Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Probleme durch Webcake

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.08.2013, 14:20   #1
escado
 
Probleme durch Webcake - Standard

Probleme durch Webcake



Hallo,

ich habe auch - wie wohl so einige Anwender - ein Problem mit Webcake. Im meinem Browser Firefox öffnet sich ständig ein Fenster mit seltsamen Nachrichten, dass die Leistung meines Competers schwach ist oder irgendwelche Werbung. Außerdem erscheinen immer wieder Kaufempfehlungen, Banner etc. Webcake lässt sich über die Systemsteuerung nicht deinstallieren. Defogger habe ich bereits runtergeladen. Die beiden Dateien aus dem Scan des Farbar Recovery Scan Tools habe ich beigefügt.

Danke für Eure Hilfe!

Escado

Alt 14.08.2013, 14:57   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Probleme durch Webcake - Standard

Probleme durch Webcake



hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.


Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________

__________________

Alt 14.08.2013, 15:38   #3
escado
 
Probleme durch Webcake - Standard

Probleme durch Webcake



Hallo.

Hier die drei Log-Files:

1.) FRST.txt:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-08-2013 01
Ran by Andreas (administrator) on 14-08-2013 14:59:52
Running from C:\Users\Andreas\Downloads
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Comodo Security Solutions Inc.) C:\Program Files\Common Files\COMODO\launcher_service.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
() C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
() C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(X10) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(1und1 Mail und Media GmbH) C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Bake Cake) C:\Users\Andreas\AppData\Roaming\Betcat\WebCakeDesktop.exe
() C:\Users\Andreas\Qtrax\Player\Notification.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Users\Andreas\Downloads\Defogger(1).exe
(Farbar) C:\Users\Andreas\Downloads\FRST(1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9177632 2010-04-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1423904 2010-04-23] (Realtek Semiconductor)
HKLM\...\Run: [HotkeyApp] - C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM\...\Run: [LMgrVolOSD] - C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.)
HKLM\...\Run: [LMgrOSD] - "C:\Program Files\Launch Manager\OSDCtrl.exe" [x]
HKLM\...\Run: [Wbutton] - C:\Program Files\Launch Manager\Wbutton.exe [413696 2010-01-13] (Wistron Corp.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-11] (Synaptics Incorporated)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [14830184 2010-04-15] (NVIDIA Corporation)
HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2516296 2010-03-25] (CANON INC.)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey [x] <===== ATTENTION (File name is altered)
HKLM\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime [x]
HKLM\...\Run: [MailCheck IE Broker] - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [1513536 2013-02-04] (1und1 Mail und Media GmbH)
HKLM\...\Run: [gbrspcontrol] - C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-04-17] (Comodo Security Solutions, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-06-10] (Geek Software GmbH)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKCU\...\Run: [Device Detection] - C:\Program Files\Lidl_Fotos\dd.exe [x]
HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [x]
HKCU\...\Run: [Browser Infrastructure Helper] - C:\Users\Andreas\AppData\Local\Smartbar\Application\SnapDo.exe startup [x]
HKCU\...\Run: [WebCake Desktop] - C:\Users\Andreas\AppData\Roaming\Betcat\WebCakeDesktop.exe [52504 2013-08-10] (Bake Cake)
HKCU\...\Run: [NTRedirect] - C:\Users\Andreas\AppData\Roaming\BabSolution\Shared\NTRedirect.dll [127472 2013-08-04] () <===== ATTENTION
HKCU\...\Run: [QtraxNotification] - C:\Users\Andreas\Qtrax\Player\Notification.exe [118568 2013-08-14] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\Comodo\GeekBuddy\launcher.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\t@x aktuell.lnk
ShortcutTarget: t@x aktuell.lnk -> C:\Program Files\tax Steuersoftware 2013\taxaktuell.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Live Mail.lnk
ShortcutTarget: Windows Live Mail.lnk -> C:\Program Files\Windows Live\Mail\wlmail.exe (No File)
Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=522ddc99-27d1-49b8-964b-e03a4788c02d&searchtype=ds&q={searchTerms}&installDate={installDate}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=1C311C4BD6E53C5C&affID=119357&tsp=4974
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=522ddc99-27d1-49b8-964b-e03a4788c02d&searchtype=ds&q={searchTerms}&installDate={installDate}
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=1C311C4BD6E53C5C&affID=119357&tsp=4974
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mysearch.sweetpacks.com/?src=10&st=12&crg=3.5000006.10053&barid={98D8D4D2-EFDF-11E2-BB4A-00262DBF7A31}
SearchScopes: HKLM - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://mysearch.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10053&barid={98D8D4D2-EFDF-11E2-BB4A-00262DBF7A31}
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://mysearch.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10053&barid={98D8D4D2-EFDF-11E2-BB4A-00262DBF7A31}
SearchScopes: HKCU - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://mysearch.sweetpacks.com?src=6&q={searchTerms}&barid={98D8D4D2-EFDF-11E2-BB4A-00262DBF7A31}&crg=3.5000006.10053&st=23
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=522ddc99-27d1-49b8-964b-e03a4788c02d&searchtype=ds&q={searchTerms}&installDate={installDate}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=1C311C4BD6E53C5C&affID=119357&tsp=4974
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://mysearch.sweetpacks.com?src=6&q={searchTerms}&barid={98D8D4D2-EFDF-11E2-BB4A-00262DBF7A31}&crg=3.5000006.10053&st=23
BHO: WebCake - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files\WebCake\WebCakeIEClient.dll No File
BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO: DealPly Shopping - {9cf699ca-2174-4ed8-bec1-ba82095edce0} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
BHO: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll No File
BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.22.0\bh\delta.dll (Delta-search.com)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll No File
Toolbar: HKLM - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
Toolbar: HKLM - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll No File
Toolbar: HKLM - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.22.0\deltaTlbr.dll (Delta-search.com)
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
Toolbar: HKCU -DVDVideoSoftTB Toolbar - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll No File
Toolbar: HKCU -No Name - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} -  No File
Toolbar: HKCU -No Name - {7F4D8DE6-AC92-4A13-9DE9-F360736F2464} -  No File
Toolbar: HKCU -WEB.DE MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll No File
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {28B66320-9687-4B13-8757-36F901887AB5} hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/canvasx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL No File
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll No File
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\pr6083ft.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @tools.dpliveupdate.com/DealPlyLive Update;version=3 - C:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin: @tools.dpliveupdate.com/DealPlyLive Update;version=9 - C:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{DEDAF650-12B8-48f5-A843-BBA100716106}] C:\Program Files\Updater By Sweetpacks\Firefox

========================== Services (Whitelisted) =================

R2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2847696 2013-07-26] ()
S2 BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2787280 2013-03-22] ()
R2 CLPSLauncher; C:\Program Files\Common Files\COMODO\launcher_service.exe [70344 2013-04-17] (Comodo Security Solutions Inc.)
S2 dealplylive; C:\Program Files\DealPlyLive\Update\DealPlyLive.exe [148000 2013-08-14] (DealPly Technologies Ltd)
S3 dealplylivem; C:\Program Files\DealPlyLive\Update\DealPlyLive.exe [148000 2013-08-14] (DealPly Technologies Ltd)
S2 GeekBuddyRSP; C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-04-17] (Comodo Security Solutions, Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
R2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [1800808 2010-04-15] (NVIDIA Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1724192 2013-01-28] (TuneUp Software)
S4 WebCake Desktop Updater; C:\Users\Andreas\AppData\Roaming\WebCake\WebCakeDesktop.exe [47896 2013-05-31] (WebCake LLC)
R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-22] (Wistron Corp.)
R2 x10nets; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [20480 2009-11-07] (X10)
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [x]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [x]
S3 gusvc; "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" [x]
S2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [x]

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-05-16] ()
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-05-10] (Avira Operations GmbH & Co. KG)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [35064 2012-09-03] (Windows (R) Win 7 DDK provider)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-02-05] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2011-05-16] ()
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [786400 2009-08-13] (DiBcom SA)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-14] (Ralink Technology Corp.)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
S3 TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-14 14:58 - 2013-08-14 14:58 - 01068807 _____ (Farbar) C:\Users\Andreas\Downloads\FRST.exe
2013-08-14 14:58 - 2013-08-14 14:58 - 01068807 _____ (Farbar) C:\Users\Andreas\Downloads\FRST(1).exe
2013-08-14 14:56 - 2013-08-14 14:56 - 00000476 _____ C:\Users\Andreas\Downloads\defogger_disable.log
2013-08-14 14:56 - 2013-08-14 14:56 - 00000000 _____ C:\Users\Andreas\defogger_reenable
2013-08-14 14:55 - 2013-08-14 14:55 - 00050477 _____ C:\Users\Andreas\Downloads\Defogger.exe
2013-08-14 14:55 - 2013-08-14 14:55 - 00050477 _____ C:\Users\Andreas\Downloads\Defogger(1).exe
2013-08-14 14:50 - 2013-08-14 14:50 - 00000000 ____D C:\Users\Andreas\Qtrax
2013-08-14 14:46 - 2013-08-14 14:52 - 00000892 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
2013-08-14 14:46 - 2013-08-14 14:51 - 00000896 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
2013-08-14 14:46 - 2013-08-14 14:46 - 00001032 _____ C:\Users\Public\Desktop\Open It!.lnk
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\BabSolution
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\Users\Andreas\AppData\Local\DealPlyLive
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\ProgramData\DealPlyLive
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\Program Files\OpenIt
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\Program Files\Delta
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\Program Files\DealPlyLive
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\Program Files\DealPly
2013-08-14 14:45 - 2013-08-14 14:45 - 00714352 _____ C:\Users\Andreas\Downloads\ZipOpenerSetup.exe
2013-08-10 21:25 - 2013-08-14 14:53 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Betcat
2013-08-10 20:58 - 2013-08-11 09:37 - 00085012 _____ C:\Windows\PFRO.log
2013-08-09 18:54 - 2013-08-09 18:54 - 00666633 _____ C:\Users\Andreas\Downloads\adwcleaner.exe
2013-08-09 16:27 - 2013-08-09 16:27 - 01067456 _____ (Solid State Networks) C:\Users\Andreas\Downloads\install_flashplayer11x32au_mssd_aaa_aih.exe
2013-08-06 21:32 - 2013-08-06 21:32 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-03 21:20 - 2013-08-03 21:20 - 00903080 _____ (Oracle Corporation) C:\Users\Andreas\Downloads\jxpiinstall(2).exe
2013-08-03 21:19 - 2013-08-03 21:19 - 00000000 ____D C:\ProgramData\APN
2013-08-03 21:17 - 2013-08-03 21:17 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-03 21:17 - 2013-08-03 21:17 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-03 21:17 - 2013-08-03 21:17 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-03 21:17 - 2013-08-03 21:17 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-08-03 21:17 - 2013-08-03 21:17 - 00000000 ____D C:\Program Files\Java
2013-08-03 21:17 - 2013-08-03 21:17 - 00000000 ____D C:\Program Files\Common Files\Java
2013-08-03 21:15 - 2013-08-03 21:15 - 00903080 _____ (Oracle Corporation) C:\Users\Andreas\Downloads\jxpiinstall(1).exe
2013-08-03 21:14 - 2013-08-03 21:14 - 00903080 _____ (Oracle Corporation) C:\Users\Andreas\Downloads\jxpiinstall.exe
2013-07-30 12:13 - 2013-07-30 12:13 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\LaunchPad
2013-07-27 16:28 - 2013-08-10 21:02 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Web Cake
2013-07-27 09:34 - 2013-08-03 11:34 - 00000077 _____ C:\Users\Andreas\AppData\Roaming\WB.CFG
2013-07-25 19:22 - 2013-07-25 19:22 - 00036102 _____ C:\Users\Andreas\Desktop\D-Dimere.htm
2013-07-25 19:22 - 2013-07-25 19:22 - 00000000 ____D C:\Users\Andreas\Desktop\D-Dimere_files
2013-07-25 10:00 - 2013-08-14 14:53 - 00000000 ____D C:\Users\Andreas\Tracing
2013-07-24 07:55 - 2013-08-14 14:52 - 00003091 _____ C:\Windows\setupact.log
2013-07-24 07:55 - 2013-07-24 07:55 - 00000000 _____ C:\Windows\setuperr.log
2013-07-23 09:32 - 2013-07-23 09:32 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\digital publishing
2013-07-23 09:09 - 2013-07-23 09:10 - 00000000 ____D C:\Users\Andreas\Desktop\Old Firefox Data
2013-07-23 08:50 - 2013-07-23 08:50 - 00000929 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-07-23 08:50 - 2013-07-23 08:50 - 00000000 ____D C:\Program Files\CCleaner
2013-07-23 08:48 - 2013-07-23 08:48 - 03357912 _____ (Piriform Ltd) C:\Users\Andreas\Downloads\ccsetup403_slim.exe
2013-07-22 11:08 - 2013-07-22 11:09 - 49904760 _____ C:\Users\Andreas\Downloads\mpnx_3_0-win-3_05-ea23_2.exe
2013-07-22 09:47 - 2013-07-22 09:47 - 00277456 _____ C:\Users\Andreas\Downloads\Setup(1).exe
2013-07-21 17:17 - 2013-07-21 17:17 - 00000000 ____D C:\Users\Andreas\AppData\Local\PDF24
2013-07-21 17:12 - 2013-07-21 17:13 - 00000000 ____D C:\Program Files\PDF24
2013-07-21 17:12 - 2013-07-21 17:12 - 00001778 _____ C:\Users\Public\Desktop\PDF24 Editor.lnk
2013-07-21 17:12 - 2013-07-21 17:12 - 00001763 _____ C:\Users\Public\Desktop\PDF24 Fax.lnk
2013-07-21 17:09 - 2013-07-21 17:10 - 15905080 _____ (Geek Software GmbH                                          ) C:\Users\Andreas\Downloads\pdf24-creator-5.6.0.exe
2013-07-20 00:50 - 2013-07-22 10:33 - 00000005 _____ C:\Users\Andreas\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-07-18 21:24 - 2013-07-18 21:24 - 00000000 ____D C:\Program Files\SweetIM
2013-07-18 21:24 - 2011-05-14 01:17 - 00554832 _____ (Microsoft Corporation) C:\Windows\system32\msvcp80.dll
2013-07-18 21:24 - 2011-05-14 01:17 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\msvcm80.dll
2013-07-18 21:24 - 2011-05-13 16:59 - 00001870 _____ C:\Windows\system32\Microsoft.VC80.CRT.manifest
2013-07-18 21:23 - 2013-07-18 21:23 - 00277440 _____ C:\Users\Andreas\Downloads\Setup.exe
2013-07-17 09:18 - 2013-07-17 09:18 - 00011320 _____ C:\Users\Andreas\Documents\Finanzierung von Nicoles Auto_Hyundai i30.xlsx

