc_m.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\191_ciuvo_m.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\194_retargeting_bi_m.js.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\195_icm_convertmedia_m.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\198_superfish_no_search_no_coupons_plushd_m.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\21_debug.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\22_resources.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\28_initializer.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\47_resources_background.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\64_appApiMessage.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\7_hooks.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\72_appApiValidation.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\78_CrossriderInfo.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\9_search_engine_hook.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\97_resourceApiWrapper.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\userCode\background.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\userCode\extension.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\icons\actions\1.png
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\icons\icon128.png
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\icons\icon16.png
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\icons\icon48.png
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\js\api\chrome.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\js\api\cookie.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\js\api\message.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\js\api\pageAction.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\js\api\pageActionBG.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\js\background.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\js\lib\app_api.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\js\lib\bg_app_api.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\js\lib\consts.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\js\lib\cookie_store.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\js\lib\crossriderAPI.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\js\lib\delegate.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\js\lib\events.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\js\lib\extensionDataStore.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\js\lib\installer.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\js\lib\logFile.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\js\lib\logging.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\js\lib\onBGDocumentLoad.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\js\lib\popupResource\newPopup.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\js\lib\popupResource\popup.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\js\lib\reports.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\js\lib\storageWrapper.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\js\lib\updateManager.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\js\lib\util.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\js\lib\xhr.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\js\main.js
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\manifest.json
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\popup.html
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\version.json
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\omfoidjpeklpjhlhabhcomekbkclkbec\CURRENT
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\omfoidjpeklpjhlhabhcomekbkclkbec\LOG.old
c:\users\Robert\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\windows\msvcr71.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-07-23 bis 2014-08-23  ))))))))))))))))))))))))))))))
.
.
2014-08-23 15:02 . 2014-08-23 15:02	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2014-08-23 15:02 . 2014-08-23 15:02	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-08-21 19:14 . 2014-08-21 19:16	--------	d-----w-	C:\FRST
2014-08-21 16:22 . 2014-08-21 16:22	262312	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10245.bin
2014-08-14 20:58 . 2014-07-15 22:51	71168	----a-w-	c:\windows\system32\drivers\hdaudbus.sys
2014-08-14 20:57 . 2014-06-10 22:44	35480	----a-w-	c:\windows\system32\TsWpfWrp.exe
2014-08-14 20:57 . 2014-06-10 22:43	35480	----a-w-	c:\windows\SysWow64\TsWpfWrp.exe
2014-08-14 20:09 . 2014-07-15 23:03	1300992	----a-w-	c:\windows\system32\gdi32.dll
2014-08-14 20:09 . 2014-07-15 22:55	4035072	----a-w-	c:\windows\system32\win32k.sys
2014-08-14 20:09 . 2014-07-12 02:36	1023488	----a-w-	c:\windows\SysWow64\gdi32.dll
2014-08-14 20:07 . 2014-06-05 17:29	2885632	----a-w-	c:\windows\system32\msi.dll
2014-08-05 16:08 . 2014-08-05 16:08	--------	d-----w-	c:\programdata\Emsisoft
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-21 16:23 . 2013-01-09 18:23	401	----a-w-	c:\users\Robert\AppData\Roaming\sp_data.sys
2014-08-14 21:01 . 2013-01-10 20:23	99218768	----a-w-	c:\windows\system32\MRT.exe
2014-08-02 00:15 . 2012-07-26 08:14	704480	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-02 00:15 . 2012-07-26 08:14	105440	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-07 21:27 . 2013-03-08 15:51	17536	----a-w-	c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-06-30 22:42 . 2014-07-20 19:09	394240	----a-w-	c:\windows\system32\devinv.dll
2014-06-30 22:42 . 2014-07-20 19:09	87552	----a-w-	c:\windows\system32\aepic.dll
2014-06-17 23:27 . 2014-07-20 19:10	1440256	----a-w-	c:\windows\SysWow64\osk.exe
2014-06-17 23:24 . 2014-07-20 19:10	1557504	----a-w-	c:\windows\system32\osk.exe
2014-06-06 14:06 . 2014-07-20 19:09	596480	----a-w-	c:\windows\system32\qedit.dll
2014-06-06 10:17 . 2014-07-20 19:09	497152	----a-w-	c:\windows\SysWow64\qedit.dll
2014-06-02 22:33 . 2014-07-20 19:09	265216	----a-w-	c:\windows\system32\InkEd.dll
2014-05-29 23:31 . 2014-07-20 19:09	452608	----a-w-	c:\windows\SysWow64\SHCore.dll
2014-05-29 23:03 . 2014-07-20 19:09	588288	----a-w-	c:\windows\system32\SHCore.dll
2014-05-29 23:02 . 2014-07-20 19:09	439808	----a-w-	c:\windows\system32\lsm.dll
2014-05-29 23:02 . 2014-07-20 19:09	1281536	----a-w-	c:\windows\system32\lsasrv.dll
2014-05-29 22:24 . 2014-07-20 19:09	576512	----a-w-	c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-01-13 3093624]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2014-04-21 3588952]
"FreeAC"="c:\program files (x86)\FreeAlarmClock\FreeAlarmClock.exe" [2013-11-04 1339672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-09-03 40312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-08-16 5264016]
"ROGNB"="c:\program files (x86)\ASUS Gaming Mouse\hid.exe" [2011-09-19 466944]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2012-05-23 78352]
"ASUSWebStorage"="c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe" [2012-08-28 3417984]
"CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2012-04-03 1273448]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2012-03-26 449168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2011\mshaktuell.exe [2013-11-20 1303120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/11/28 04:44;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]
R2 dealplylive;DealPly Live Service (dealplylive);c:\program files (x86)\DealPlyLive\Update\DealPlyLive.exe;c:\program files (x86)\DealPlyLive\Update\DealPlyLive.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 dealplylivem;DealPly Live Service (dealplylivem);c:\program files (x86)\DealPlyLive\Update\DealPlyLive.exe;c:\program files (x86)\DealPlyLive\Update\DealPlyLive.exe [x]
R3 RTL8168;Realtek 8168 NT-Treiber;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [x]
S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [x]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 BthLEEnum;Treiber für energiearme Bluetooth-Geräte;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 cleanhlp;cleanhlp;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 HIDSwitch;ASUS Wireless Radio Control;c:\windows\System32\drivers\AsHIDSwitch64.sys;c:\windows\SYSNATIVE\drivers\AsHIDSwitch64.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C63x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C63x64.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-13 19:21	1104200	----a-w-	c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-08-21 c:\windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
- c:\program files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-07-08 13:24]
.
2014-08-23 c:\windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
- c:\program files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-07-08 13:24]
.
2014-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-12 11:24]
.
2014-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-12 11:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2012-03-13 09:23	1500672	----a-w-	c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2012-03-13 09:23	1500672	----a-w-	c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_U]
@="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}"
[HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}]
2012-03-13 09:23	1500672	----a-w-	c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BtTray"="c:\program files (x86)\Bluetooth Suite\BtTray.exe" [2012-08-10 764032]
"BtvStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-08-10 127616]
"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-09-11 107192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\NVIDIA~1\3DVISI~1\nvStInit64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss_din2g&mntrId=E040DC85DEA51276&affID=119357&tt=040713_ctrl&tsp=4937
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{ae48ed75-5a56-4c5f-bbce-6f1ac3875f66} - c:\program files (x86)\DealPly\DealPlyIE.dll
Toolbar-Locked - (no file)
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Zeit der Fertigstellung: 2014-08-23  17:04:40
ComboFix-quarantined-files.txt  2014-08-23 15:04
.
Vor Suchlauf: 16 Verzeichnis(se), 31,196,598,272 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 30,970,077,184 Bytes frei
.
- - End Of File - - DD47E2EE6CB8625B686CF37BB385AF69

schrauber · 24.08.2014, 06:46

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

McGirt · 24.08.2014, 15:23

mbam

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 24/08/2014
Suchlauf-Zeit: 15:25:05
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.08.24.02
Rootkit Datenbank: v2014.08.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: Robert

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 335288
Verstrichene Zeit: 6 Min, 23 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 115
PUP.Optional.DealPly.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\dealplylive, In Quarantäne, [4b17ca002b501d19a0bfaf7a50b10000], 
PUP.Optional.DealPly.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\dealplylivem, In Quarantäne, [4b17ca002b501d19a0bfaf7a50b10000], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\APPID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}, In Quarantäne, [1a488c3e473450e6fb4e476407fbfd03], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassSvc, In Quarantäne, [1a488c3e473450e6fb4e476407fbfd03], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassSvc.1.0, In Quarantäne, [1a488c3e473450e6fb4e476407fbfd03], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassSvc, In Quarantäne, [1a488c3e473450e6fb4e476407fbfd03], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassSvc.1.0, In Quarantäne, [1a488c3e473450e6fb4e476407fbfd03], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}, In Quarantäne, [1a488c3e473450e6fb4e476407fbfd03], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}, In Quarantäne, [1a488c3e473450e6fb4e476407fbfd03], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [d68c7e4c3447e84e40ae4c5e9072fb05], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [d68c7e4c3447e84e40ae4c5e9072fb05], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\APPID\{F48FC5B2-094A-44C7-B48C-289738C9582D}, In Quarantäne, [441edcee3a41d4622c1ee1ca936f0000], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3COMClassService, In Quarantäne, [441edcee3a41d4622c1ee1ca936f0000], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3COMClassService.1.0, In Quarantäne, [441edcee3a41d4622c1ee1ca936f0000], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3COMClassService, In Quarantäne, [441edcee3a41d4622c1ee1ca936f0000], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3COMClassService.1.0, In Quarantäne, [441edcee3a41d4622c1ee1ca936f0000], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{F48FC5B2-094A-44C7-B48C-289738C9582D}, In Quarantäne, [441edcee3a41d4622c1ee1ca936f0000], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D}, In Quarantäne, [441edcee3a41d4622c1ee1ca936f0000], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}, In Quarantäne, [1f4304c642391f17212ab2f94cb617e9], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback.1.0, In Quarantäne, [1f4304c642391f17212ab2f94cb617e9], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback, In Quarantäne, [1f4304c642391f17212ab2f94cb617e9], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback, In Quarantäne, [1f4304c642391f17212ab2f94cb617e9], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback.1.0, In Quarantäne, [1f4304c642391f17212ab2f94cb617e9], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}, In Quarantäne, [5f039535b9c268cea5a76843d62ced13], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CredentialDialogMachine.1.0, In Quarantäne, [5f039535b9c268cea5a76843d62ced13], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CredentialDialogMachine, In Quarantäne, [5f039535b9c268cea5a76843d62ced13], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CredentialDialogMachine, In Quarantäne, [5f039535b9c268cea5a76843d62ced13], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CredentialDialogMachine.1.0, In Quarantäne, [5f039535b9c268cea5a76843d62ced13], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}, In Quarantäne, [30320bbf3c3ff93da1ac0d9e0bf79a66], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoCreateAsync.1.0, In Quarantäne, [30320bbf3c3ff93da1ac0d9e0bf79a66], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoCreateAsync, In Quarantäne, [30320bbf3c3ff93da1ac0d9e0bf79a66], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoCreateAsync, In Quarantäne, [30320bbf3c3ff93da1ac0d9e0bf79a66], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoCreateAsync.1.0, In Quarantäne, [30320bbf3c3ff93da1ac0d9e0bf79a66], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}, In Quarantäne, [a6bc5278c9b2d56151fde3c8e31f3ec2], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebMachineFallback.1.0, In Quarantäne, [a6bc5278c9b2d56151fde3c8e31f3ec2], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebMachineFallback, In Quarantäne, [a6bc5278c9b2d56151fde3c8e31f3ec2], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebMachineFallback, In Quarantäne, [a6bc5278c9b2d56151fde3c8e31f3ec2], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebMachineFallback.1.0, In Quarantäne, [a6bc5278c9b2d56151fde3c8e31f3ec2], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}, In Quarantäne, [f9690dbd66156bcb7ed1c2e992706997], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoreMachineClass.1, In Quarantäne, [f9690dbd66156bcb7ed1c2e992706997], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoreMachineClass, In Quarantäne, [f9690dbd66156bcb7ed1c2e992706997], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoreMachineClass, In Quarantäne, [f9690dbd66156bcb7ed1c2e992706997], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoreMachineClass.1, In Quarantäne, [f9690dbd66156bcb7ed1c2e992706997], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}, In Quarantäne, [f66c12b8f388e84ee967fbb0966c01ff], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.ProcessLauncher.1.0, In Quarantäne, [f66c12b8f388e84ee967fbb0966c01ff], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.ProcessLauncher, In Quarantäne, [f66c12b8f388e84ee967fbb0966c01ff], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.ProcessLauncher, In Quarantäne, [f66c12b8f388e84ee967fbb0966c01ff], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.ProcessLauncher.1.0, In Quarantäne, [f66c12b8f388e84ee967fbb0966c01ff], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}, In Quarantäne, [bfa33b8f1566e84eb1a0a506b84aa55b], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0, In Quarantäne, [bfa33b8f1566e84eb1a0a506b84aa55b], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachine, In Quarantäne, [bfa33b8f1566e84eb1a0a506b84aa55b], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachine, In Quarantäne, [bfa33b8f1566e84eb1a0a506b84aa55b], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0, In Quarantäne, [bfa33b8f1566e84eb1a0a506b84aa55b], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094}, In Quarantäne, [20426e5c5922cb6bba98a10af909a957], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8}, In Quarantäne, [20426e5c5922cb6bba98a10af909a957], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}, In Quarantäne, [76ece4e61d5e2e08a2b1f8b35aa832ce], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}, In Quarantäne, [76ece4e61d5e2e08a2b1f8b35aa832ce], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLive.OneClickCtrl.9, In Quarantäne, [76ece4e61d5e2e08a2b1f8b35aa832ce], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLive.OneClickCtrl.9, In Quarantäne, [76ece4e61d5e2e08a2b1f8b35aa832ce], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}, In Quarantäne, [76ece4e61d5e2e08a2b1f8b35aa832ce], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}, In Quarantäne, [76ece4e61d5e2e08a2b1f8b35aa832ce], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLive.Update3WebControl.3, In Quarantäne, [76ece4e61d5e2e08a2b1f8b35aa832ce], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLive.Update3WebControl.3, In Quarantäne, [76ece4e61d5e2e08a2b1f8b35aa832ce], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}, In Quarantäne, [76ece4e61d5e2e08a2b1f8b35aa832ce], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}, In Quarantäne, [76ece4e61d5e2e08a2b1f8b35aa832ce], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8}, In Quarantäne, [560cfbcf6a1189ad9cb89318e51d1ce4], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{ae48ed75-5a56-4c5f-bbce-6f1ac3875f66}, In Quarantäne, [a4be705a2556a78f804f770160a2639d], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{AE48ED75-5A56-4C5F-BBCE-6F1AC3875F66}, In Quarantäne, [a4be705a2556a78f804f770160a2639d], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C536F080-57B7-46D6-8894-C647553F2889}, In Quarantäne, [5a0873573e3d8caaa8ad8b20fa08629e], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLive.OneClickProcessLauncherMachine.1.0, In Quarantäne, [5a0873573e3d8caaa8ad8b20fa08629e], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLive.OneClickProcessLauncherMachine, In Quarantäne, [5a0873573e3d8caaa8ad8b20fa08629e], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLive.OneClickProcessLauncherMachine, In Quarantäne, [5a0873573e3d8caaa8ad8b20fa08629e], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLive.OneClickProcessLauncherMachine.1.0, In Quarantäne, [5a0873573e3d8caaa8ad8b20fa08629e], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C536F080-57B7-46D6-8894-C647553F2889}, In Quarantäne, [5a0873573e3d8caaa8ad8b20fa08629e], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659}, In Quarantäne, [f36f804a2457a195b89e9d0e17ebf808], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoreClass.1, In Quarantäne, [f36f804a2457a195b89e9d0e17ebf808], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoreClass, In Quarantäne, [f36f804a2457a195b89e9d0e17ebf808], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoreClass, In Quarantäne, [f36f804a2457a195b89e9d0e17ebf808], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoreClass.1, In Quarantäne, [f36f804a2457a195b89e9d0e17ebf808], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725}, In Quarantäne, [3d254288f08bed49e5721596f70b12ee], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebSvc.1.0, In Quarantäne, [3d254288f08bed49e5721596f70b12ee], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebSvc, In Quarantäne, [3d254288f08bed49e5721596f70b12ee], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebSvc, In Quarantäne, [3d254288f08bed49e5721596f70b12ee], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebSvc.1.0, In Quarantäne, [3d254288f08bed49e5721596f70b12ee], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}, In Quarantäne, [fb67b6146417ab8bef69cedd837f0000], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebMachine.1.0, In Quarantäne, [fb67b6146417ab8bef69cedd837f0000], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebMachine, In Quarantäne, [fb67b6146417ab8bef69cedd837f0000], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebMachine, In Quarantäne, [fb67b6146417ab8bef69cedd837f0000], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebMachine.1.0, In Quarantäne, [fb67b6146417ab8bef69cedd837f0000], 
PUP.Optional.Babylon.A, HKU\S-1-5-21-3576039111-1821954588-2524210282-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, In Quarantäne, [1b473b8fb2c9f73fbcc0046dbe4415eb], 
PUP.Optional.DealPly.A, HKU\S-1-5-21-3576039111-1821954588-2524210282-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Dealply, In Quarantäne, [4b17a2281c5f181ef167dc4241bf52ae], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0033426.BHO, In Quarantäne, [93cfbd0d5a2181b5af968d60c43ebd43], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0033426.BHO.1, In Quarantäne, [aeb413b7710a72c45de841ac2ad8847c], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0033426.Sandbox, In Quarantäne, [c0a21eacd7a4b1854302806d956da858], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0033426.Sandbox.1, In Quarantäne, [8ed49a304437171f5aeb8c6147bb629e], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\APPID\DealPlyLive.exe, In Quarantäne, [2042cdfdef8cf14560c3c26cb64e5aa6], 
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, In Quarantäne, [f36f8a405b205bdb6d473cbd3cc644bc], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\DealPly, In Quarantäne, [92d018b2b2c93df93fe8fffc699935cb], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\DealPlyLive, In Quarantäne, [81e111b9582337ff6bb9fc327292916f], 
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\Plus-HD-2.3, In Quarantäne, [e1815773b8c3a492cb796aaf09fa29d7], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0033426.BHO, In Quarantäne, [2939b812f68575c1c77ef0fd738f48b8], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0033426.BHO.1, In Quarantäne, [9ac881499ae154e23f061ad362a0c43c], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0033426.Sandbox, In Quarantäne, [aeb463670d6eb08674d1ac4182803ac6], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CrossriderApp0033426.Sandbox.1, In Quarantäne, [cc9600ca80fbc27447fe38b5fb07c23e], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\DealPlyLive.exe, In Quarantäne, [40220dbd5a21de587ca7e945d62e47b9], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@tools.dpliveupdate.com/DealPlyLive Update;version=3, In Quarantäne, [92d097330e6de5513ceac569917319e7], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@tools.dpliveupdate.com/DealPlyLive Update;version=9, In Quarantäne, [f36fc00acdae5cda55d1bf6f5ba905fb], 
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-3576039111-1821954588-2524210282-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, In Quarantäne, [293905c5a3d8a49233e74ae4f11352ae], 
PUP.Optional.DealPly.A, HKU\S-1-5-21-3576039111-1821954588-2524210282-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DealPlyLive, In Quarantäne, [4c16aa205a2191a56bbd9995f2129070], 
PUP.Optional.PlusHD.A, HKU\S-1-5-21-3576039111-1821954588-2524210282-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-2.3, In Quarantäne, [7fe361697605ca6cd10185847e8550b0], 
PUP.Optional.DealPly.A, HKU\S-1-5-21-3576039111-1821954588-2524210282-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DEALPLY, In Quarantäne, [fa6821a96a118ea832f55cd26f95ef11], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3576039111-1821954588-2524210282-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [5a08b515b4c7191dfb85e1355ba89c64], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3576039111-1821954588-2524210282-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [382a4a807902ef47735276b653b1c63a], 
PUP.Optional.BProtector.A, HKU\S-1-5-21-3576039111-1821954588-2524210282-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, In Quarantäne, [461cd6f4760550e6d320909fee164eb2], 
PUP.Optional.PlusHD.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Plus-HD-2.3, In Quarantäne, [c1a15179f289e15566aeeed7af53926e], 