==================== One Month Modified Files and Folders =======

2013-08-14 14:59 - 2013-08-14 14:59 - 00000000 ____D C:\FRST
2013-08-14 14:58 - 2013-08-14 14:58 - 01068807 _____ (Farbar) C:\Users\Andreas\Downloads\FRST.exe
2013-08-14 14:58 - 2013-08-14 14:58 - 01068807 _____ (Farbar) C:\Users\Andreas\Downloads\FRST(1).exe
2013-08-14 14:56 - 2013-08-14 14:56 - 00000476 _____ C:\Users\Andreas\Downloads\defogger_disable.log
2013-08-14 14:56 - 2013-08-14 14:56 - 00000000 _____ C:\Users\Andreas\defogger_reenable
2013-08-14 14:56 - 2010-12-09 22:05 - 00000000 ____D C:\Users\Andreas
2013-08-14 14:55 - 2013-08-14 14:55 - 00050477 _____ C:\Users\Andreas\Downloads\Defogger.exe
2013-08-14 14:55 - 2013-08-14 14:55 - 00050477 _____ C:\Users\Andreas\Downloads\Defogger(1).exe
2013-08-14 14:53 - 2013-08-10 21:25 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Betcat
2013-08-14 14:53 - 2013-07-25 10:00 - 00000000 ____D C:\Users\Andreas\Tracing
2013-08-14 14:52 - 2013-08-14 14:46 - 00000892 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
2013-08-14 14:52 - 2013-07-24 07:55 - 00003091 _____ C:\Windows\setupact.log
2013-08-14 14:52 - 2013-07-14 14:34 - 00000294 _____ C:\Windows\Tasks\DSite.job
2013-08-14 14:52 - 2013-06-06 23:12 - 00000298 _____ C:\Windows\Tasks\Dealply.job
2013-08-14 14:52 - 2011-03-30 09:49 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-14 14:52 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-14 14:51 - 2013-08-14 14:46 - 00000896 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
2013-08-14 14:51 - 2010-12-09 22:04 - 01978499 _____ C:\Windows\WindowsUpdate.log
2013-08-14 14:50 - 2013-08-14 14:50 - 00000000 ____D C:\Users\Andreas\Qtrax
2013-08-14 14:47 - 2012-08-18 15:14 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-14 14:46 - 2013-08-14 14:46 - 00001032 _____ C:\Users\Public\Desktop\Open It!.lnk
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\BabSolution
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\Users\Andreas\AppData\Local\DealPlyLive
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\ProgramData\DealPlyLive
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\Program Files\OpenIt
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\Program Files\Delta
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\Program Files\DealPlyLive
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\Program Files\DealPly
2013-08-14 14:45 - 2013-08-14 14:45 - 00714352 _____ C:\Users\Andreas\Downloads\ZipOpenerSetup.exe
2013-08-14 14:26 - 2010-05-05 12:28 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-14 14:16 - 2011-03-30 09:49 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-14 11:37 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-08-14 08:20 - 2009-07-14 06:34 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-14 08:20 - 2009-07-14 06:34 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-13 10:34 - 2013-07-14 16:34 - 00000005 _____ C:\Users\Andreas\AppData\Roaming\WBPU-TTL.DAT
2013-08-12 23:08 - 2011-07-25 21:49 - 00000000 ____D C:\Users\Andreas\Documents\Bewerbungsunterlagen AK
2013-08-11 09:37 - 2013-08-10 20:58 - 00085012 _____ C:\Windows\PFRO.log
2013-08-10 21:02 - 2013-07-27 16:28 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Web Cake
2013-08-10 20:58 - 2010-12-14 22:44 - 00000000 ____D C:\ProgramData\WebEx
2013-08-09 18:54 - 2013-08-09 18:54 - 00666633 _____ C:\Users\Andreas\Downloads\adwcleaner.exe
2013-08-09 16:27 - 2013-08-09 16:27 - 01067456 _____ (Solid State Networks) C:\Users\Andreas\Downloads\install_flashplayer11x32au_mssd_aaa_aih.exe
2013-08-08 07:57 - 2013-06-06 23:13 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-06 21:32 - 2013-08-06 21:32 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-03 21:20 - 2013-08-03 21:20 - 00903080 _____ (Oracle Corporation) C:\Users\Andreas\Downloads\jxpiinstall(2).exe
2013-08-03 21:19 - 2013-08-03 21:19 - 00000000 ____D C:\ProgramData\APN
2013-08-03 21:17 - 2013-08-03 21:17 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-03 21:17 - 2013-08-03 21:17 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-03 21:17 - 2013-08-03 21:17 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-03 21:17 - 2013-08-03 21:17 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-08-03 21:17 - 2013-08-03 21:17 - 00000000 ____D C:\Program Files\Java
2013-08-03 21:17 - 2013-08-03 21:17 - 00000000 ____D C:\Program Files\Common Files\Java
2013-08-03 21:17 - 2010-05-05 13:18 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-03 21:17 - 2010-05-05 13:18 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-03 21:15 - 2013-08-03 21:15 - 00903080 _____ (Oracle Corporation) C:\Users\Andreas\Downloads\jxpiinstall(1).exe
2013-08-03 21:14 - 2013-08-03 21:14 - 00903080 _____ (Oracle Corporation) C:\Users\Andreas\Downloads\jxpiinstall.exe
2013-08-03 11:34 - 2013-07-27 09:34 - 00000077 _____ C:\Users\Andreas\AppData\Roaming\WB.CFG
2013-07-30 12:13 - 2013-07-30 12:13 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\LaunchPad
2013-07-29 15:10 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\LiveKernelReports
2013-07-27 20:36 - 2013-06-02 12:27 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\WebCake
2013-07-25 20:33 - 2011-04-18 09:39 - 00000000 ____D C:\Users\Andreas\Desktop\Nicole
2013-07-25 19:22 - 2013-07-25 19:22 - 00036102 _____ C:\Users\Andreas\Desktop\D-Dimere.htm
2013-07-25 19:22 - 2013-07-25 19:22 - 00000000 ____D C:\Users\Andreas\Desktop\D-Dimere_files
2013-07-24 07:55 - 2013-07-24 07:55 - 00000000 _____ C:\Windows\setuperr.log
2013-07-23 09:32 - 2013-07-23 09:32 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\digital publishing
2013-07-23 09:10 - 2013-07-23 09:09 - 00000000 ____D C:\Users\Andreas\Desktop\Old Firefox Data
2013-07-23 09:04 - 2011-09-19 13:11 - 00000000 ____D C:\Windows\Minidump
2013-07-23 09:04 - 2010-05-05 22:00 - 00000000 ____D C:\Windows\Panther
2013-07-23 08:50 - 2013-07-23 08:50 - 00000929 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-07-23 08:50 - 2013-07-23 08:50 - 00000000 ____D C:\Program Files\CCleaner
2013-07-23 08:48 - 2013-07-23 08:48 - 03357912 _____ (Piriform Ltd) C:\Users\Andreas\Downloads\ccsetup403_slim.exe
2013-07-22 20:27 - 2012-10-10 13:08 - 00000000 ____D C:\Users\Andreas\Desktop\Verkauf!!!!!!!
2013-07-22 11:10 - 2010-12-30 22:56 - 00002005 _____ C:\Users\Public\Desktop\Canon MP Navigator EX 3.0.lnk
2013-07-22 11:09 - 2013-07-22 11:08 - 49904760 _____ C:\Users\Andreas\Downloads\mpnx_3_0-win-3_05-ea23_2.exe
2013-07-22 11:09 - 2010-12-30 22:55 - 00000000 ____D C:\Program Files\Canon
2013-07-22 10:33 - 2013-07-20 00:50 - 00000005 _____ C:\Users\Andreas\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-07-22 09:47 - 2013-07-22 09:47 - 00277456 _____ C:\Users\Andreas\Downloads\Setup(1).exe
2013-07-21 17:17 - 2013-07-21 17:17 - 00000000 ____D C:\Users\Andreas\AppData\Local\PDF24
2013-07-21 17:13 - 2013-07-21 17:12 - 00000000 ____D C:\Program Files\PDF24
2013-07-21 17:12 - 2013-07-21 17:12 - 00001778 _____ C:\Users\Public\Desktop\PDF24 Editor.lnk
2013-07-21 17:12 - 2013-07-21 17:12 - 00001763 _____ C:\Users\Public\Desktop\PDF24 Fax.lnk
2013-07-21 17:10 - 2013-07-21 17:09 - 15905080 _____ (Geek Software GmbH                                          ) C:\Users\Andreas\Downloads\pdf24-creator-5.6.0.exe
2013-07-19 20:30 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-07-18 21:24 - 2013-07-18 21:24 - 00000000 ____D C:\Program Files\SweetIM
2013-07-18 21:24 - 2013-05-22 16:53 - 00000000 ____D C:\Users\Andreas\Desktop\Silverlight
2013-07-18 21:23 - 2013-07-18 21:23 - 00277440 _____ C:\Users\Andreas\Downloads\Setup.exe
2013-07-17 09:18 - 2013-07-17 09:18 - 00011320 _____ C:\Users\Andreas\Documents\Finanzierung von Nicoles Auto_Hyundai i30.xlsx

Files to move or delete:
====================
C:\Users\Andreas\AppData\Roaming\BabSolution\Shared\NTRedirect.dll
C:\Users\Andreas\kidizoom-twist-pink-kidizoom-twist-foto-editor-pc.exe
C:\Users\Andreas\TagesSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-30 10:01

==================== End Of Log ============================
         
--- --- ---

--- --- ---

[/CODE]



2.) Addition.txt:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-08-2013 01
Ran by Andreas at 2013-08-14 15:01:23
Running from C:\Users\Andreas\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03)
Apple Software Update (Version: 2.1.3.127)
Arbeitszeugnisse für Führungskräfte
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.27)
Blacksails
BrowserDefender
Canon MP Navigator EX 3.0
Canon MP560 series MP Drivers
Canon My Printer
CCleaner (Version: 4.03)
CDBurnerXP (Version: 4.5.0.3717)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
Conduit Engine (Version: )
CyberLink LabelPrint (Version: 2.5.2602)
CyberLink Power2Go (Version: 6.1.3602c)
CyberLink PowerDVD Copy (Version: 1.5.1306)
CyberLink YouCam (Version: 3.0.2609)
D3DX10 (Version: 15.4.2368.0902)
Dealply
DealPly (remove only) (Version: 4.8.7.3)
Delta Chrome Toolbar
Delta toolbar   (Version: 1.8.22.0)
FormatFactory 3.0.1 (Version: 3.0.1)
Free Audio CD Burner version 1.4.7
Free YouTube to MP3 Converter version 3.11.17.319 (Version: 3.11.17.319)
GeekBuddy (Version: 4.7.55)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.135)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.2086)
Intel(R) Management Engine Components (Version: 6.0.0.1179)
Intel(R) Rapid Storage Technology (Version: 9.6.0.1014)
Internet Explorer Toolbar 4.9 by SweetPacks (Version: 4.9.0000)
Jack Keane
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java(TM) 6 Update 20 (Version: 6.0.200)
Junk Mail filter update (Version: 15.4.3502.0922)
Kidizoom Photo Editor (Version: 1.00.0000)
K-Lite Codec Pack 6.0.4 (Basic) (Version: 6.0.4)
Launch Manager V1.5.0.8 (Version: 1.5.0.8)
Medion Home Cinema (Version: 8.0.1318)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [DEU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 23.0 (x86 en-US) (Version: 23.0)
Mozilla Maintenance Service (Version: 23.0)
MP4 To MP3 Converter V3.0
MSVCRT (Version: 15.4.2862.0708)
MyFreeCodec
MyPhoneExplorer (Version: 1.8.4)
NVIDIA Drivers (Version: 1.10.60.38)
NVIDIA Updatus (Version: 1.0.3)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Open It! (Version: 1.1.1)
PDF24 Creator 5.6.0
PDFCreator (Version: 1.1.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
Qtrax Connection Manager (HKCU Version: 20.13.07.02)
QuickTime (Version: 7.73.80.64)
Ravensburger tiptoi
Realtek High Definition Audio Driver (Version: 6.0.1.6096)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30117)
REALTEK Wireless LAN Driver (Version: 1.00.0145)
Skype™ 6.3 (Version: 6.3.105)
Snap.Do (Version: 1.6.1.921)
Snap.Do Engine (HKCU Version: 1.6.1.921)
Synaptics Pointing Device Driver (Version: 14.0.19.0)
t@x 2011 (Version: 18.00.6928)
t@x 2012 (Version: 19.03.7334)
t@x 2013 (Version: 20.00.8137)
TuneUp Utilities 2013 (Version: 13.0.3020.2)
TuneUp Utilities Language Pack (de-DE) (Version: 13.0.3020.2)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition
Update for Zip Opener
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Video Converter Packages
WebCake 3.00 (Version: 3.00)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR
X10 Hardware(TM)
Zip Opener Packages
 

==================== Restore Points  =========================

22-07-2013 22:11:01 Windows Update
23-07-2013 21:30:38 Windows Update
25-07-2013 21:15:45 Windows Update
26-07-2013 20:29:46 Windows Update
27-07-2013 20:28:21 Windows Update
29-07-2013 04:43:04 Windows Update
30-07-2013 05:34:12 Windows Update
31-07-2013 06:07:33 Windows Update
31-07-2013 20:20:51 Windows Update
01-08-2013 20:50:30 Windows Update
03-08-2013 09:22:00 Windows Update
03-08-2013 19:16:38 Installed Java 7 Update 25
03-08-2013 21:27:18 Windows Update
04-08-2013 18:30:38 Windows Update
04-08-2013 20:45:49 Windows Update
05-08-2013 21:00:31 Windows Update
07-08-2013 05:40:54 Windows Update
08-08-2013 06:01:47 Windows Update
08-08-2013 20:49:58 Windows Update
09-08-2013 16:32:41 Removed Apple Software Update
09-08-2013 16:33:53 Removed Bonjour
09-08-2013 16:35:06 Removed GuardBar
10-08-2013 19:04:41 Windows Update
10-08-2013 21:28:39 Windows Update
11-08-2013 08:43:24 Windows Update
11-08-2013 20:08:23 Windows Update
12-08-2013 21:08:53 Windows Update
13-08-2013 19:26:38 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {04454970-1D93-482F-AA1D-AC84EA542578} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2013\OneClick.exe [2013-01-28] (TuneUp Software)
Task: {0FEB5211-F666-4EA9-A5B7-808404430783} - System32\Tasks\Registration 1und1 Task => C:\Program Files\1und1Softwareaktualisierung\cdsupdclient.exe No File
Task: {13478D28-0C90-4E03-BDB7-4A6B81B4DE31} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {1BC0B76F-C66F-4800-A48B-8B680A957437} - System32\Tasks\BrowserDefendert => C:\Windows\system32\sc.exe [2009-07-14] (Microsoft Corporation)
Task: {2A22786D-FC88-4F4C-96A4-6984311C208B} - System32\Tasks\DealPlyLiveUpdateTaskMachineUA => C:\Program Files\DealPlyLive\Update\DealPlyLive.exe [2013-08-14] (DealPly Technologies Ltd)
Task: {33183586-A44E-483E-90A4-E1D69EB4DA2B} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\MpCmdRun.exe No File
Task: {3B4525C7-8A33-4F6C-9F3F-967057E4EA5A} - System32\Tasks\Dealply => C:\Users\Andreas\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE [2013-04-12] ()
Task: {49F63648-BB81-40B2-8D22-03132E7711A3} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe No File
Task: {521E3475-5BA6-4354-850E-C0159AC82230} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {694C2FB4-C5F2-4C9F-961A-EBBF0A4839C9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {6CCF3FD5-9549-4DEE-93C7-1922B24E0E41} - System32\Tasks\DSite => C:\Users\Andreas\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE [2013-08-14] ()
Task: {7B5497B0-A459-4EC9-AF04-0092544646B9} - System32\Tasks\DealPlyLiveUpdateTaskMachineCore => C:\Program Files\DealPlyLive\Update\DealPlyLive.exe [2013-08-14] (DealPly Technologies Ltd)
Task: {8D36F3E0-EAB5-4466-B629-3C65003679FD} - System32\Tasks\DealPlyUpdate => C:\Program No File
Task: {9C19363A-1688-47F8-B20E-7D08337EE007} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe No File
Task: {A447371F-CA08-456D-B160-DAC264FE5D3C} - System32\Tasks\QtraxPlayer => C:\Program Files\Microsoft Silverlight\sllauncher.exe [2013-05-13] (Microsoft Corporation)
Task: {B763684E-7295-40AA-9EE2-DAF61740F9D4} - System32\Tasks\EPUpdater => C:\Users\Andreas\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [2013-08-04] ()
Task: {C2B39372-E7F0-43B5-A657-7C4C2F51729D} - System32\Tasks\BrowserProtect => C:\Windows\system32\sc.exe [2009-07-14] (Microsoft Corporation)
Task: {C3AC2A95-68AB-4509-A22B-3CF5D606A88D} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {CF38E589-331C-4639-B563-97D68162FBB4} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {F257198F-7B9C-4022-A3AC-3DF15EFD7487} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe No File
Task: {F7D7E18C-C106-405B-BCF8-233FA1F1FCEA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe No File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Dealply.job => C:\Users\Andreas\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job => C:\Program Files\DealPlyLive\Update\DealPlyLive.exe
Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job => C:\Program Files\DealPlyLive\Update\DealPlyLive.exe
Task: C:\Windows\Tasks\DSite.job => C:\Users\Andreas\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: TuneUpUtilitiesDrv
Description: TuneUpUtilitiesDrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: TuneUpUtilitiesDrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/14/2013 02:53:00 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: taskhost.exe, Version: 6.1.7601.18010, Zeitstempel: 0x50aee407
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003224d
ID des fehlerhaften Prozesses: 0x80
Startzeit der fehlerhaften Anwendung: 0xtaskhost.exe0
Pfad der fehlerhaften Anwendung: taskhost.exe1
Pfad des fehlerhaften Moduls: taskhost.exe2
Berichtskennung: taskhost.exe3

Error: (08/14/2013 02:52:11 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path name Fehler bei der Überprüfung. Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (08/14/2013 02:52:11 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path name Fehler bei der Überprüfung. Fehler: Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (08/14/2013 02:52:11 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path name Fehler bei der Überprüfung. Fehler: Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0

Error: (08/14/2013 02:46:23 PM) (Source: MsiInstaller) (User: Andreas-PC)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\DealPlyLive\Update\1.3.23.0\GoogleUpdateHelper.msi

Error: (08/14/2013 02:46:00 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: BrowserProtect.exe, Version: 2.6.1249.132, Zeitstempel: 0x514c661b
Name des fehlerhaften Moduls: BrowserProtect.exe, Version: 2.6.1249.132, Zeitstempel: 0x514c661b
Ausnahmecode: 0x40000015
Fehleroffset: 0x00102a30
ID des fehlerhaften Prozesses: 0x1280
Startzeit der fehlerhaften Anwendung: 0xBrowserProtect.exe0
Pfad der fehlerhaften Anwendung: BrowserProtect.exe1
Pfad des fehlerhaften Moduls: BrowserProtect.exe2
Berichtskennung: BrowserProtect.exe3

Error: (08/14/2013 02:45:00 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: BrowserProtect.exe, Version: 2.6.1249.132, Zeitstempel: 0x514c661b
Name des fehlerhaften Moduls: BrowserProtect.exe, Version: 2.6.1249.132, Zeitstempel: 0x514c661b
Ausnahmecode: 0x40000015
Fehleroffset: 0x00102a30
ID des fehlerhaften Prozesses: 0x1ab4
Startzeit der fehlerhaften Anwendung: 0xBrowserProtect.exe0
Pfad der fehlerhaften Anwendung: BrowserProtect.exe1
Pfad des fehlerhaften Moduls: BrowserProtect.exe2
Berichtskennung: BrowserProtect.exe3

Error: (08/14/2013 02:44:00 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: BrowserProtect.exe, Version: 2.6.1249.132, Zeitstempel: 0x514c661b
Name des fehlerhaften Moduls: BrowserProtect.exe, Version: 2.6.1249.132, Zeitstempel: 0x514c661b
Ausnahmecode: 0x40000015
Fehleroffset: 0x00102a30
ID des fehlerhaften Prozesses: 0x1b20
Startzeit der fehlerhaften Anwendung: 0xBrowserProtect.exe0
Pfad der fehlerhaften Anwendung: BrowserProtect.exe1
Pfad des fehlerhaften Moduls: BrowserProtect.exe2
Berichtskennung: BrowserProtect.exe3

Error: (08/14/2013 02:43:00 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: BrowserProtect.exe, Version: 2.6.1249.132, Zeitstempel: 0x514c661b
Name des fehlerhaften Moduls: BrowserProtect.exe, Version: 2.6.1249.132, Zeitstempel: 0x514c661b
Ausnahmecode: 0x40000015
Fehleroffset: 0x00102a30
ID des fehlerhaften Prozesses: 0x188c
Startzeit der fehlerhaften Anwendung: 0xBrowserProtect.exe0
Pfad der fehlerhaften Anwendung: BrowserProtect.exe1
Pfad des fehlerhaften Moduls: BrowserProtect.exe2
Berichtskennung: BrowserProtect.exe3

Error: (08/14/2013 02:42:00 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: BrowserProtect.exe, Version: 2.6.1249.132, Zeitstempel: 0x514c661b
Name des fehlerhaften Moduls: BrowserProtect.exe, Version: 2.6.1249.132, Zeitstempel: 0x514c661b
Ausnahmecode: 0x40000015
Fehleroffset: 0x00102a30
ID des fehlerhaften Prozesses: 0xc4c
Startzeit der fehlerhaften Anwendung: 0xBrowserProtect.exe0
Pfad der fehlerhaften Anwendung: BrowserProtect.exe1
Pfad des fehlerhaften Moduls: BrowserProtect.exe2
Berichtskennung: BrowserProtect.exe3


System errors:
=============
Error: (08/14/2013 03:01:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BrowserProtect" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1083

Error: (08/14/2013 03:00:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BrowserProtect" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1083

Error: (08/14/2013 02:59:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BrowserProtect" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1083

Error: (08/14/2013 02:58:26 PM) (Source: NetBT) (User: )
Description: Der Name "WORKGROUP      :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.20
registriert werden. Der Computer mit IP-Adresse 192.168.178.1 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (08/14/2013 02:58:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BrowserProtect" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1083

Error: (08/14/2013 02:57:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BrowserProtect" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1083

Error: (08/14/2013 02:56:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BrowserProtect" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1083

Error: (08/14/2013 02:55:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (08/14/2013 02:55:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BrowserProtect" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1083

Error: (08/14/2013 02:54:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BrowserProtect" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1083


Microsoft Office Sessions:
=========================
Error: (01/17/2013 04:01:10 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7977 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (01/20/2011 10:49:16 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2970 seconds with 0 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 42%
Total physical RAM: 3254.53 MB
Available physical RAM: 1868.69 MB
Total Pagefile: 6507.35 MB
Available Pagefile: 4815.4 MB
Total Virtual: 2047.88 MB
Available Virtual: 1887.63 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:424.66 GB) (Free:268.09 GB) NTFS
Drive d: (Recover) (Fixed) (Total:40 GB) (Free:31.92 GB) NTFS
Drive e: (Bibi und Tina) (CDROM) (Total:4.27 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: B5FDF437)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=425 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================
         

3.) ComboFix:

Code:
ATTFilter
Combofix Logfile:
Code:
ATTFilter
ComboFix 13-08-14.01 - Andreas 14.08.2013  16:19:13.1.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3255.1969 [GMT 2:00]
ausgeführt von:: c:\users\Andreas\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\DealPly
c:\program files\DealPly\uninst.exe
c:\users\Andreas\4.0
c:\users\Andreas\Documents\~WRL0001.tmp
c:\windows\IsUn0407.exe
c:\windows\system32\tmpA746.tmp
c:\windows\system32\tmpA7B4.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-07-14 bis 2013-08-14  ))))))))))))))))))))))))))))))
.
.
2013-08-14 12:59 . 2013-08-14 12:59	--------	d-----w-	C:\FRST
2013-08-14 12:50 . 2013-08-14 12:50	--------	d-----w-	c:\users\Andreas\Qtrax
2013-08-14 12:46 . 2013-08-14 12:46	--------	d-----w-	c:\users\Andreas\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2013-08-14 12:46 . 2013-08-14 12:46	--------	d-----w-	c:\programdata\BrowserDefender
2013-08-14 12:46 . 2013-08-14 14:11	--------	d-----w-	c:\users\Andreas\AppData\Roaming\BabSolution
2013-08-14 12:46 . 2013-08-14 12:46	--------	d-----w-	c:\program files\DealPlyLive
2013-08-14 12:46 . 2013-08-14 12:46	--------	d-----w-	c:\users\Andreas\AppData\Local\DealPlyLive
2013-08-14 12:46 . 2013-08-14 12:46	--------	d-----w-	c:\programdata\DealPlyLive
2013-08-14 12:46 . 2013-08-14 12:46	--------	d-----w-	c:\program files\OpenIt
2013-08-10 19:25 . 2013-08-14 12:53	--------	d-----w-	c:\users\Andreas\AppData\Roaming\Betcat
2013-08-03 19:19 . 2013-08-03 19:19	--------	d-----w-	c:\programdata\APN
2013-08-03 19:17 . 2013-08-03 19:17	--------	d-----w-	c:\program files\Common Files\Java
2013-08-03 19:17 . 2013-08-03 19:17	867240	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-08-03 19:17 . 2013-08-03 19:17	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-08-03 19:17 . 2013-08-03 19:17	--------	d-----w-	c:\program files\Java
2013-07-30 10:13 . 2013-07-30 10:13	--------	d-----w-	c:\users\Andreas\AppData\Roaming\LaunchPad
2013-07-27 14:28 . 2013-08-10 19:02	--------	d-----w-	c:\users\Andreas\AppData\Roaming\Web Cake
2013-07-25 08:00 . 2013-08-14 12:53	--------	d-----w-	c:\users\Andreas\Tracing
2013-07-23 07:32 . 2013-07-23 07:32	--------	d-----w-	c:\users\Andreas\AppData\Roaming\digital publishing
2013-07-21 15:17 . 2013-07-21 15:17	--------	d-----w-	c:\users\Andreas\AppData\Local\PDF24
2013-07-21 15:12 . 2013-07-21 15:13	--------	d-----w-	c:\program files\PDF24
2013-07-21 15:12 . 2013-07-21 15:12	--------	d-----w-	c:\users\Andreas\AppData\Local\Programs
2013-07-18 19:24 . 2013-07-18 19:24	--------	d-----w-	c:\program files\SweetIM
2013-07-18 19:24 . 2011-05-13 23:17	479232	----a-w-	c:\windows\system32\msvcm80.dll
2013-07-18 19:24 . 2011-05-13 23:17	554832	----a-w-	c:\windows\system32\msvcp80.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-03 19:17 . 2010-05-05 11:18	789416	----a-w-	c:\windows\system32\deployJava1.dll
2013-07-03 20:16 . 2013-07-03 20:16	745472	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-07-03 20:16 . 2013-07-03 20:16	73728	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-07-03 20:16 . 2013-07-03 20:16	523264	----a-w-	c:\windows\system32\vbscript.dll
2013-07-03 20:16 . 2013-07-03 20:16	38400	----a-w-	c:\windows\system32\imgutil.dll
2013-07-03 20:16 . 2013-07-03 20:16	185344	----a-w-	c:\windows\system32\elshyph.dll
2013-07-03 20:16 . 2013-07-03 20:16	158720	----a-w-	c:\windows\system32\msls31.dll
2013-07-03 20:16 . 2013-07-03 20:16	150528	----a-w-	c:\windows\system32\iexpress.exe
2013-07-03 20:16 . 2013-07-03 20:16	138752	----a-w-	c:\windows\system32\wextract.exe
2013-07-03 20:16 . 2013-07-03 20:16	137216	----a-w-	c:\windows\system32\ieUnatt.exe
2013-07-03 20:16 . 2013-07-03 20:16	12800	----a-w-	c:\windows\system32\mshta.exe
2013-07-03 20:16 . 2013-07-03 20:16	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-07-03 20:16 . 2013-07-03 20:16	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-07-03 20:16 . 2013-07-03 20:16	719360	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-07-03 20:16 . 2013-07-03 20:16	61952	----a-w-	c:\windows\system32\tdc.ocx
2013-07-03 20:16 . 2013-07-03 20:16	361984	----a-w-	c:\windows\system32\html.iec
2013-07-03 20:16 . 2013-07-03 20:16	23040	----a-w-	c:\windows\system32\licmgr10.dll
2013-07-03 20:16 . 2013-07-03 20:16	1441280	----a-w-	c:\windows\system32\inetcpl.cpl
2013-07-03 20:15 . 2013-07-03 20:15	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-03 20:15 . 2013-07-03 20:15	906240	----a-w-	c:\windows\system32\FntCache.dll
2013-07-03 20:15 . 2013-07-03 20:15	604160	----a-w-	c:\windows\system32\d3d10level9.dll
2013-07-03 20:15 . 2013-07-03 20:15	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-03 20:15 . 2013-07-03 20:15	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-03 20:15 . 2013-07-03 20:15	417792	----a-w-	c:\windows\system32\WMPhoto.dll
2013-07-03 20:15 . 2013-07-03 20:15	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-03 20:15 . 2013-07-03 20:15	364544	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-07-03 20:15 . 2013-07-03 20:15	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-03 20:15 . 2013-07-03 20:15	3419136	----a-w-	c:\windows\system32\d2d1.dll
2013-07-03 20:15 . 2013-07-03 20:15	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-03 20:15 . 2013-07-03 20:15	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-03 20:15 . 2013-07-03 20:15	293376	----a-w-	c:\windows\system32\dxgi.dll
2013-07-03 20:15 . 2013-07-03 20:15	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-03 20:15 . 2013-07-03 20:15	249856	----a-w-	c:\windows\system32\d3d10_1core.dll
2013-07-03 20:15 . 2013-07-03 20:15	2284544	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2013-07-03 20:15 . 2013-07-03 20:15	220160	----a-w-	c:\windows\system32\d3d10core.dll
2013-07-03 20:15 . 2013-07-03 20:15	207872	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2013-07-03 20:15 . 2013-07-03 20:15	1988096	----a-w-	c:\windows\system32\d3d10warp.dll
2013-07-03 20:15 . 2013-07-03 20:15	187392	----a-w-	c:\windows\system32\UIAnimation.dll
2013-07-03 20:15 . 2013-07-03 20:15	161792	----a-w-	c:\windows\system32\d3d10_1.dll
2013-07-03 20:15 . 2013-07-03 20:15	1158144	----a-w-	c:\windows\system32\XpsPrint.dll
2013-07-03 20:15 . 2013-07-03 20:15	1080832	----a-w-	c:\windows\system32\d3d10.dll
2013-07-03 20:15 . 2013-07-03 20:15	10752	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-11 23:43 . 2013-07-10 23:00	1767936	----a-w-	c:\windows\system32\wininet.dll
2013-06-11 23:43 . 2013-07-10 23:00	2877440	----a-w-	c:\windows\system32\jscript9.dll
2013-06-11 23:42 . 2013-07-10 23:00	61440	----a-w-	c:\windows\system32\iesetup.dll
2013-06-11 23:42 . 2013-07-10 23:00	109056	----a-w-	c:\windows\system32\iesysprep.dll
2013-06-11 22:51 . 2013-07-10 23:00	71680	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2013-06-11 20:47 . 2012-08-18 13:14	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-11 20:47 . 2012-08-18 13:14	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-06-07 02:37 . 2013-07-10 23:00	2706432	----a-w-	c:\windows\system32\mshtml.tlb
2013-06-05 03:05 . 2013-07-10 06:00	2347520	----a-w-	c:\windows\system32\win32k.sys
2013-06-04 04:53 . 2013-07-10 06:00	509440	----a-w-	c:\windows\system32\qedit.dll
2013-05-18 09:30 . 2009-07-14 02:05	152576	----a-w-	c:\windows\system32\msclmd.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WebCake Desktop"="c:\users\Andreas\AppData\Roaming\Betcat\WebCakeDesktop.exe" [2013-08-10 52504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-23 9177632]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-04-23 1423904]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2009-12-14 200704]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2009-12-11 348960]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2010-01-13 413696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-11 1594664]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-15 14830184]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"MailCheck IE Broker"="c:\program files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe" [2013-02-04 1513536]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2013-06-10 162856]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-05-18 280576]
.
c:\users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
t@x aktuell.lnk - c:\program files\tax Steuersoftware 2013\taxaktuell.exe [2013-1-28 542800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\BROWSE~1\261249~1.132\{C16C1~1\BrowserProtect.dll c:\windows\System32\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 BrowserProtect;BrowserProtect;c:\programdata\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-03-22 2787280]
R2 dealplylive;DealPly Live-Dienst (dealplylive);c:\program files\DealPlyLive\Update\DealPlyLive.exe [2013-08-14 148000]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2013-02-05 233472]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 dealplylivem;DealPly Live-Dienst (dealplylivem);c:\program files\DealPlyLive\Update\DealPlyLive.exe [2013-08-14 148000]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2013-02-05 37344]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 netr28u;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 295232]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-24 191008]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [x]
R4 WebCake Desktop Updater;WebCake Desktop Updater;c:\program files\WebCake\WebCakeDesktop.Updater.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-05-10 37352]
S1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys [2012-09-03 35064]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 100328]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [2013-01-28 1724192]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-10 2320920]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 132352]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-03-04 67624]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-01-19 996896]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2009-10-22 118560]
S3 X10Hid;X10 Hid Device;c:\windows\System32\Drivers\x10hid.sys [2009-05-13 13720]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-18 20:47]
.
2013-08-14 c:\windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
- c:\program files\DealPlyLive\Update\DealPlyLive.exe [2013-08-14 12:46]
.
2013-08-14 c:\windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
- c:\program files\DealPlyLive\Update\DealPlyLive.exe [2013-08-14 12:46]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=1C311C4BD6E53C5C&affID=119357&tsp=4974
mStart Page = hxxp://mysearch.sweetpacks.com/?src=10&st=12&crg=3.5000006.10053&barid={98D8D4D2-EFDF-11E2-BB4A-00262DBF7A31}
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=522ddc99-27d1-49b8-964b-e03a4788c02d&searchtype=ds&q={searchTerms}&installDate={installDate}
IE: Free YouTube to MP3 Converter - c:\users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.178.1
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - 
FF - ProfilePath - c:\users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\pr6083ft.default-1374563393628\
FF - ExtSQL: 2013-07-23 09:32; dplauncher@digitalpublishing.de; c:\users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\pr6083ft.default-1374563393628\extensions\dplauncher@digitalpublishing.de
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - 1c317b490000000000001c4bd6e53c5c
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15931
FF - user.js: extensions.delta.vrsn - 1.8.22.0
FF - user.js: extensions.delta.vrsni - 1.8.22.0
FF - user.js: extensions.delta.vrsnTs - 1.8.22.014:46
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119357&tsp=4974
FF - user.js: extensions.delta_i.babExt - 
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\prxConduitEngine.dll
BHO-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\DVDVideoSoftTB\prxtbDVDV.dll
Toolbar-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\DVDVideoSoftTB\prxtbDVDV.dll
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\prxConduitEngine.dll
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - c:\program files\DVDVideoSoftTB\prxtbDVDV.dll
WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
HKCU-Run-Device Detection - c:\program files\Lidl_Fotos\dd.exe
HKCU-Run-Browser Infrastructure Helper - c:\users\Andreas\AppData\Local\Smartbar\Application\SnapDo.exe
HKLM-Run-LMgrOSD - c:\program files\Launch Manager\OSDCtrl.exe
HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe
HKLM-Run-QuickTime Task - c:\program files\QuickTime\QTTask.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Windows Live Mail.lnk - c:\program files\Windows Live\Mail\wlmail.exe
SafeBoot-BsScanner
AddRemove-Blacksails - c:\program files\Blacksails\uninstall.exe
AddRemove-CanonMyPrinter - c:\program files\Canon\MyPrinter\uninst.exe
AddRemove-conduitEngine - c:\progra~1\CONDUI~1\ConduitEngineUninstall.exe
AddRemove-FormatFactory - c:\program files\FreeTime\FormatFactory\uninst.exe
AddRemove-Free Audio CD Burner_is1 - c:\program files\DVDVideoSoft\Free Audio CD Burner\unins000.exe
AddRemove-InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D} - c:\program files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\Setup.exe
AddRemove-InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79} - c:\program files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe
AddRemove-InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658} - c:\program files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe
AddRemove-InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243} - c:\program files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe
AddRemove-InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1} - c:\program files\InstallShield Installation Information\{E3D04529-6EDB-11D8-A372-0050BAE317E1}\Setup.exe
AddRemove-Jack Keane - c:\program files\10TACLE STUDIOS\Jack Keane\uninstall.exe
AddRemove-KLiteCodecPack_is1 - c:\program files\K-Lite Codec Pack\unins000.exe
AddRemove-Microsoft Security Client - c:\program files\Microsoft Security Client\Setup.exe
AddRemove-NVIDIA.Updatus - c:\program files\InstallShield Installation Information\{7357286A-CBE7-4F4A-BABC-EC4B3DD63862}\setup.exe
AddRemove-PI1783_ArbZFuehr - c:\windows\IsUn0407.exe
AddRemove-Ravensburger tiptoi - c:\program files\Ravensburger tiptoi\uninstall.exe
AddRemove-WinLiveSuite - c:\program files\Windows Live\Installer\wlarp.exe
AddRemove-WinRAR archiver - c:\program files\WinRAR\uninstall.exe
AddRemove-{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D} - c:\program files\PDFCreator\unins000.exe
AddRemove-{01FB4998-33C4-4431-85ED-079E3EEFE75D} - c:\program files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\Setup.exe
AddRemove-{0E806605-5B82-4A4F-BC31-AA4FADA03C42} - c:\program files\InstallShield Installation Information\{0E806605-5B82-4A4F-BC31-AA4FADA03C42}\Setup.exe
AddRemove-{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79} - c:\program files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe
AddRemove-{3108C217-BE83-42E4-AE9E-A56A2A92E549} - c:\program files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe
AddRemove-{3E29EE6C-963A-4aae-86C1-DC237C4A49FC} - c:\program files\Intel\Intel(R) Rapid Storage Technology\Uninstall\setup.exe
AddRemove-{40BF1E83-20EB-11D8-97C5-0009C5020658} - c:\program files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe
AddRemove-{4C97EED6-997E-4DF6-9753-21ED4AC1E763} - c:\program files\InstallShield Installation Information\{4C97EED6-997E-4DF6-9753-21ED4AC1E763}\setup.exe
AddRemove-{65153EA5-8B6E-43B6-857B-C6E4FC25798A} - c:\program files\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe
AddRemove-{6737F045-A91A-4177-9C8C-59460FC1C84D} - c:\program files\InstallShield Installation Information\{6737F045-A91A-4177-9C8C-59460FC1C84D}\Setup.exe
AddRemove-{7E265513-8CDA-4631-B696-F40D983F3B07}_is1 - c:\program files\CDBurnerXP\unins000.exe
AddRemove-{96AE7E41-E34E-47D0-AC07-1091A8127911} - c:\program files\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\setup.exe
AddRemove-{9D3D8C60-A55F-4fed-B2B9-173F09590E16} - c:\program files\InstallShield Installation Information\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}\Install.exe
AddRemove-{B0414A3B-3AE3-47B8-8FC0-2129781FF425} - c:\program files\InstallShield Installation Information\{B0414A3B-3AE3-47B8-8FC0-2129781FF425}\Setup.exe
AddRemove-{C59C179C-668D-49A9-B6EA-0121CCFC1243} - c:\program files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe
AddRemove-{D0846526-66DD-4DC9-A02C-98F9A2806812} - c:\program files\InstallShield Installation Information\{D0846526-66DD-4DC9-A02C-98F9A2806812}\setup.exe
AddRemove-{E3D04529-6EDB-11D8-A372-0050BAE317E1} - c:\program files\InstallShield Installation Information\{E3D04529-6EDB-11D8-A372-0050BAE317E1}\Setup.exe
AddRemove-{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA} - c:\program files\Intel\Intel(R) Graphics Media Accelerator Driver\Uninstall\setup.exe
AddRemove-MyFreeCodec - c:\program files\MyFree Codec\1.0b beta\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-08-14  16:31:50
ComboFix-quarantined-files.txt  2013-08-14 14:31
.
Vor Suchlauf: 10 Verzeichnis(se), 287.832.506.368 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 288.496.668.672 Bytes frei
.
- - End Of File - - DE06567292D6B445FDB3FF636AB20B13
         