Registrierungswerte: 4
PUP.Optional.DealPly.A, HKU\S-1-5-21-3576039111-1821954588-2524210282-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DEALPLY|Partner, iron, In Quarantäne, [fa6821a96a118ea832f55cd26f95ef11]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3576039111-1821954588-2524210282-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0L1N1H2O1S, In Quarantäne, [382a4a807902ef47735276b653b1c63a]
PUP.BProtector, HKU\S-1-5-21-3576039111-1821954588-2524210282-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|bProtector Start Page, hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=E040DC85DEA51276&affID=119357&tt=040713_ctrl&tsp=4937, In Quarantäne, [e77bc505b7c449edc4dfd953e51fba46]
PUP.BProtector, HKU\S-1-5-21-3576039111-1821954588-2524210282-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|bProtectorDefaultScope, {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, In Quarantäne, [92d07852f08b0d29b6ee141835cff60a]

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 22
PUP.OPtional.Dealply.A, C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly, In Quarantäne, [530f42884932eb4baf6a7fadce36cb35], 
PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive, In Quarantäne, [2b37c2087605e84e37d916a855adb749], 
PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive\Update, In Quarantäne, [2b37c2087605e84e37d916a855adb749], 
PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive\Update\Log, In Quarantäne, [2b37c2087605e84e37d916a855adb749], 
PUP.Optional.DealPly.A, C:\Users\Robert\AppData\Roaming\Dealply, In Quarantäne, [9dc52e9c8cefd462a9686757887aaa56], 
PUP.Optional.DealPly.A, C:\Users\Robert\AppData\Roaming\Dealply\UpdateProc, In Quarantäne, [9dc52e9c8cefd462a9686757887aaa56], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\CrashReports, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\Download, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\Install, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\Offline, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\Offline\{941A49CE-07D4-4943-B184-B3ABB66D0B36}, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Users\Robert\AppData\Local\DealPlyLive, In Quarantäne, [dd8589412c4f1f17d194823c45bd7d83], 
PUP.Optional.DealPly.A, C:\Users\Robert\AppData\Local\DealPlyLive\CrashReports, In Quarantäne, [dd8589412c4f1f17d194823c45bd7d83], 
PUP.Optional.DealPly.A, C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf, In Quarantäne, [8ad8ad1d28535bdb507ad4eafa0829d7], 
PUP.Optional.DealPly.A, C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf\3.9.1.9_0, In Quarantäne, [8ad8ad1d28535bdb507ad4eafa0829d7], 
PUP.Optional.DealPly.A, C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf\3.9.1.9_0\images, In Quarantäne, [8ad8ad1d28535bdb507ad4eafa0829d7], 
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-2.3, In Quarantäne, [c1a15179f289e15566aeeed7af53926e], 
PUP.Optional.CrossRider.A, C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_omfoidjpeklpjhlhabhcomekbkclkbec_0, In Quarantäne, [7be7f5d5a8d36fc7c7b6e9dde1213cc4], 
PUP.Optional.CrossRider.A, C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\omfoidjpeklpjhlhabhcomekbkclkbec, In Quarantäne, [0c5634968fecec4a275aa521ae54768a], 