--- --- --- 8A1C59E4DFEF87510470928550466632

Vielen Dank vorab für Deine Hilfe.

Escado
__________________

Alt 14.08.2013, 19:52   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Probleme durch Webcake - Standard

Probleme durch Webcake



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.08.2013, 13:06   #5
escado
 
Probleme durch Webcake - Standard

Probleme durch Webcake



Hallo,

jetzt gehts weiter.

Malwarebytes Anti-Malware :

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.14.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16635
Andreas :: ANDREAS-PC [Administrator]

Schutz: Aktiviert

14.08.2013 21:21:00
MBAM-log-2013-08-14 (22-43-09).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 245794
Laufzeit: 7 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 6
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38} (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
HKCR\WebCakeIEClient.Api (PUP.WebCake) -> Keine Aktion durchgeführt.
HKCR\WebCakeIEClient.Api.1 (PUP.WebCake) -> Keine Aktion durchgeführt.
HKCR\AppID\WebCakeIEClient.DLL (PUP.WebCake) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh (PUP.WebCake) -> Keine Aktion durchgeführt.
HKLM\SYSTEM\CurrentControlSet\Services\WebCake Desktop Updater (PUP.WebCake) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|WebCake Desktop (PUP.WebCake.A) -> Daten: C:\Users\Andreas\AppData\Roaming\Betcat\WebCakeDesktop.exe -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions\{DEDAF650-12B8-48f5-A843-BBA100716106} (PUP.SweetIM) -> Daten:  -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|{DEDAF650-12B8-48f5-A843-BBA100716106} (PUP.SweetIM) -> Daten: C:\Program Files\Updater By Sweetpacks\Firefox -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bösartig: (hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=1C311C4BD6E53C5C&affID=119357&tsp=4974) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 21
C:\Users\Andreas\AppData\Roaming\WebCake (PUP.WebCake) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Roaming\WebCake\dat (PUP.WebCake) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Roaming\WebCake\dat\update (PUP.WebCake) -> Keine Aktion durchgeführt.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38} (PUP.WebCake) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1519.190 (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8} (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\ProgramData\DealPlyLive (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt.
C:\ProgramData\DealPlyLive\Update (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt.
C:\ProgramData\DealPlyLive\Update\Log (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Roaming\Dealply (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Roaming\Dealply\UpdateProc (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt.
C:\Program Files\DealPlyLive (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt.
C:\Program Files\DealPlyLive\CrashReports (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Roaming\BabSolution (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Roaming\BabSolution\Shared (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt.

Infizierte Dateien: 51
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Roaming\Betcat\WebCakeDesktop.exe (PUP.WebCake.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.exe (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Roaming\BabSolution\Shared\NTRedirect.dll (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Roaming\Web Cake\WebCakeDesktop.exe (PUP.WebCake.A) -> Keine Aktion durchgeführt.
C:\Users\Andreas\Desktop\pcpholasetup.exe (PUP.Optional.InstallBrain) -> Keine Aktion durchgeführt.
C:\Users\Andreas\Desktop\SoftonicDownloader_fuer_samsung-kies.exe (PUP.Optional.Softonic) -> Keine Aktion durchgeführt.
C:\Users\Andreas\Desktop\FileConverter_1.3.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Andreas\Downloads\Setup(1).exe (PUP.Optional.Solimba) -> Keine Aktion durchgeführt.
C:\Users\Andreas\Downloads\Setup.exe (PUP.Optional.Solimba) -> Keine Aktion durchgeführt.
C:\Users\Andreas\Downloads\SoftonicDownloader_fuer_format-factory.exe (PUP.Optional.Softonic) -> Keine Aktion durchgeführt.
C:\Users\Public\Downloads\myphoneexplorer(1).exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Windows\Installer\1b6e42.msi (PUP.Optional.SweetIM) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Roaming\WebCake\PlugIns.cache (PUP.WebCake) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Roaming\WebCake\WebCakeDesktop.exe (PUP.WebCake) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Roaming\WebCake\dat\Desktop.OS.dll (PUP.WebCake) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Roaming\WebCake\dat\Desktop.OS.Plugin.dll (PUP.WebCake) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Roaming\WebCake\dat\Maintain.dat (PUP.WebCake) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Roaming\WebCake\dat\Paladin.dat (PUP.WebCake) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Roaming\WebCake\dat\Phoenix.dat (PUP.WebCake) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Roaming\WebCake\dat\sqlite3.dll (PUP.WebCake) -> Keine Aktion durchgeführt.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.ico (PUP.WebCake) -> Keine Aktion durchgeführt.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setup.dll (PUP.WebCake) -> Keine Aktion durchgeführt.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll (PUP.WebCake) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.settings (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00 (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01 (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02 (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03 (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10 (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11 (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12 (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13 (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20 (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21 (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22 (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23 (PUP.Optional.BrowserDefender.A) -> Keine Aktion durchgeführt.
C:\ProgramData\DealPlyLive\Update\Log\DealPlyLive.log (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Roaming\Dealply\UpdateProc\config.dat (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt.
C:\Users\Andreas\AppData\Roaming\Dealply\UpdateProc\TTL.DAT (PUP.Optional.DealPly.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.

(Ende)
         

AdwCleaner:

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.306 - Datei am 16/08/2013 um 20:05:10 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Andreas - ANDREAS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Andreas\Downloads\adwcleaner(3).exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : BrowserProtect
Gestoppt & Gelöscht : WebCake Desktop Updater

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\pr6083ft.default-1374563393628\searchplugins\ask-search.xml
Datei Gelöscht : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\pr6083ft.default-1374563393628\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\Andreas\Desktop\eBay.lnk
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files\DealPlyLive
Ordner Gelöscht : C:\Program Files\SweetIM
Ordner Gelöscht : C:\ProgramData\APN
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\ProgramData\DealPlyLive
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Andreas\AppData\Local\DealPlyLive
Ordner Gelöscht : C:\Users\Andreas\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Andreas\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\Andreas\AppData\LocalLow\delta
Ordner Gelöscht : C:\Users\Andreas\AppData\LocalLow\DVDVideoSoftTB
Ordner Gelöscht : C:\Users\Andreas\AppData\LocalLow\SweetIM
Ordner Gelöscht : C:\Users\Andreas\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\Andreas\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Andreas\AppData\Roaming\DealPly
Ordner Gelöscht : C:\Users\Andreas\AppData\Roaming\DSite
Ordner Gelöscht : C:\Users\Andreas\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Ordner Gelöscht : C:\Users\Andreas\AppData\Roaming\WebCake

***** [Registrierungsdatenbank] *****

Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\PROGRA~2\BROWSE~1\261249~1.132\{C16C1~1\BrowserProtect.dll
Schlüssel Gelöscht : HKCU\Software\5a55ddd8b36ee848
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Schlüssel Gelöscht : HKCU\Software\SmartbarBackup
Schlüssel Gelöscht : HKCU\Software\SmartbarLog
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\5a55ddd8b36ee848
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WebCakeIEClient.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ACE7775E-C166-490E-85E5-52BB3CBDF8C2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WebCakeIEClient.Api
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WebCakeIEClient.Api.1
Schlüssel Gelöscht : HKLM\Software\conduitEngine
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{43A78CF5-73A2-430E-841E-CAE8EE98378F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{73D423FA-2D8B-477B-99FB-13DC5B0403A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B681C359-393C-41A6-9536-91E46E5C94CF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_winrar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_winrar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ACE7775E-C166-490E-85E5-52BB3CBDF8C2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WebCake Desktop]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16660

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=1C311C4BD6E53C5C&affID=119357&tsp=4974 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - bProtectTabs] = hxxp://www.delta-search.com/?affID=121845&babsrc=NT_ss&mntrId=1C311C4BD6E53C5C --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=522ddc99-27d1-49b8-964b-e03a4788c02d&searchtype=ds&q={searchTerms}&installDate={installDate} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=522ddc99-27d1-49b8-964b-e03a4788c02d&searchtype=ds&q={searchTerms}&installDate={installDate} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=522ddc99-27d1-49b8-964b-e03a4788c02d&searchtype=ds&q={searchTerms}&installDate={installDate} --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mysearch.sweetpacks.com/?src=10&st=12&crg=3.5000006.10053&barid={98D8D4D2-EFDF-11E2-BB4A-00262DBF7A31} --> hxxp://www.google.com

-\\ Mozilla Firefox v23.0 (en-US)

Datei : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\pr6083ft.default-1374563393628\prefs.js

C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\pr6083ft.default-1374563393628\user.js ... Gelöscht !

Gelöscht : user_pref("extensions.delta.admin", false);
Gelöscht : user_pref("extensions.delta.aflt", "babsst");
Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Gelöscht : user_pref("extensions.delta.dfltLng", "de");
Gelöscht : user_pref("extensions.delta.excTlbr", false);
Gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Gelöscht : user_pref("extensions.delta.id", "1c317b490000000000001c4bd6e53c5c");
Gelöscht : user_pref("extensions.delta.instlDay", "15931");
Gelöscht : user_pref("extensions.delta.instlRef", "sst");
Gelöscht : user_pref("extensions.delta.newTab", false);
Gelöscht : user_pref("extensions.delta.prdct", "delta");
Gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Gelöscht : user_pref("extensions.delta.rvrt", "false");
Gelöscht : user_pref("extensions.delta.smplGrp", "none");
Gelöscht : user_pref("extensions.delta.tlbrId", "base");
Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.delta.vrsn", "1.8.22.0");
Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.22.014:46:28");
Gelöscht : user_pref("extensions.delta.vrsni", "1.8.22.0");
Gelöscht : user_pref("extensions.delta_i.babExt", "");
Gelöscht : user_pref("extensions.delta_i.babTrack", "affID=119357&tsp=4974");
Gelöscht : user_pref("extensions.delta_i.srcExt", "ss");

*************************

AdwCleaner[S1].txt - [14095 octets] - [16/08/2013 20:05:10]

########## EOF - C:\AdwCleaner[S1].txt - [14156 octets] ##########
         
--- --- ---

[/CODE]


Junkware Removal Tool:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.6 (08.15.2013:1)
OS: Windows 7 Home Premium x86
Ran by Andreas on 16.08.2013 at 20:11:49,05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted [Registry Value] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\bProtectTabs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dealplylive
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\powerpack
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dealplylive
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricegong_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\pricegong_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DEALPL~1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DEALPL~1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_avira-antivir-professional_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_avira-antivir-professional_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_format-factory_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_format-factory_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_guard-bar[1]_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_guard-bar[1]_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_samsung-kies_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_samsung-kies_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_youtube-song-downloader_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_fuer_youtube-song-downloader_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\softonic_chr_1-8-16-10_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\softonic_chr_1-8-16-10_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_chr_1-8-8-11_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_chr_1-8-8-11_RASMANCS



~~~ Files

Successfully deleted: [File] C:\Windows\System32\Tasks\browserprotect
Successfully deleted: [File] C:\Windows\System32\Tasks\qtraxplayer
Successfully deleted: [File] "C:\Windows\system32\authuitu.dll"
Successfully deleted: [File] "C:\Windows\system32\turegopt.exe"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Andreas\AppData\Roaming\web cake"
Successfully deleted: [Folder] "C:\Program Files\openit"
Successfully deleted: [Folder] "C:\Users\Andreas\Qtrax"



~~~ FireFox

Successfully deleted: [File] C:\Users\Andreas\AppData\Roaming\mozilla\firefox\profiles\pr6083ft.default-1374563393628\invalidprefs.js
Successfully deleted the following from C:\Users\Andreas\AppData\Roaming\mozilla\firefox\profiles\pr6083ft.default-1374563393628\prefs.js

user_pref("extensions.crossrider.bic", "1400f90adcebdc0c0599c6be0c118e43");
Emptied folder: C:\Users\Andreas\AppData\Roaming\mozilla\firefox\profiles\pr6083ft.default-1374563393628\minidumps [26 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.08.2013 at 20:14:22,68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-08-2013 01
Ran by Andreas (administrator) on 16-08-2013 20:35:52
Running from C:\Users\Andreas\Downloads
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(X10) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(1und1 Mail und Media GmbH) C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Farbar) C:\Users\Andreas\Downloads\FRST(1).exe

==================== Registry (Whitelisted) ==================
         
Seit heute morgen fährt zwar der Rechner inkl. Windows hoch, aber dann bleibt der Bildschirm schwarz. Nur der Mauszeiger ist zu sehen.