Dateien: 112
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe, In Quarantäne, [4b17ca002b501d19a0bfaf7a50b10000], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\psmachine.dll, In Quarantäne, [20426e5c5922cb6bba98a10af909a957], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll, In Quarantäne, [76ece4e61d5e2e08a2b1f8b35aa832ce], 
PUP.Optional.DealPly.A, C:\Users\Robert\AppData\Roaming\Dealply\UpdateProc\UpdateTask.exe, In Quarantäne, [4b17a2281c5f181ef167dc4241bf52ae], 
PUP.BundleInstaller.DW, C:\Users\Robert\Downloads\Californication.S06E06.HDTV.XviD-AFG.ger.subbed.exe, In Quarantäne, [b0b272580f6cd75f19db11ff9c6543bd], 
PUP.Optional.DomaIQ.Gen, C:\Users\Robert\Downloads\Setup.exe, In Quarantäne, [00621fabcbb09d999e3b7e302cd5f709], 
Trojan.Downloader, C:\Users\Robert\Downloads\java.exe, In Quarantäne, [055d45854a31fb3bfb451e8215ecb050], 
Adware.InstallBrain, C:\Users\Robert\Downloads\VideoPerformerSetup.exe, In Quarantäne, [49190ebc9be0db5b0b1e997b90717a86], 
PUP.Optional.DealPly.A, C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineCore, In Quarantäne, [99c9f8d21d5ecc6ae6d28a695aa80bf5], 
PUP.Optional.DealPly.A, C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA, In Quarantäne, [0260ae1cc2b96bcba2167083020008f8], 
PUP.Optional.BitGuard.A, C:\Windows\System32\Tasks\BitGuard, In Quarantäne, [600207c3c9b2cb6b7d3d42b15ea443bd], 
PUP.Optional.Ciuvo.A, C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_api.ciuvo.com_0.localstorage, In Quarantäne, [243e4486c7b4b77f8a0038bf05fd4ab6], 
PUP.Optional.Ciuvo.A, C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_api.ciuvo.com_0.localstorage-journal, In Quarantäne, [95cd29a115663006b2d85c9b4eb48977], 
PUP.Optional.SelectNGo.A, C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage, In Quarantäne, [0161f1d917641f17e150ef0c5ba708f8], 
PUP.Optional.SelectNGo.A, C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage-journal, In Quarantäne, [0c56ddedb9c22d09e54c6e8dda2816ea], 
PUP.Optional.LiveLyrics.A, C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage, In Quarantäne, [d78b45853c3f89ad107114e84cb6718f], 
PUP.Optional.LiveLyrics.A, C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.livelyrics00.live-lyrics.com_0.localstorage-journal, In Quarantäne, [92d0fad0bbc045f1e1a0a3593cc646ba], 
PUP.Optional.Superfish.A, C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Löschen bei Neustart, [5c062f9b700be5516f1589754ab81fe1], 
PUP.Optional.Superfish.A, C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Löschen bei Neustart, [6bf7b1199cdfba7cf49048b6877bf10f], 
PUP.Optional.CrossRider.A, C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_omfoidjpeklpjhlhabhcomekbkclkbec_0.localstorage, In Quarantäne, [570bae1c087380b614664eb9b54e49b7], 
PUP.OPtional.Dealply.A, C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\Uninstall DealPly.lnk, In Quarantäne, [530f42884932eb4baf6a7fadce36cb35], 
PUP.OPtional.Dealply.A, C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly Help.url, In Quarantäne, [530f42884932eb4baf6a7fadce36cb35], 
PUP.OPtional.Dealply.A, C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly.url, In Quarantäne, [530f42884932eb4baf6a7fadce36cb35], 
PUP.Optional.DealPly.A, C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job, In Quarantäne, [3c261bafe09bfe38e2964de5ad57f30d], 
PUP.Optional.DealPly.A, C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job, In Quarantäne, [e979ffcb196239fdaeca3ef4739135cb], 
PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive\Update\Log\DealPlyLive.log, In Quarantäne, [2b37c2087605e84e37d916a855adb749], 
PUP.Optional.DealPly.A, C:\Users\Robert\AppData\Roaming\Dealply\UpdateProc\config.dat, In Quarantäne, [9dc52e9c8cefd462a9686757887aaa56], 
PUP.Optional.DealPly.A, C:\Users\Robert\AppData\Roaming\Dealply\UpdateProc\info.dat, In Quarantäne, [9dc52e9c8cefd462a9686757887aaa56], 
PUP.Optional.DealPly.A, C:\Users\Robert\AppData\Roaming\Dealply\UpdateProc\TTL.DAT, In Quarantäne, [9dc52e9c8cefd462a9686757887aaa56], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLive.exe, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveBroker.exe, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveHandler.exe, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveHelper.msi, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveOnDemand.exe, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_bn.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ca.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_cs.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_da.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_de.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_el.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_en-GB.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_en.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_es-419.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_es.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_et.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fa.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fi.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fil.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fr.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_gu.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hr.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hu.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_id.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_is.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_it.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_iw.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ja.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_kn.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ko.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_lt.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_lv.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ml.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_mr.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ms.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_nl.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_no.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdate.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_am.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ar.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pt-BR.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pt-PT.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ro.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ru.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sk.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sl.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sr.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sv.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sw.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ta.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_te.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_th.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_tr.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_uk.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ur.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_vi.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_zh-CN.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_zh-TW.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\psuser.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_bg.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hi.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pl.dll, In Quarantäne, [93cf4684b1cafe38a969f9c5f30fa45c], 
PUP.Optional.DealPly.A, C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf\3.9.1.9_0\background.js, In Quarantäne, [8ad8ad1d28535bdb507ad4eafa0829d7], 
PUP.Optional.DealPly.A, C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf\3.9.1.9_0\info.txt, In Quarantäne, [8ad8ad1d28535bdb507ad4eafa0829d7], 
PUP.Optional.DealPly.A, C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf\3.9.1.9_0\manifest.json, In Quarantäne, [8ad8ad1d28535bdb507ad4eafa0829d7], 
PUP.Optional.DealPly.A, C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf\3.9.1.9_0\images\icon128.png, In Quarantäne, [8ad8ad1d28535bdb507ad4eafa0829d7], 
PUP.Optional.DealPly.A, C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf\3.9.1.9_0\images\icon16.png, In Quarantäne, [8ad8ad1d28535bdb507ad4eafa0829d7], 
PUP.Optional.DealPly.A, C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf\3.9.1.9_0\images\icon48.png, In Quarantäne, [8ad8ad1d28535bdb507ad4eafa0829d7], 
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-2.3\33426.crx, In Quarantäne, [c1a15179f289e15566aeeed7af53926e], 
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-2.3\background.html, In Quarantäne, [c1a15179f289e15566aeeed7af53926e], 
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-2.3\Installer.log, In Quarantäne, [c1a15179f289e15566aeeed7af53926e], 
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-buttonutil.dll, In Quarantäne, [c1a15179f289e15566aeeed7af53926e], 
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-buttonutil64.dll, In Quarantäne, [c1a15179f289e15566aeeed7af53926e], 
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-buttonutil64.exe, In Quarantäne, [c1a15179f289e15566aeeed7af53926e], 
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-helper.exe, In Quarantäne, [c1a15179f289e15566aeeed7af53926e], 
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3.ico, In Quarantäne, [c1a15179f289e15566aeeed7af53926e], 
PUP.Optional.PlusHD.A, C:\Program Files (x86)\Plus-HD-2.3\Uninstall.exe, In Quarantäne, [c1a15179f289e15566aeeed7af53926e], 
PUP.Optional.CrossRider.A, C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\omfoidjpeklpjhlhabhcomekbkclkbec\001831.ldb, In Quarantäne, [0c5634968fecec4a275aa521ae54768a], 
PUP.Optional.CrossRider.A, C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\omfoidjpeklpjhlhabhcomekbkclkbec\001840.log, In Quarantäne, [0c5634968fecec4a275aa521ae54768a], 
PUP.Optional.CrossRider.A, C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\omfoidjpeklpjhlhabhcomekbkclkbec\LOCK, In Quarantäne, [0c5634968fecec4a275aa521ae54768a], 
PUP.Optional.CrossRider.A, C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\omfoidjpeklpjhlhabhcomekbkclkbec\LOG, In Quarantäne, [0c5634968fecec4a275aa521ae54768a], 
PUP.Optional.CrossRider.A, C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\omfoidjpeklpjhlhabhcomekbkclkbec\MANIFEST-001838, In Quarantäne, [0c5634968fecec4a275aa521ae54768a], 
PUP.Optional.Delta.A, C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (   "homepage": "hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=E040DC85DEA51276&affID=119357&tt=040713_ctrl&tsp=4937",), Ersetzt,[d78b8347eb90d06686b721ef0ef753ad]

Physische Sektoren: 0
(No malicious items detected)


(end)

AdwCleaner

Code:

ATTFilter

# AdwCleaner v3.308 - Bericht erstellt am 24/08/2014 um 16:01:42
# Aktualisiert 20/08/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Robert - NOTEBOOK-ROBERT
# Gestartet von : C:\Users\Robert\Desktop\adwcleaner_3.308.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Users\Robert\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Robert\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard

***** [ Tasks ] *****

Task Gelöscht : BitGuard

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKCU\Software\e6dad9b735e545
Schlüssel Gelöscht : HKLM\SOFTWARE\e6dad9b735e545
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322342226}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355345526}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366346626}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344344426}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3B424109-6F99-4306-8F2B-0B2BB1C8C415}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C0EB0A9-265F-4D9D-AF96-0EF2403A73E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9DF046E1-80F7-43E0-80C0-0AD696799C8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D0FD0502-5878-441D-A3C0-9A4531C526CB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E3E46008-1902-41A7-91C7-26EC6E0B66D2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355345526}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366346626}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.17054

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v36.0.1985.143

[ Datei : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Homepage] : hxxp://www.delta-search.com/?babsrc=HP_ss&mntrId=E040DC85DEA51276&affID=119357&tt=040713_ctrl&tsp=4937
Gelöscht [Extension] : mphpbdjcljebbcnfopfngmfdackbbdgf
Gelöscht [Extension] : omfoidjpeklpjhlhabhcomekbkclkbec

*************************

AdwCleaner[R0].txt - [3159 octets] - [24/08/2014 15:41:14]
AdwCleaner[R1].txt - [3219 octets] - [24/08/2014 15:57:45]
AdwCleaner[S0].txt - [3032 octets] - [24/08/2014 16:01:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3092 octets] ##########

JRT

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Robert on 24/08/2014 at 16:06:38.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3576039111-1821954588-2524210282-1002\Software\sweetim



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24/08/2014 at 16:14:01.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

neues FRST

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 02
Ran by Robert (administrator) on NOTEBOOK-ROBERT on 24-08-2014 16:17:54
Running from C:\Users\Robert\Downloads
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
() C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Atheros Communications)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2862928 2012-07-29] (ELAN Microelectronics Corp.)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-11] (ASUS)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5264016 2012-08-16] (VIA)
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [466944 2011-09-19] ()
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78352 2012-05-23] (cyberlink)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKU\S-1-5-21-3576039111-1821954588-2524210282-1002\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-13] ()
HKU\S-1-5-21-3576039111-1821954588-2524210282-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3588952 2014-04-21] (Electronic Arts)
HKU\S-1-5-21-3576039111-1821954588-2524210282-1002\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1339672 2013-11-04] (Comfort Software Group)
AppInit_DLLs: c:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit64.dll => c:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInit64.dll [21864 2012-08-28] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2011\mshaktuell.exe ()
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_U -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.transfermarkt.de/"
CHR DefaultSearchKeyword: babylon.com
CHR DefaultSearchProvider: Babylon
CHR DefaultSearchURL: hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_ss_sps&mntrId=E040DC85DEA51276&affID=119357&tt=040713_ctrl&tsp=4937
CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
CHR Extension: (Google Docs) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-12]
CHR Extension: (Google Drive) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-12]
CHR Extension: (YouTube) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-12]
CHR Extension: (Google-Suche) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-12]
CHR Extension: (AdBlock) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-10]
CHR Extension: (Google Wallet) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4741384 2014-08-01] (Emsisoft GmbH)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243728 2012-05-23] (CyberLink)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-14] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-08-01] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-05-17] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2014-01-07] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-08-01] (Emsisoft GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2014-01-07] (Emsisoft GmbH)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U0 msahci; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-24 16:17 - 2014-08-24 16:17 - 00000000 ____D () C:\Users\Robert\Downloads\FRST-OlderVersion
2014-08-24 16:14 - 2014-08-24 16:14 - 00000803 _____ () C:\Users\Robert\Desktop\JRT.txt
2014-08-24 16:06 - 2014-08-24 16:06 - 00000000 ____D () C:\Windows\ERUNT
2014-08-24 16:05 - 2014-08-24 16:05 - 01016261 _____ (Thisisu) C:\Users\Robert\Downloads\JRT.exe
2014-08-24 16:04 - 2014-08-24 16:04 - 00003180 _____ () C:\Users\Robert\Desktop\AdwCleaner[S0].txt
2014-08-24 15:41 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-24 15:40 - 2014-08-24 16:01 - 00000000 ____D () C:\AdwCleaner
2014-08-24 15:39 - 2014-08-24 15:39 - 01364531 _____ () C:\Users\Robert\Desktop\adwcleaner_3.308.exe
2014-08-24 15:38 - 2014-08-24 15:38 - 00040496 _____ () C:\Users\Robert\Desktop\mbam.txt
2014-08-24 15:23 - 2014-08-24 15:36 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-24 15:22 - 2014-08-24 15:22 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-24 15:22 - 2014-08-24 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-24 15:22 - 2014-08-24 15:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-24 15:22 - 2014-08-24 15:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-24 15:22 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-24 15:22 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-24 15:22 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-24 15:18 - 2014-08-24 15:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Robert\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-23 17:04 - 2014-08-23 17:04 - 00028381 _____ () C:\ComboFix.txt
2014-08-23 16:57 - 2014-08-23 16:57 - 00001125 _____ () C:\Users\Robert\Desktop\ComboFix - Verknüpfung.lnk
2014-08-23 12:51 - 2014-08-23 17:04 - 00000000 ____D () C:\Qoobox
2014-08-23 12:51 - 2014-08-23 17:03 - 00000000 ____D () C:\Windows\erdnt
2014-08-23 12:51 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-23 12:51 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-23 12:51 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-23 12:51 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-23 12:51 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-23 12:51 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2014-08-23 12:51 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-23 12:51 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-23 12:51 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-23 12:50 - 2014-08-23 12:50 - 05572006 ____R (Swearware) C:\Users\Robert\Downloads\ComboFix.exe
2014-08-21 21:38 - 2014-08-24 16:15 - 00000000 ____D () C:\Users\Robert\Desktop\Reinigung 2014
2014-08-21 21:15 - 2014-08-24 16:17 - 00015967 _____ () C:\Users\Robert\Downloads\FRST.txt
2014-08-21 21:15 - 2014-08-21 21:16 - 00034278 _____ () C:\Users\Robert\Downloads\Addition.txt
2014-08-21 21:14 - 2014-08-24 16:17 - 00000000 ____D () C:\FRST
2014-08-21 21:13 - 2014-08-24 16:17 - 02103296 _____ (Farbar) C:\Users\Robert\Downloads\FRST64.exe
2014-08-14 22:58 - 2014-07-16 00:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-08-14 22:57 - 2014-06-11 00:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 22:57 - 2014-06-11 00:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 22:10 - 2014-07-24 14:11 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 22:10 - 2014-07-24 14:10 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 22:10 - 2014-07-24 14:10 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 22:10 - 2014-07-24 14:10 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-08-14 22:10 - 2014-07-24 14:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 19279872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 15399936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 22:10 - 2014-07-24 14:09 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 22:10 - 2014-07-24 12:52 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 22:10 - 2014-07-24 12:52 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 22:10 - 2014-07-24 12:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 14371328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 22:10 - 2014-07-24 12:51 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 22:10 - 2014-07-24 12:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 22:10 - 2014-07-24 12:29 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 22:10 - 2014-07-24 10:03 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-08-14 22:10 - 2014-06-13 03:57 - 01453400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 22:10 - 2014-06-13 03:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-14 22:09 - 2014-07-16 01:03 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-14 22:09 - 2014-07-16 00:55 - 04035072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-14 22:09 - 2014-07-12 04:36 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-14 22:08 - 2014-08-07 08:33 - 00712192 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 22:08 - 2014-08-07 05:09 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 22:08 - 2014-06-05 19:30 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-08-14 22:08 - 2014-05-03 08:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-08-14 22:08 - 2014-05-03 08:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-08-14 22:08 - 2014-05-03 06:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-08-14 22:08 - 2014-05-02 00:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-08-14 22:08 - 2014-04-30 00:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-08-14 22:08 - 2014-04-30 00:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-08-14 22:08 - 2014-04-24 01:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-08-14 22:08 - 2014-04-24 01:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-14 22:08 - 2014-04-24 01:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-08-14 22:08 - 2014-04-24 01:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-14 22:07 - 2014-06-20 01:35 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 22:07 - 2014-06-20 00:24 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 22:07 - 2014-06-05 19:56 - 00112984 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 22:07 - 2014-06-05 19:29 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 22:07 - 2014-06-05 19:29 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 22:07 - 2014-06-05 19:28 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 22:07 - 2014-06-05 19:28 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-08-14 22:07 - 2014-06-05 15:12 - 08857600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-08-14 22:07 - 2014-06-05 15:11 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 22:07 - 2014-06-05 15:11 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 22:07 - 2014-06-05 15:10 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 22:07 - 2014-06-05 15:10 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-08-14 22:07 - 2014-05-29 06:04 - 00094552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2014-08-14 22:07 - 2014-05-08 03:34 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-08-06 22:53 - 2014-08-17 23:17 - 00293272 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-05 18:08 - 2014-08-05 18:08 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-08-01 16:05 - 2014-08-17 23:16 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 16:05 - 2014-08-17 23:16 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 16:05 - 2014-08-17 23:16 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 16:05 - 2014-08-17 23:16 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-01 16:05 - 2014-08-03 00:11 - 03286528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 16:05 - 2014-08-03 00:11 - 01623040 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 16:05 - 2014-08-03 00:11 - 00773632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 16:05 - 2014-08-03 00:11 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-01 16:05 - 2014-08-03 00:11 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-08-01 16:05 - 2014-08-03 00:11 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-08-01 16:05 - 2014-08-03 00:11 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 16:05 - 2014-08-03 00:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-01 16:05 - 2014-08-03 00:11 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-24 16:18 - 2014-08-21 21:15 - 00015967 _____ () C:\Users\Robert\Downloads\FRST.txt
2014-08-24 16:17 - 2014-08-24 16:17 - 00000000 ____D () C:\Users\Robert\Downloads\FRST-OlderVersion
2014-08-24 16:17 - 2014-08-21 21:14 - 00000000 ____D () C:\FRST
2014-08-24 16:17 - 2014-08-21 21:13 - 02103296 _____ (Farbar) C:\Users\Robert\Downloads\FRST64.exe
2014-08-24 16:17 - 2013-01-13 15:18 - 00000000 ____D () C:\Users\Robert\AppData\Local\PMB Files
2014-08-24 16:15 - 2014-08-21 21:38 - 00000000 ____D () C:\Users\Robert\Desktop\Reinigung 2014
2014-08-24 16:14 - 2014-08-24 16:14 - 00000803 _____ () C:\Users\Robert\Desktop\JRT.txt
2014-08-24 16:13 - 2013-01-09 20:30 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3576039111-1821954588-2524210282-1002
2014-08-24 16:07 - 2012-08-03 01:02 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-08-24 16:07 - 2012-08-03 01:02 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-08-24 16:07 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-24 16:06 - 2014-08-24 16:06 - 00000000 ____D () C:\Windows\ERUNT
2014-08-24 16:05 - 2014-08-24 16:05 - 01016261 _____ (Thisisu) C:\Users\Robert\Downloads\JRT.exe
2014-08-24 16:05 - 2013-01-13 14:16 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-08-24 16:04 - 2014-08-24 16:04 - 00003180 _____ () C:\Users\Robert\Desktop\AdwCleaner[S0].txt
2014-08-24 16:03 - 2014-01-07 23:11 - 01691671 _____ () C:\Windows\WindowsUpdate.log
2014-08-24 16:03 - 2013-01-12 13:24 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-24 16:03 - 2013-01-09 20:23 - 00000401 _____ () C:\Users\Robert\AppData\Roaming\sp_data.sys
2014-08-24 16:02 - 2014-01-07 22:46 - 00040694 _____ () C:\Windows\PFRO.log
2014-08-24 16:02 - 2012-11-28 06:29 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-24 16:02 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-24 16:02 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-08-24 16:01 - 2014-08-24 15:40 - 00000000 ____D () C:\AdwCleaner
2014-08-24 16:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-08-24 15:39 - 2014-08-24 15:39 - 01364531 _____ () C:\Users\Robert\Desktop\adwcleaner_3.308.exe
2014-08-24 15:38 - 2014-08-24 15:38 - 00040496 _____ () C:\Users\Robert\Desktop\mbam.txt
2014-08-24 15:36 - 2014-08-24 15:23 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-24 15:34 - 2012-08-02 15:33 - 00000000 ____D () C:\Windows\Log
2014-08-24 15:22 - 2014-08-24 15:22 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-24 15:22 - 2014-08-24 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-24 15:22 - 2014-08-24 15:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-24 15:22 - 2014-08-24 15:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-24 15:21 - 2013-01-12 13:24 - 00001142 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-24 15:19 - 2014-08-24 15:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Robert\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-23 17:04 - 2014-08-23 17:04 - 00028381 _____ () C:\ComboFix.txt
2014-08-23 17:04 - 2014-08-23 12:51 - 00000000 ____D () C:\Qoobox
2014-08-23 17:04 - 2012-07-26 07:37 - 00000000 __RHD () C:\Users\Default
2014-08-23 17:03 - 2014-08-23 12:51 - 00000000 ____D () C:\Windows\erdnt
2014-08-23 17:03 - 2012-07-26 07:26 - 00000215 _____ () C:\Windows\system.ini
2014-08-23 16:57 - 2014-08-23 16:57 - 00001125 _____ () C:\Users\Robert\Desktop\ComboFix - Verknüpfung.lnk
2014-08-23 12:50 - 2014-08-23 12:50 - 05572006 ____R (Swearware) C:\Users\Robert\Downloads\ComboFix.exe
2014-08-22 16:24 - 2013-12-19 07:24 - 00000160 _____ () C:\Users\Robert\AppData\Roaming\WB.CFG
2014-08-22 16:24 - 2013-02-23 19:47 - 00000000 ____D () C:\Users\Robert\AppData\Local\CrashDumps
2014-08-21 21:16 - 2014-08-21 21:15 - 00034278 _____ () C:\Users\Robert\Downloads\Addition.txt
2014-08-18 00:57 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-08-17 23:17 - 2014-08-06 22:53 - 00293272 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-17 23:16 - 2014-08-01 16:05 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-17 23:16 - 2014-08-01 16:05 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-17 23:16 - 2014-08-01 16:05 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-17 23:16 - 2014-08-01 16:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-17 23:16 - 2014-07-22 08:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-17 23:16 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-08-17 23:16 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-08-17 23:16 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-16 01:16 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-08-14 23:02 - 2013-07-18 18:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 23:01 - 2013-01-10 22:23 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 21:22 - 2013-01-12 13:25 - 00002177 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-07 08:33 - 2014-08-14 22:08 - 00712192 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 05:09 - 2014-08-14 22:08 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 18:08 - 2014-08-05 18:08 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-08-03 00:11 - 2014-08-01 16:05 - 03286528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-03 00:11 - 2014-08-01 16:05 - 01623040 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-03 00:11 - 2014-08-01 16:05 - 00773632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-03 00:11 - 2014-08-01 16:05 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-03 00:11 - 2014-08-01 16:05 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-08-03 00:11 - 2014-08-01 16:05 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-08-03 00:11 - 2014-08-01 16:05 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-03 00:11 - 2014-08-01 16:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-03 00:11 - 2014-08-01 16:05 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-02 10:16 - 2013-04-07 17:11 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-08-02 02:15 - 2012-07-26 10:14 - 00704480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-02 02:15 - 2012-07-26 10:14 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Robert\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-24 10:46