Alt 18.08.2013, 10:29   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Probleme durch Webcake - Standard

Probleme durch Webcake



Kannst den Taskmanager mit Strg+Alt+Entf starten?
__________________
--> Probleme durch Webcake

Alt 18.08.2013, 19:42   #7
escado
 
Probleme durch Webcake - Standard

Probleme durch Webcake



Leider nein. Ich habe mit Windows-CD und der Reparatureinstellung eine Wiederherstellung durchgeführt. Jetzt fährt Windows wieder hoch.

Alt 19.08.2013, 08:10   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Probleme durch Webcake - Standard

Probleme durch Webcake



Ok, poste bitte ein frisches FRST log.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.08.2013, 09:50   #9
escado
 
Probleme durch Webcake - Standard

Probleme durch Webcake



Hier das frische FRST log:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-08-2013
Ran by Andreas (administrator) on 19-08-2013 10:47:56
Running from C:\Users\Andreas\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Comodo Security Solutions Inc.) C:\Program Files\Common Files\COMODO\launcher_service.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
() C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(X10) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
() C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(1und1 Mail und Media GmbH) C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Bake Cake) C:\Users\Andreas\AppData\Roaming\Betcat\WebCakeDesktop.exe
() C:\Users\Andreas\Qtrax\Player\Notification.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9177632 2010-04-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1423904 2010-04-23] (Realtek Semiconductor)
HKLM\...\Run: [HotkeyApp] - C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM\...\Run: [LMgrVolOSD] - C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.)
HKLM\...\Run: [LMgrOSD] - "C:\Program Files\Launch Manager\OSDCtrl.exe" [x]
HKLM\...\Run: [Wbutton] - C:\Program Files\Launch Manager\Wbutton.exe [413696 2010-01-13] (Wistron Corp.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-11] (Synaptics Incorporated)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [14830184 2010-04-15] (NVIDIA Corporation)
HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2516296 2010-03-25] (CANON INC.)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey [x] <===== ATTENTION (File name is altered)
HKLM\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime [x]
HKLM\...\Run: [MailCheck IE Broker] - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [1513536 2013-02-04] (1und1 Mail und Media GmbH)
HKLM\...\Run: [gbrspcontrol] - C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-04-17] (Comodo Security Solutions, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-06-10] (Geek Software GmbH)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKCU\...\Run: [Device Detection] - C:\Program Files\Lidl_Fotos\dd.exe [x]
HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [x]
HKCU\...\Run: [Browser Infrastructure Helper] - C:\Users\Andreas\AppData\Local\Smartbar\Application\SnapDo.exe startup [x]
HKCU\...\Run: [WebCake Desktop] - C:\Users\Andreas\AppData\Roaming\Betcat\WebCakeDesktop.exe [52504 2013-08-10] (Bake Cake)
HKCU\...\Run: [NTRedirect] - C:\Users\Andreas\AppData\Roaming\BabSolution\Shared\NTRedirect.dll [127472 2013-08-04] () <===== ATTENTION
HKCU\...\Run: [QtraxNotification] - C:\Users\Andreas\Qtrax\Player\Notification.exe [118568 2013-08-14] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\Comodo\GeekBuddy\launcher.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\t@x aktuell.lnk
ShortcutTarget: t@x aktuell.lnk -> C:\Program Files\tax Steuersoftware 2013\taxaktuell.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Live Mail.lnk
ShortcutTarget: Windows Live Mail.lnk -> C:\Program Files\Windows Live\Mail\wlmail.exe (No File)
Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=522ddc99-27d1-49b8-964b-e03a4788c02d&searchtype=ds&q={searchTerms}&installDate={installDate}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=1C311C4BD6E53C5C&affID=119357&tsp=4974
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=522ddc99-27d1-49b8-964b-e03a4788c02d&searchtype=ds&q={searchTerms}&installDate={installDate}
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=1C311C4BD6E53C5C&affID=119357&tsp=4974
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mysearch.sweetpacks.com/?src=10&st=12&crg=3.5000006.10053&barid={98D8D4D2-EFDF-11E2-BB4A-00262DBF7A31}
SearchScopes: HKLM - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://mysearch.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10053&barid={98D8D4D2-EFDF-11E2-BB4A-00262DBF7A31}
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://mysearch.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10053&barid={98D8D4D2-EFDF-11E2-BB4A-00262DBF7A31}
SearchScopes: HKCU - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://mysearch.sweetpacks.com?src=6&q={searchTerms}&barid={98D8D4D2-EFDF-11E2-BB4A-00262DBF7A31}&crg=3.5000006.10053&st=23
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=522ddc99-27d1-49b8-964b-e03a4788c02d&searchtype=ds&q={searchTerms}&installDate={installDate}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=1C311C4BD6E53C5C&affID=119357&tsp=4974
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://mysearch.sweetpacks.com?src=6&q={searchTerms}&barid={98D8D4D2-EFDF-11E2-BB4A-00262DBF7A31}&crg=3.5000006.10053&st=23
SearchScopes: HKCU - ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ*´Ñ;áa´[¦†8*º~RÙxœòÜ8'£-)x*ä* URL = 
BHO: WebCake - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files\WebCake\WebCakeIEClient.dll No File
BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
BHO: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll No File
BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.22.0\bh\delta.dll (Delta-search.com)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll No File
Toolbar: HKLM - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
Toolbar: HKLM - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll No File
Toolbar: HKLM - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.22.0\deltaTlbr.dll (Delta-search.com)
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
Toolbar: HKCU -DVDVideoSoftTB Toolbar - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll No File
Toolbar: HKCU -No Name - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} -  No File
Toolbar: HKCU -No Name - {7F4D8DE6-AC92-4A13-9DE9-F360736F2464} -  No File
Toolbar: HKCU -WEB.DE MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll No File
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {28B66320-9687-4B13-8757-36F901887AB5} hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/canvasx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL No File
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll No File
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\pr6083ft.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{DEDAF650-12B8-48f5-A843-BBA100716106}] C:\Program Files\Updater By Sweetpacks\Firefox

========================== Services (Whitelisted) =================

R2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2847696 2013-07-26] ()
S2 BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2787280 2013-03-22] ()
R2 CLPSLauncher; C:\Program Files\Common Files\COMODO\launcher_service.exe [70344 2013-04-17] (Comodo Security Solutions Inc.)
S2 GeekBuddyRSP; C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-04-17] (Comodo Security Solutions, Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
R2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [1800808 2010-04-15] (NVIDIA Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1724192 2013-01-28] (TuneUp Software)
S4 WebCake Desktop Updater; C:\Users\Andreas\AppData\Roaming\WebCake\WebCakeDesktop.exe [47896 2013-05-31] (WebCake LLC)
R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-22] (Wistron Corp.)
R2 x10nets; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [20480 2009-11-07] (X10)
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [x]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [x]
S3 gusvc; "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" [x]
S2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [x]

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-05-16] ()
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-05-10] (Avira Operations GmbH & Co. KG)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [35064 2012-09-03] (Windows (R) Win 7 DDK provider)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-02-05] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2011-05-16] ()
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [786400 2009-08-13] (DiBcom SA)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-14] (Ralink Technology Corp.)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
S3 TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-19 10:46 - 2013-08-19 10:46 - 01069895 _____ (Farbar) C:\Users\Andreas\Downloads\FRST(2).exe
2013-08-18 08:15 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-18 08:15 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-18 08:15 - 2013-07-26 05:13 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-18 08:15 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-18 08:15 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-18 08:15 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-18 08:15 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-18 08:15 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-18 08:15 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-18 08:15 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-18 08:15 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-18 08:15 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-18 08:15 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-18 08:15 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-18 08:15 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-18 08:15 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-17 22:19 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-17 22:19 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-17 22:19 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-17 22:19 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-17 22:19 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-17 22:19 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-17 22:19 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-17 22:19 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-17 22:18 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-17 22:18 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-17 22:17 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-17 22:17 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-17 22:11 - 2013-08-17 22:11 - 00000000 ____D C:\ProgramData\DealPlyLive
2013-08-16 20:36 - 2013-08-16 20:42 - 00035799 _____ C:\Users\Andreas\Downloads\FRST.txt
2013-08-16 20:14 - 2013-08-16 20:14 - 00005104 _____ C:\Users\Andreas\Desktop\JRT.txt
2013-08-16 20:10 - 2013-08-16 20:10 - 00014226 _____ C:\Users\Andreas\Desktop\AdwCleaner[S1].txt
2013-08-16 20:05 - 2013-08-16 20:05 - 00014226 _____ C:\AdwCleaner[S1].txt
2013-08-16 11:14 - 2013-08-19 08:16 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 17:13 - 2013-08-15 17:13 - 00000000 ____D C:\Users\Andreas\Desktop\MS
2013-08-14 21:18 - 2013-08-17 23:07 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-14 21:18 - 2013-08-14 21:18 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Malwarebytes
2013-08-14 21:18 - 2013-08-14 21:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-14 16:31 - 2013-08-14 16:31 - 00023019 _____ C:\ComboFix.txt
2013-08-14 16:17 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-14 16:16 - 2013-08-14 16:31 - 00000000 ____D C:\Qoobox
2013-08-14 15:01 - 2013-08-14 15:01 - 00023227 _____ C:\Users\Andreas\Downloads\Addition.txt
2013-08-14 14:59 - 2013-08-14 14:59 - 00000000 ____D C:\FRST
2013-08-14 14:58 - 2013-08-14 14:58 - 01068807 _____ (Farbar) C:\Users\Andreas\Downloads\FRST.exe
2013-08-14 14:58 - 2013-08-14 14:58 - 01068807 _____ (Farbar) C:\Users\Andreas\Downloads\FRST(1).exe
2013-08-14 14:56 - 2013-08-14 14:56 - 00000476 _____ C:\Users\Andreas\Downloads\defogger_disable.log
2013-08-14 14:56 - 2013-08-14 14:56 - 00000000 _____ C:\Users\Andreas\defogger_reenable
2013-08-14 14:55 - 2013-08-14 14:55 - 00050477 _____ C:\Users\Andreas\Downloads\Defogger.exe
2013-08-14 14:55 - 2013-08-14 14:55 - 00050477 _____ C:\Users\Andreas\Downloads\Defogger(1).exe
2013-08-14 14:50 - 2013-08-17 23:07 - 00000000 ____D C:\Users\Andreas\Qtrax
2013-08-14 14:46 - 2013-08-17 23:07 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
2013-08-14 14:46 - 2013-08-17 23:07 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\BabSolution
2013-08-14 14:46 - 2013-08-17 23:07 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-08-14 14:46 - 2013-08-17 23:07 - 00000000 ____D C:\Program Files\OpenIt
2013-08-14 14:46 - 2013-08-17 23:07 - 00000000 ____D C:\Program Files\Delta
2013-08-14 14:46 - 2013-08-17 23:07 - 00000000 ____D C:\Program Files\DealPly
2013-08-14 14:46 - 2013-08-17 22:11 - 00000000 ____D C:\Program Files\DealPlyLive
2013-08-14 14:46 - 2013-08-14 14:46 - 00001032 _____ C:\Users\Public\Desktop\Open It!.lnk
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2013-08-14 14:45 - 2013-08-14 14:45 - 00714352 _____ C:\Users\Andreas\Downloads\ZipOpenerSetup.exe
2013-08-10 21:25 - 2013-08-19 09:39 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Betcat
2013-08-10 20:58 - 2013-08-11 09:37 - 00085012 _____ C:\Windows\PFRO.log
2013-08-09 18:54 - 2013-08-09 18:54 - 00666633 _____ C:\Users\Andreas\Downloads\adwcleaner.exe
2013-08-09 16:27 - 2013-08-09 16:27 - 01067456 _____ (Solid State Networks) C:\Users\Andreas\Downloads\install_flashplayer11x32au_mssd_aaa_aih.exe
2013-08-06 21:32 - 2013-08-18 09:05 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-03 21:20 - 2013-08-03 21:20 - 00903080 _____ (Oracle Corporation) C:\Users\Andreas\Downloads\jxpiinstall(2).exe
2013-08-03 21:17 - 2013-08-03 21:17 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-03 21:17 - 2013-08-03 21:17 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-03 21:17 - 2013-08-03 21:17 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-03 21:17 - 2013-08-03 21:17 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-08-03 21:17 - 2013-08-03 21:17 - 00000000 ____D C:\Program Files\Java
2013-08-03 21:17 - 2013-08-03 21:17 - 00000000 ____D C:\Program Files\Common Files\Java
2013-08-03 21:15 - 2013-08-03 21:15 - 00903080 _____ (Oracle Corporation) C:\Users\Andreas\Downloads\jxpiinstall(1).exe
2013-08-03 21:14 - 2013-08-03 21:14 - 00903080 _____ (Oracle Corporation) C:\Users\Andreas\Downloads\jxpiinstall.exe
2013-07-30 12:13 - 2013-07-30 12:13 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\LaunchPad
2013-07-27 16:28 - 2013-08-17 23:07 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Web Cake
2013-07-27 09:34 - 2013-08-03 11:34 - 00000077 _____ C:\Users\Andreas\AppData\Roaming\WB.CFG
2013-07-25 19:22 - 2013-07-25 19:22 - 00036102 _____ C:\Users\Andreas\Desktop\D-Dimere.htm
2013-07-25 19:22 - 2013-07-25 19:22 - 00000000 ____D C:\Users\Andreas\Desktop\D-Dimere_files
2013-07-25 10:00 - 2013-08-19 09:39 - 00000000 ____D C:\Users\Andreas\Tracing
2013-07-24 07:55 - 2013-08-19 08:35 - 00003539 _____ C:\Windows\setupact.log
2013-07-24 07:55 - 2013-07-24 07:55 - 00000000 _____ C:\Windows\setuperr.log
2013-07-23 09:32 - 2013-07-23 09:32 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\digital publishing
2013-07-23 09:09 - 2013-07-23 09:10 - 00000000 ____D C:\Users\Andreas\Desktop\Old Firefox Data
2013-07-23 08:48 - 2013-07-23 08:48 - 03357912 _____ (Piriform Ltd) C:\Users\Andreas\Downloads\ccsetup403_slim.exe
2013-07-22 11:08 - 2013-07-22 11:09 - 49904760 _____ C:\Users\Andreas\Downloads\mpnx_3_0-win-3_05-ea23_2.exe
2013-07-22 09:47 - 2013-07-22 09:47 - 00277456 _____ C:\Users\Andreas\Downloads\Setup(1).exe
2013-07-21 17:17 - 2013-07-21 17:17 - 00000000 ____D C:\Users\Andreas\AppData\Local\PDF24
2013-07-21 17:12 - 2013-07-21 17:13 - 00000000 ____D C:\Program Files\PDF24
2013-07-21 17:12 - 2013-07-21 17:12 - 00001778 _____ C:\Users\Public\Desktop\PDF24 Editor.lnk
2013-07-21 17:12 - 2013-07-21 17:12 - 00001763 _____ C:\Users\Public\Desktop\PDF24 Fax.lnk
2013-07-21 17:09 - 2013-07-21 17:10 - 15905080 _____ (Geek Software GmbH                                          ) C:\Users\Andreas\Downloads\pdf24-creator-5.6.0.exe
2013-07-20 00:50 - 2013-07-22 10:33 - 00000005 _____ C:\Users\Andreas\AppData\Roaming\WBPU-Q5-TTL.DAT