==================== End Of Log ============================

--- --- ---

schrauber · 24.08.2014, 15:27

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

McGirt · 24.08.2014, 17:42

Hallo Schrauber,

hier der Logfile von ESET:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=4ca80cc3001daf42b7c030d56e9bda5d
# engine=19814
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-24 04:14:54
# local_time=2014-08-24 06:14:54 (+0100, Mitteleuropäische Sommerzeit)
# country="United Kingdom"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 8852182 68403005 0 0
# compatibility_mode_1='Emsisoft Anti-Malware'
# compatibility_mode=16641 16777213 83 100 7779 210139182 0 0
# scanned=267048
# found=33
# cleaned=0
# scan_time=3410
sh=B93A611E29C3BD6E13E9F3A2BD98F17EED127102 ft=0 fh=0000000000000000 vn="Win32/DealPly.J evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\DealPly\DealPly.xpi.vir"
sh=30D457E18D2B8CAF0B8900A4D64146CB171B57E0 ft=1 fh=c5d4173284eff9c1 vn="Variante von Win32/DealPly.G evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\DealPly\DealPlyIE.dll.vir"
sh=2D6B1EC0EFA47C992C32AD9CECFB0EC4543ACA0A ft=1 fh=7076499debea4e9c vn="Variante von Win32/DealPly.F evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\DealPly\DealPlyUpdateVer.exe.vir"
sh=C79DBD837209D6D057250EAC8139726BF00FCABB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_omfoidjpeklpjhlhabhcomekbkclkbec_0\19.vir"
sh=B5ED1E639B7D9AD3C0F3C81E5AA2E9F88DDFEB65 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\102_dealply_m.js.vir"
sh=464E61CE0A166C746C8BE32F8BD662B0EDF79938 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\103_intext_5_m.js.vir"
sh=8BFBBD749FDAA46297DA7F28A30E29C55FD72880 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\104_jollywallet_m.js.vir"
sh=0B21E41A47E579081215969619861996F43524B1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\105_corticas_m.js.vir"
sh=FE3704EEF2BFB9DCA552518E7AEC9D6AFC1ED15C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\119_similar_web_m.js.vir"
sh=35CE3B76158991DDEA79CAF0C1F826A7EE18A820 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\120_luck_m.js.vir"
sh=E106EF12FBA54AD37717391E3A2A8B7416B0A30E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\123_intext_adv_m.js.vir"
sh=AE2D5CE395EE9CD2595F77F616E574F4794B1152 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=0CEB1A073B87956FD1F21F8425B8F76015B1BCD8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=CFFCA6A4EE3A0DF2319440491BB297ADEC6EEF37 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\178_revizer_ws_dynamic_m.js.vir"
sh=ADB54DE323736C99B4191A45B478B70DF1B7B945 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\179_revizer_p_dynamic_m.js.vir"
sh=C9A8D5AE55FA65E00EE75767C5D2E9B56041858D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\180_bpo_serp_m.js.vir"
sh=24E6E5A06D24A5CC24C0B705FDB089FD4FEC70AC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\184_noproblemppc_m.js.vir"
sh=9F07ACC96BC246F25975479E9382CDF88E7D8711 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\191_ciuvo_m.js.vir"
sh=01578895977EF633319C56A58F7F2A7D68612501 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\194_retargeting_bi_m.js.js.vir"
sh=28EF3B09E284C4A1F530AE035D9CF94E12BD2A97 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\195_icm_convertmedia_m.js.vir"
sh=9A67AB016B12405F2FF8E65A64A035E46421F243 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\198_superfish_no_search_no_coupons_plushd_m.js.vir"
sh=F545986C4CEA1996E51779B9B8DE73F3C8DF8834 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=0C5AC30A082628E85A9A8B68EF5E5EAFA46F0CC7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.26.135_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=6BFF50A0465FB2B1165796CB47841DB876BA1D4B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DT34ITFH\icm_convertmedia_m[1].js"
sh=41B54F69613E9CBA0A2AE52B7A8B58EC29CD12AA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K9QHQGSY\noproblemppc_m[1].js"
sh=336F3BCB48ECB1F5B206A8B1BCBD184D6AA9E8B4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M8VVGVTQ\91[1].js"
sh=D59E23D1D01C47C0C77BB7C51D67CB1526F50E6E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M8VVGVTQ\monetizationLoader[1].js"
sh=2DD0E9895F18A7F893B4F75CCEA8C2BF0C79917B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M8VVGVTQ\monetizationLoader[2].js"
sh=6828388D1BB98605DD748D2C89A61EDA6153982C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M8VVGVTQ\retargeting_bi_m[1].js"
sh=7F88F1865FBE0A134FAEA5DA7B88C7264BBC1606 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M8VVGVTQ\retargeting_bi_m[2].js"
sh=928B3A0AAB8E65FB9E3A586D99E80AD24A68A831 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Robert\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MHQ8P2QT\corticas_m[1].js"
sh=32F4FCD3E5433F9AAF32B328428964B42306CFD3 ft=1 fh=13738fa4d45eaba6 vn="Win32/InstallCore.BL evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Robert\Downloads\SkypeSetup.exe"
sh=C608A774558A69804A6E2EC44759E320DC4F51A0 ft=1 fh=d2499ba68d04805e vn="möglicherweise Variante von Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="H:\Inhalte Toshiba\Sicherung Notebook Laufwerkc\user\robert\Downloads\YouTubeDownloader.exe"