==================== One Month Modified Files and Folders =======

2013-08-19 10:47 - 2013-08-19 10:47 - 01069895 _____ (Farbar) C:\Users\Andreas\Desktop\FRST.exe
2013-08-19 10:47 - 2012-08-18 15:14 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-19 10:46 - 2013-08-19 10:46 - 01069895 _____ (Farbar) C:\Users\Andreas\Downloads\FRST(2).exe
2013-08-19 10:46 - 2013-07-14 14:34 - 00000294 _____ C:\Windows\Tasks\DSite.job
2013-08-19 10:19 - 2010-05-05 12:28 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-19 10:18 - 2011-03-30 09:49 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-19 09:57 - 2010-12-09 22:04 - 01793264 _____ C:\Windows\WindowsUpdate.log
2013-08-19 09:46 - 2013-07-14 16:34 - 00000005 _____ C:\Users\Andreas\AppData\Roaming\WBPU-TTL.DAT
2013-08-19 09:39 - 2013-08-10 21:25 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Betcat
2013-08-19 09:39 - 2013-07-25 10:00 - 00000000 ____D C:\Users\Andreas\Tracing
2013-08-19 09:39 - 2011-03-30 09:49 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-19 08:43 - 2009-07-14 06:34 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-19 08:43 - 2009-07-14 06:34 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-19 08:35 - 2013-07-24 07:55 - 00003539 _____ C:\Windows\setupact.log
2013-08-19 08:35 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-19 08:23 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-19 08:19 - 2013-08-16 11:14 - 00000000 ____D C:\Windows\system32\MRT
2013-08-19 08:16 - 2010-05-05 14:57 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-19 08:16 - 2010-05-05 13:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-19 08:07 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-08-19 07:59 - 2013-06-06 23:13 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-18 11:18 - 2011-04-18 09:39 - 00000000 ____D C:\Users\Andreas\Desktop\Nicole
2013-08-18 11:13 - 2011-07-25 21:49 - 00000000 ____D C:\Users\Andreas\Documents\Bewerbungsunterlagen AK
2013-08-18 09:05 - 2013-08-06 21:32 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-17 23:08 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2013-08-17 23:08 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-08-17 23:07 - 2013-08-14 21:18 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-17 23:07 - 2013-08-14 14:50 - 00000000 ____D C:\Users\Andreas\Qtrax
2013-08-17 23:07 - 2013-08-14 14:46 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
2013-08-17 23:07 - 2013-08-14 14:46 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\BabSolution
2013-08-17 23:07 - 2013-08-14 14:46 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-08-17 23:07 - 2013-08-14 14:46 - 00000000 ____D C:\Program Files\OpenIt
2013-08-17 23:07 - 2013-08-14 14:46 - 00000000 ____D C:\Program Files\Delta
2013-08-17 23:07 - 2013-08-14 14:46 - 00000000 ____D C:\Program Files\DealPly
2013-08-17 23:07 - 2013-07-27 16:28 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Web Cake
2013-08-17 23:07 - 2013-07-18 21:24 - 00000000 ____D C:\Program Files\SweetIM
2013-08-17 23:07 - 2013-07-14 14:34 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\DSite
2013-08-17 23:07 - 2013-06-14 20:52 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-08-17 23:07 - 2013-06-02 12:27 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\WebCake
2013-08-17 23:07 - 2013-05-04 09:22 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
2013-08-17 23:07 - 2013-05-04 09:22 - 00000000 ____D C:\ProgramData\BrowserProtect
2013-08-17 23:07 - 2013-04-18 21:27 - 00000000 ____D C:\Program Files\Common Files\COMODO
2013-08-17 23:07 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-08-17 23:07 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\AppCompat
2013-08-17 23:07 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-08-17 23:05 - 2010-05-05 12:56 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-17 23:05 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-08-17 23:05 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-08-17 22:51 - 2013-08-14 14:46 - 00000000 ____D C:\Program Files\DealPlyLive
2013-08-17 22:11 - 2013-08-17 22:11 - 00000000 ____D C:\ProgramData\DealPlyLive
2013-08-17 22:09 - 2010-12-09 22:05 - 00000000 ____D C:\Users\Andreas
2013-08-16 20:42 - 2013-08-16 20:36 - 00035799 _____ C:\Users\Andreas\Downloads\FRST.txt
2013-08-16 20:14 - 2013-08-16 20:14 - 00005104 _____ C:\Users\Andreas\Desktop\JRT.txt
2013-08-16 20:10 - 2013-08-16 20:10 - 00014226 _____ C:\Users\Andreas\Desktop\AdwCleaner[S1].txt
2013-08-16 20:05 - 2013-08-16 20:05 - 00014226 _____ C:\AdwCleaner[S1].txt
2013-08-16 11:34 - 2010-05-05 22:00 - 00000000 ____D C:\Windows\Panther
2013-08-15 17:13 - 2013-08-15 17:13 - 00000000 ____D C:\Users\Andreas\Desktop\MS
2013-08-14 21:18 - 2013-08-14 21:18 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Malwarebytes
2013-08-14 21:18 - 2013-08-14 21:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-14 16:31 - 2013-08-14 16:31 - 00023019 _____ C:\ComboFix.txt
2013-08-14 16:31 - 2013-08-14 16:16 - 00000000 ____D C:\Qoobox
2013-08-14 16:01 - 2013-06-06 23:12 - 00000298 _____ C:\Windows\Tasks\Dealply.job
2013-08-14 15:01 - 2013-08-14 15:01 - 00023227 _____ C:\Users\Andreas\Downloads\Addition.txt
2013-08-14 14:59 - 2013-08-14 14:59 - 00000000 ____D C:\FRST
2013-08-14 14:58 - 2013-08-14 14:58 - 01068807 _____ (Farbar) C:\Users\Andreas\Downloads\FRST.exe
2013-08-14 14:58 - 2013-08-14 14:58 - 01068807 _____ (Farbar) C:\Users\Andreas\Downloads\FRST(1).exe
2013-08-14 14:56 - 2013-08-14 14:56 - 00000476 _____ C:\Users\Andreas\Downloads\defogger_disable.log
2013-08-14 14:56 - 2013-08-14 14:56 - 00000000 _____ C:\Users\Andreas\defogger_reenable
2013-08-14 14:55 - 2013-08-14 14:55 - 00050477 _____ C:\Users\Andreas\Downloads\Defogger.exe
2013-08-14 14:55 - 2013-08-14 14:55 - 00050477 _____ C:\Users\Andreas\Downloads\Defogger(1).exe
2013-08-14 14:46 - 2013-08-14 14:46 - 00001032 _____ C:\Users\Public\Desktop\Open It!.lnk
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2013-08-14 14:45 - 2013-08-14 14:45 - 00714352 _____ C:\Users\Andreas\Downloads\ZipOpenerSetup.exe
2013-08-14 11:37 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-08-11 09:37 - 2013-08-10 20:58 - 00085012 _____ C:\Windows\PFRO.log
2013-08-10 20:58 - 2010-12-14 22:44 - 00000000 ____D C:\ProgramData\WebEx
2013-08-09 18:54 - 2013-08-09 18:54 - 00666633 _____ C:\Users\Andreas\Downloads\adwcleaner.exe
2013-08-09 16:27 - 2013-08-09 16:27 - 01067456 _____ (Solid State Networks) C:\Users\Andreas\Downloads\install_flashplayer11x32au_mssd_aaa_aih.exe
2013-08-03 21:20 - 2013-08-03 21:20 - 00903080 _____ (Oracle Corporation) C:\Users\Andreas\Downloads\jxpiinstall(2).exe
2013-08-03 21:17 - 2013-08-03 21:17 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-03 21:17 - 2013-08-03 21:17 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-03 21:17 - 2013-08-03 21:17 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-03 21:17 - 2013-08-03 21:17 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-08-03 21:17 - 2013-08-03 21:17 - 00000000 ____D C:\Program Files\Java
2013-08-03 21:17 - 2013-08-03 21:17 - 00000000 ____D C:\Program Files\Common Files\Java
2013-08-03 21:17 - 2010-05-05 13:18 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-03 21:17 - 2010-05-05 13:18 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-03 21:15 - 2013-08-03 21:15 - 00903080 _____ (Oracle Corporation) C:\Users\Andreas\Downloads\jxpiinstall(1).exe
2013-08-03 21:14 - 2013-08-03 21:14 - 00903080 _____ (Oracle Corporation) C:\Users\Andreas\Downloads\jxpiinstall.exe
2013-08-03 11:34 - 2013-07-27 09:34 - 00000077 _____ C:\Users\Andreas\AppData\Roaming\WB.CFG
2013-07-30 12:13 - 2013-07-30 12:13 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\LaunchPad
2013-07-29 15:10 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\LiveKernelReports
2013-07-26 05:13 - 2013-08-18 08:15 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 05:13 - 2013-08-18 08:15 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 05:13 - 2013-08-18 08:15 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 05:12 - 2013-08-18 08:15 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 05:12 - 2013-08-18 08:15 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 05:12 - 2013-08-18 08:15 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 05:12 - 2013-08-18 08:15 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 05:12 - 2013-08-18 08:15 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 05:12 - 2013-08-18 08:15 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 05:12 - 2013-08-18 08:15 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 05:12 - 2013-08-18 08:15 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 05:12 - 2013-08-18 08:15 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 05:11 - 2013-08-18 08:15 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 05:11 - 2013-08-18 08:15 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 04:49 - 2013-08-18 08:15 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 03:59 - 2013-08-18 08:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-25 19:22 - 2013-07-25 19:22 - 00036102 _____ C:\Users\Andreas\Desktop\D-Dimere.htm
2013-07-25 19:22 - 2013-07-25 19:22 - 00000000 ____D C:\Users\Andreas\Desktop\D-Dimere_files
2013-07-25 10:57 - 2013-08-17 22:18 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-24 07:55 - 2013-07-24 07:55 - 00000000 _____ C:\Windows\setuperr.log
2013-07-23 09:32 - 2013-07-23 09:32 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\digital publishing
2013-07-23 09:10 - 2013-07-23 09:09 - 00000000 ____D C:\Users\Andreas\Desktop\Old Firefox Data
2013-07-23 09:04 - 2011-09-19 13:11 - 00000000 ____D C:\Windows\Minidump
2013-07-23 08:48 - 2013-07-23 08:48 - 03357912 _____ (Piriform Ltd) C:\Users\Andreas\Downloads\ccsetup403_slim.exe
2013-07-22 20:27 - 2012-10-10 13:08 - 00000000 ____D C:\Users\Andreas\Desktop\Verkauf!!!!!!!
2013-07-22 11:10 - 2010-12-30 22:56 - 00002005 _____ C:\Users\Public\Desktop\Canon MP Navigator EX 3.0.lnk
2013-07-22 11:09 - 2013-07-22 11:08 - 49904760 _____ C:\Users\Andreas\Downloads\mpnx_3_0-win-3_05-ea23_2.exe
2013-07-22 11:09 - 2010-12-30 22:55 - 00000000 ____D C:\Program Files\Canon
2013-07-22 10:33 - 2013-07-20 00:50 - 00000005 _____ C:\Users\Andreas\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-07-22 09:47 - 2013-07-22 09:47 - 00277456 _____ C:\Users\Andreas\Downloads\Setup(1).exe
2013-07-21 17:17 - 2013-07-21 17:17 - 00000000 ____D C:\Users\Andreas\AppData\Local\PDF24
2013-07-21 17:13 - 2013-07-21 17:12 - 00000000 ____D C:\Program Files\PDF24
2013-07-21 17:12 - 2013-07-21 17:12 - 00001778 _____ C:\Users\Public\Desktop\PDF24 Editor.lnk
2013-07-21 17:12 - 2013-07-21 17:12 - 00001763 _____ C:\Users\Public\Desktop\PDF24 Fax.lnk
2013-07-21 17:10 - 2013-07-21 17:09 - 15905080 _____ (Geek Software GmbH                                          ) C:\Users\Andreas\Downloads\pdf24-creator-5.6.0.exe