SecurityCheck konnte ich nicht durchführen. Nachdem ich eine Taste in der DosBox gedrückt habe kam folgende Meldung: "UNSUPPORTED OPERATING SYSTEM! ABORTED!"

Ich hatte vorher die Firewall wieder aktiviert. Hab die Vermutung, dass das Problem eventuell mit meinem Antivirensystem (Emsisoft) zusammenhängt. Hab mir dort Anfang 2013 eine Lizenz gekauft aber seitdem nichts mehr gemacht.... Wenn ich Emsisoft öffne steht dort aktuell jedenfalls "Ihr Computer ist nicht geschützt"

Gruß
Robert

schrauber · 25.08.2014, 12:13

Lass Securitycheck weg und mach bitte noch den Rest. Emsisoft schauen wir uns dann danach nochmal genauer an.

McGirt · 25.08.2014, 18:08

hier das FRST log

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 02
Ran by Robert (administrator) on NOTEBOOK-ROBERT on 25-08-2014 19:04:18
Running from C:\Users\Robert\Downloads
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Comfort Software Group) C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
() C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Atheros Communications)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2862928 2012-07-29] (ELAN Microelectronics Corp.)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-11] (ASUS)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5264016 2012-08-16] (VIA)
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [466944 2011-09-19] ()
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78352 2012-05-23] (cyberlink)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-28] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKU\S-1-5-21-3576039111-1821954588-2524210282-1002\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-13] ()
HKU\S-1-5-21-3576039111-1821954588-2524210282-1002\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3588952 2014-04-21] (Electronic Arts)
HKU\S-1-5-21-3576039111-1821954588-2524210282-1002\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [1339672 2013-11-04] (Comfort Software Group)
AppInit_DLLs: c:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit64.dll => c:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInit64.dll [21864 2012-08-28] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2011\mshaktuell.exe ()
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: AsusWSShellExt_U -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.transfermarkt.de/"
CHR DefaultSearchKeyword: babylon.com
CHR DefaultSearchProvider: Babylon
CHR DefaultSearchURL: hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_ss_sps&mntrId=E040DC85DEA51276&affID=119357&tt=040713_ctrl&tsp=4937
CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
CHR Extension: (Google Docs) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-12]
CHR Extension: (Google Drive) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-12]
CHR Extension: (YouTube) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-12]
CHR Extension: (Google-Suche) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-12]
CHR Extension: (AdBlock) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-10]
CHR Extension: (Google Wallet) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4741384 2014-08-01] (Emsisoft GmbH)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [243728 2012-05-23] (CyberLink)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-14] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-08-01] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-05-17] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2014-01-07] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-08-01] (Emsisoft GmbH)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2014-01-07] (Emsisoft GmbH)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U0 msahci; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-24 18:24 - 2014-08-24 18:24 - 00854417 _____ () C:\Users\Robert\Downloads\SecurityCheck.exe
2014-08-24 17:10 - 2014-08-24 17:10 - 02347384 _____ (ESET) C:\Users\Robert\Downloads\esetsmartinstaller_deu.exe
2014-08-24 17:10 - 2014-08-24 17:10 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-24 16:17 - 2014-08-24 16:17 - 00000000 ____D () C:\Users\Robert\Downloads\FRST-OlderVersion
2014-08-24 16:06 - 2014-08-24 16:06 - 00000000 ____D () C:\Windows\ERUNT
2014-08-24 16:05 - 2014-08-24 16:05 - 01016261 _____ (Thisisu) C:\Users\Robert\Downloads\JRT.exe
2014-08-24 15:41 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-24 15:40 - 2014-08-24 16:01 - 00000000 ____D () C:\AdwCleaner
2014-08-24 15:23 - 2014-08-24 15:36 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-24 15:22 - 2014-08-24 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-24 15:22 - 2014-08-24 15:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-24 15:22 - 2014-08-24 15:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-24 15:22 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-24 15:22 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-24 15:22 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-24 15:18 - 2014-08-24 15:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Robert\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-23 17:04 - 2014-08-23 17:04 - 00028381 _____ () C:\ComboFix.txt
2014-08-23 12:51 - 2014-08-23 17:04 - 00000000 ____D () C:\Qoobox
2014-08-23 12:51 - 2014-08-23 17:03 - 00000000 ____D () C:\Windows\erdnt
2014-08-23 12:51 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-23 12:51 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-23 12:51 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-23 12:51 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-23 12:51 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-23 12:51 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2014-08-23 12:51 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-23 12:51 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-23 12:51 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-23 12:50 - 2014-08-23 12:50 - 05572006 ____R (Swearware) C:\Users\Robert\Downloads\ComboFix.exe
2014-08-21 21:38 - 2014-08-24 17:03 - 00000000 ____D () C:\Users\Robert\Desktop\Reinigung 2014
2014-08-21 21:15 - 2014-08-25 19:04 - 00016184 _____ () C:\Users\Robert\Downloads\FRST.txt
2014-08-21 21:15 - 2014-08-21 21:16 - 00034278 _____ () C:\Users\Robert\Downloads\Addition.txt
2014-08-21 21:14 - 2014-08-25 19:04 - 00000000 ____D () C:\FRST
2014-08-21 21:13 - 2014-08-24 16:17 - 02103296 _____ (Farbar) C:\Users\Robert\Downloads\FRST64.exe
2014-08-14 22:58 - 2014-07-16 00:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-08-14 22:57 - 2014-06-11 00:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 22:57 - 2014-06-11 00:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 22:10 - 2014-07-24 14:11 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 22:10 - 2014-07-24 14:10 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 22:10 - 2014-07-24 14:10 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 22:10 - 2014-07-24 14:10 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-08-14 22:10 - 2014-07-24 14:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 19279872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 15399936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 22:10 - 2014-07-24 14:09 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 22:10 - 2014-07-24 14:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 22:10 - 2014-07-24 12:52 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 22:10 - 2014-07-24 12:52 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 22:10 - 2014-07-24 12:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 14371328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 22:10 - 2014-07-24 12:51 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 22:10 - 2014-07-24 12:51 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 22:10 - 2014-07-24 12:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 22:10 - 2014-07-24 12:29 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 22:10 - 2014-07-24 10:03 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-08-14 22:10 - 2014-06-13 03:57 - 01453400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 22:10 - 2014-06-13 03:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-14 22:09 - 2014-07-16 01:03 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-14 22:09 - 2014-07-16 00:55 - 04035072 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-14 22:09 - 2014-07-12 04:36 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-14 22:08 - 2014-08-07 08:33 - 00712192 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-14 22:08 - 2014-08-07 05:09 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-14 22:08 - 2014-06-05 19:30 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-08-14 22:08 - 2014-05-03 08:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-08-14 22:08 - 2014-05-03 08:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-08-14 22:08 - 2014-05-03 06:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-08-14 22:08 - 2014-05-02 00:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-08-14 22:08 - 2014-04-30 00:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-08-14 22:08 - 2014-04-30 00:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-08-14 22:08 - 2014-04-24 01:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-08-14 22:08 - 2014-04-24 01:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-14 22:08 - 2014-04-24 01:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-08-14 22:08 - 2014-04-24 01:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-14 22:07 - 2014-06-20 01:35 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 22:07 - 2014-06-20 00:24 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 22:07 - 2014-06-05 19:56 - 00112984 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 22:07 - 2014-06-05 19:29 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 22:07 - 2014-06-05 19:29 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 22:07 - 2014-06-05 19:28 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 22:07 - 2014-06-05 19:28 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-08-14 22:07 - 2014-06-05 15:12 - 08857600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-08-14 22:07 - 2014-06-05 15:11 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 22:07 - 2014-06-05 15:11 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 22:07 - 2014-06-05 15:10 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 22:07 - 2014-06-05 15:10 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-08-14 22:07 - 2014-05-29 06:04 - 00094552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2014-08-14 22:07 - 2014-05-08 03:34 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-08-06 22:53 - 2014-08-17 23:17 - 00293272 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-05 18:08 - 2014-08-05 18:08 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-08-01 16:05 - 2014-08-17 23:16 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-01 16:05 - 2014-08-17 23:16 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-01 16:05 - 2014-08-17 23:16 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-01 16:05 - 2014-08-17 23:16 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-01 16:05 - 2014-08-03 00:11 - 03286528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-01 16:05 - 2014-08-03 00:11 - 01623040 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-01 16:05 - 2014-08-03 00:11 - 00773632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-01 16:05 - 2014-08-03 00:11 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-01 16:05 - 2014-08-03 00:11 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-08-01 16:05 - 2014-08-03 00:11 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-08-01 16:05 - 2014-08-03 00:11 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-01 16:05 - 2014-08-03 00:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-01 16:05 - 2014-08-03 00:11 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-25 19:04 - 2014-08-21 21:15 - 00016184 _____ () C:\Users\Robert\Downloads\FRST.txt
2014-08-25 19:04 - 2014-08-21 21:14 - 00000000 ____D () C:\FRST
2014-08-25 19:02 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-08-25 00:22 - 2014-01-07 23:11 - 01739621 _____ () C:\Windows\WindowsUpdate.log
2014-08-25 00:21 - 2013-01-12 13:24 - 00001142 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-24 22:21 - 2013-01-12 13:24 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-24 18:42 - 2013-01-13 14:16 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-08-24 18:24 - 2014-08-24 18:24 - 00854417 _____ () C:\Users\Robert\Downloads\SecurityCheck.exe
2014-08-24 17:10 - 2014-08-24 17:10 - 02347384 _____ (ESET) C:\Users\Robert\Downloads\esetsmartinstaller_deu.exe
2014-08-24 17:10 - 2014-08-24 17:10 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-24 17:08 - 2012-08-03 01:02 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-08-24 17:08 - 2012-08-03 01:02 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-08-24 17:08 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-24 17:03 - 2014-08-21 21:38 - 00000000 ____D () C:\Users\Robert\Desktop\Reinigung 2014
2014-08-24 17:02 - 2013-01-13 15:18 - 00000000 ____D () C:\Users\Robert\AppData\Local\PMB Files
2014-08-24 16:17 - 2014-08-24 16:17 - 00000000 ____D () C:\Users\Robert\Downloads\FRST-OlderVersion
2014-08-24 16:17 - 2014-08-21 21:13 - 02103296 _____ (Farbar) C:\Users\Robert\Downloads\FRST64.exe
2014-08-24 16:13 - 2013-01-09 20:30 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3576039111-1821954588-2524210282-1002
2014-08-24 16:06 - 2014-08-24 16:06 - 00000000 ____D () C:\Windows\ERUNT
2014-08-24 16:05 - 2014-08-24 16:05 - 01016261 _____ (Thisisu) C:\Users\Robert\Downloads\JRT.exe
2014-08-24 16:03 - 2013-01-09 20:23 - 00000401 _____ () C:\Users\Robert\AppData\Roaming\sp_data.sys
2014-08-24 16:02 - 2014-01-07 22:46 - 00040694 _____ () C:\Windows\PFRO.log
2014-08-24 16:02 - 2012-11-28 06:29 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-24 16:02 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-24 16:02 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-08-24 16:01 - 2014-08-24 15:40 - 00000000 ____D () C:\AdwCleaner
2014-08-24 15:36 - 2014-08-24 15:23 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-24 15:34 - 2012-08-02 15:33 - 00000000 ____D () C:\Windows\Log
2014-08-24 15:22 - 2014-08-24 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-24 15:22 - 2014-08-24 15:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-24 15:22 - 2014-08-24 15:22 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-24 15:19 - 2014-08-24 15:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Robert\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-23 17:04 - 2014-08-23 17:04 - 00028381 _____ () C:\ComboFix.txt
2014-08-23 17:04 - 2014-08-23 12:51 - 00000000 ____D () C:\Qoobox
2014-08-23 17:04 - 2012-07-26 07:37 - 00000000 __RHD () C:\Users\Default
2014-08-23 17:03 - 2014-08-23 12:51 - 00000000 ____D () C:\Windows\erdnt
2014-08-23 17:03 - 2012-07-26 07:26 - 00000215 _____ () C:\Windows\system.ini
2014-08-23 12:50 - 2014-08-23 12:50 - 05572006 ____R (Swearware) C:\Users\Robert\Downloads\ComboFix.exe
2014-08-22 16:24 - 2013-12-19 07:24 - 00000160 _____ () C:\Users\Robert\AppData\Roaming\WB.CFG
2014-08-22 16:24 - 2013-02-23 19:47 - 00000000 ____D () C:\Users\Robert\AppData\Local\CrashDumps
2014-08-21 21:16 - 2014-08-21 21:15 - 00034278 _____ () C:\Users\Robert\Downloads\Addition.txt
2014-08-18 00:57 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-08-17 23:17 - 2014-08-06 22:53 - 00293272 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-17 23:16 - 2014-08-01 16:05 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-17 23:16 - 2014-08-01 16:05 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-17 23:16 - 2014-08-01 16:05 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-17 23:16 - 2014-08-01 16:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-17 23:16 - 2014-07-22 08:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-17 23:16 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-08-17 23:16 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-08-17 23:16 - 2012-07-26 09:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-16 01:16 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-08-14 23:02 - 2013-07-18 18:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 23:01 - 2013-01-10 22:23 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 21:22 - 2013-01-12 13:25 - 00002177 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-07 08:33 - 2014-08-14 22:08 - 00712192 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 05:09 - 2014-08-14 22:08 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 18:08 - 2014-08-05 18:08 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-08-03 00:11 - 2014-08-01 16:05 - 03286528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-03 00:11 - 2014-08-01 16:05 - 01623040 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-03 00:11 - 2014-08-01 16:05 - 00773632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-03 00:11 - 2014-08-01 16:05 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-03 00:11 - 2014-08-01 16:05 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-08-03 00:11 - 2014-08-01 16:05 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-08-03 00:11 - 2014-08-01 16:05 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-03 00:11 - 2014-08-01 16:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-03 00:11 - 2014-08-01 16:05 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-02 10:16 - 2013-04-07 17:11 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-08-02 02:15 - 2012-07-26 10:14 - 00704480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-02 02:15 - 2012-07-26 10:14 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Robert\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-24 10:46

==================== End Of Log ============================

--- --- ---

Die anfangs beschriebenen Probleme tauchen aktuell jedenfalls nicht mehr auf

Gruß
Robert

schrauber · 26.08.2014, 16:51

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

CHR DefaultSearchKeyword: babylon.com
CHR DefaultSearchProvider: Babylon
CHR DefaultSearchURL: hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_ss_sps&mntrId=E040DC85DEA51276&affID=119357&tt=040713_ctrl&tsp=4937

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Was besteht jetzt aktuell noch an Problemen?

McGirt · 27.08.2014, 18:06

Fixlog

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-08-2014 02
Ran by Robert at 2014-08-27 18:53:47 Run:1
Running from C:\Users\Robert\Desktop\Reinigung 2014
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR DefaultSearchKeyword: babylon.com
CHR DefaultSearchProvider: Babylon
CHR DefaultSearchURL: hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_ss_sps&mntrId=E040DC85DEA51276&affID=119357&tt=040713_ctrl&tsp=4937
         
*****************

Chrome DefaultSearchKeyword deleted successfully.
CHR DefaultSearchProvider: Babylon ==> The Chrome "Settings" can be used to fix the entry.
Chrome DefaultSearchURL deleted successfully.

==== End of Fixlog ====

TFC habe ich auch über den PC laufen lassen- ein Neustart war nicht notwendig. Probleme bestehen aktuell jedenfalls keine mehr ...

Gruß
Robert

schrauber · 28.08.2014, 08:36

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

25.08.2014, 12:13	#10
schrauber /// the machine /// TB-Ausbilder	Ständige PopUps und Aufforderungen zum Aktualisieren des Video-Players Lass Securitycheck weg und mach bitte noch den Rest. Emsisoft schauen wir uns dann danach nochmal genauer an. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Ständige PopUps und Aufforderungen zum Aktualisieren des Video-Players

Plagegeister aller Art und deren Bekämpfung: Ständige PopUps und Aufforderungen zum Aktualisieren des Video-Players