Files to move or delete:
====================
C:\Users\Andreas\AppData\Roaming\BabSolution\Shared\NTRedirect.dll
C:\Users\Andreas\kidizoom-twist-pink-kidizoom-twist-foto-editor-pc.exe
C:\Users\Andreas\TagesSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-14 19:08

==================== End Of Log ============================
         
--- --- ---

Alt 19.08.2013, 16:25   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Probleme durch Webcake - Standard

Probleme durch Webcake



ok dann bitte jetzt ohne JRT.

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.08.2013, 21:06   #11
escado
 
Probleme durch Webcake - Standard

Probleme durch Webcake



AdwCleaner:

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.306 - Datei am 19/08/2013 um 21:58:37 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : Andreas - ANDREAS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Andreas\Downloads\adwcleaner(1).exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\ProgramData\BrowserDefender
Ordner Gelöscht : C:\ProgramData\BrowserProtect

***** [Registrierungsdatenbank] *****

Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~2\261519~1.190\{c16c1~1\browse~1.dll
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16660

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v23.0.1 (en-US)

Datei : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\pr6083ft.default-1374563393628\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S2].txt - [1688 octets] - [19/08/2013 21:58:37]

########## EOF - C:\AdwCleaner[S2].txt - [1748 octets] ##########
         
--- --- ---



FRST:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-08-2013
Ran by Andreas (administrator) on 19-08-2013 22:03:28
Running from C:\Users\Andreas\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Comodo Security Solutions Inc.) C:\Program Files\Common Files\COMODO\launcher_service.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(X10) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(1und1 Mail und Media GmbH) C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Users\Andreas\Qtrax\Player\Notification.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9177632 2010-04-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1423904 2010-04-23] (Realtek Semiconductor)
HKLM\...\Run: [HotkeyApp] - C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM\...\Run: [LMgrVolOSD] - C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.)
HKLM\...\Run: [LMgrOSD] - "C:\Program Files\Launch Manager\OSDCtrl.exe" [x]
HKLM\...\Run: [Wbutton] - C:\Program Files\Launch Manager\Wbutton.exe [413696 2010-01-13] (Wistron Corp.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-11] (Synaptics Incorporated)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [14830184 2010-04-15] (NVIDIA Corporation)
HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2516296 2010-03-25] (CANON INC.)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey [x] <===== ATTENTION (File name is altered)
HKLM\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime [x]
HKLM\...\Run: [MailCheck IE Broker] - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [1513536 2013-02-04] (1und1 Mail und Media GmbH)
HKLM\...\Run: [gbrspcontrol] - C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-04-17] (Comodo Security Solutions, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-06-10] (Geek Software GmbH)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKCU\...\Run: [Device Detection] - C:\Program Files\Lidl_Fotos\dd.exe [x]
HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [x]
HKCU\...\Run: [NTRedirect] - C:\Windows\system32\rundll32.exe "C:\Users\Andreas\AppData\Roaming\BabSolution\Shared\NTRedirect.dll",Run [x] <===== ATTENTION
HKCU\...\Run: [QtraxNotification] - C:\Users\Andreas\Qtrax\Player\Notification.exe [118568 2013-08-14] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\Comodo\GeekBuddy\launcher.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\t@x aktuell.lnk
ShortcutTarget: t@x aktuell.lnk -> C:\Program Files\tax Steuersoftware 2013\taxaktuell.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Live Mail.lnk
ShortcutTarget: Windows Live Mail.lnk -> C:\Program Files\Windows Live\Mail\wlmail.exe (No File)
Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKCU - ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ*´Ñ;áa´[¦†8*º~RÙxœòÜ8'£-)x*ä* URL = 
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
BHO: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
Toolbar: HKLM - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll No File
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
Toolbar: HKCU -No Name - {7F4D8DE6-AC92-4A13-9DE9-F360736F2464} -  No File
Toolbar: HKCU -WEB.DE MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll No File
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {28B66320-9687-4B13-8757-36F901887AB5} hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/canvasx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL No File
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll No File
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\pr6083ft.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{DEDAF650-12B8-48f5-A843-BBA100716106}] C:\Program Files\Updater By Sweetpacks\Firefox

========================== Services (Whitelisted) =================

R2 CLPSLauncher; C:\Program Files\Common Files\COMODO\launcher_service.exe [70344 2013-04-17] (Comodo Security Solutions Inc.)
R2 GeekBuddyRSP; C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-04-17] (Comodo Security Solutions, Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
R2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [1800808 2010-04-15] (NVIDIA Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1724192 2013-01-28] (TuneUp Software)
R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-22] (Wistron Corp.)
R2 x10nets; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [20480 2009-11-07] (X10)
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [x]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [x]
S3 gusvc; "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" [x]
S2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [x]

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-05-16] ()
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-05-10] (Avira Operations GmbH & Co. KG)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [35064 2012-09-03] (Windows (R) Win 7 DDK provider)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-02-05] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2011-05-16] ()
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [786400 2009-08-13] (DiBcom SA)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-14] (Ralink Technology Corp.)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
S3 TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-19 21:58 - 2013-08-19 21:59 - 00001817 _____ C:\AdwCleaner[S2].txt
2013-08-19 21:48 - 2013-08-19 21:49 - 00000143 _____ C:\Windows\DeleteOnReboot.bat
2013-08-19 21:47 - 2013-08-19 21:47 - 00666633 _____ C:\Users\Andreas\Downloads\adwcleaner(1).exe
2013-08-19 10:47 - 2013-08-19 10:47 - 01069895 _____ (Farbar) C:\Users\Andreas\Desktop\FRST.exe
2013-08-19 10:46 - 2013-08-19 10:46 - 01069895 _____ (Farbar) C:\Users\Andreas\Downloads\FRST(2).exe
2013-08-18 08:15 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-18 08:15 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-18 08:15 - 2013-07-26 05:13 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-18 08:15 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-18 08:15 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-18 08:15 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-18 08:15 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-18 08:15 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-18 08:15 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-18 08:15 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-18 08:15 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-18 08:15 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-18 08:15 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-18 08:15 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-18 08:15 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-18 08:15 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-17 22:19 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-17 22:19 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-17 22:19 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-17 22:19 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-17 22:19 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-17 22:19 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-17 22:19 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-17 22:19 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-17 22:18 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-17 22:18 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-17 22:17 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-17 22:17 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-16 20:36 - 2013-08-16 20:42 - 00035799 _____ C:\Users\Andreas\Downloads\FRST.txt
2013-08-16 20:14 - 2013-08-16 20:14 - 00005104 _____ C:\Users\Andreas\Desktop\JRT.txt
2013-08-16 20:10 - 2013-08-16 20:10 - 00014226 _____ C:\Users\Andreas\Desktop\AdwCleaner[S1].txt
2013-08-16 11:14 - 2013-08-19 08:19 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 17:13 - 2013-08-15 17:13 - 00000000 ____D C:\Users\Andreas\Desktop\MS
2013-08-14 21:18 - 2013-08-17 23:07 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-14 21:18 - 2013-08-14 21:18 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Malwarebytes
2013-08-14 21:18 - 2013-08-14 21:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-14 16:31 - 2013-08-14 16:31 - 00023019 _____ C:\ComboFix.txt
2013-08-14 16:17 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-14 16:16 - 2013-08-14 16:31 - 00000000 ____D C:\Qoobox
2013-08-14 15:01 - 2013-08-14 15:01 - 00023227 _____ C:\Users\Andreas\Downloads\Addition.txt
2013-08-14 14:59 - 2013-08-14 14:59 - 00000000 ____D C:\FRST
2013-08-14 14:58 - 2013-08-14 14:58 - 01068807 _____ (Farbar) C:\Users\Andreas\Downloads\FRST.exe
2013-08-14 14:58 - 2013-08-14 14:58 - 01068807 _____ (Farbar) C:\Users\Andreas\Downloads\FRST(1).exe
2013-08-14 14:56 - 2013-08-14 14:56 - 00000476 _____ C:\Users\Andreas\Downloads\defogger_disable.log
2013-08-14 14:56 - 2013-08-14 14:56 - 00000000 _____ C:\Users\Andreas\defogger_reenable
2013-08-14 14:55 - 2013-08-14 14:55 - 00050477 _____ C:\Users\Andreas\Downloads\Defogger.exe
2013-08-14 14:55 - 2013-08-14 14:55 - 00050477 _____ C:\Users\Andreas\Downloads\Defogger(1).exe
2013-08-14 14:50 - 2013-08-17 23:07 - 00000000 ____D C:\Users\Andreas\Qtrax
2013-08-14 14:46 - 2013-08-17 23:07 - 00000000 ____D C:\Program Files\OpenIt
2013-08-14 14:46 - 2013-08-14 14:46 - 00001032 _____ C:\Users\Public\Desktop\Open It!.lnk
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2013-08-14 14:45 - 2013-08-14 14:45 - 00714352 _____ C:\Users\Andreas\Downloads\ZipOpenerSetup.exe
2013-08-10 21:25 - 2013-08-19 16:21 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Betcat
2013-08-10 20:58 - 2013-08-11 09:37 - 00085012 _____ C:\Windows\PFRO.log
2013-08-09 18:54 - 2013-08-09 18:54 - 00666633 _____ C:\Users\Andreas\Downloads\adwcleaner.exe
2013-08-09 16:27 - 2013-08-09 16:27 - 01067456 _____ (Solid State Networks) C:\Users\Andreas\Downloads\install_flashplayer11x32au_mssd_aaa_aih.exe
2013-08-06 21:32 - 2013-08-18 09:05 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-03 21:20 - 2013-08-03 21:20 - 00903080 _____ (Oracle Corporation) C:\Users\Andreas\Downloads\jxpiinstall(2).exe
2013-08-03 21:17 - 2013-08-03 21:17 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-03 21:17 - 2013-08-03 21:17 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-03 21:17 - 2013-08-03 21:17 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-03 21:17 - 2013-08-03 21:17 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-08-03 21:17 - 2013-08-03 21:17 - 00000000 ____D C:\Program Files\Java
2013-08-03 21:17 - 2013-08-03 21:17 - 00000000 ____D C:\Program Files\Common Files\Java
2013-08-03 21:15 - 2013-08-03 21:15 - 00903080 _____ (Oracle Corporation) C:\Users\Andreas\Downloads\jxpiinstall(1).exe
2013-08-03 21:14 - 2013-08-03 21:14 - 00903080 _____ (Oracle Corporation) C:\Users\Andreas\Downloads\jxpiinstall.exe
2013-07-30 12:13 - 2013-07-30 12:13 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\LaunchPad
2013-07-27 16:28 - 2013-08-17 23:07 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Web Cake
2013-07-27 09:34 - 2013-08-03 11:34 - 00000077 _____ C:\Users\Andreas\AppData\Roaming\WB.CFG
2013-07-25 19:22 - 2013-07-25 19:22 - 00036102 _____ C:\Users\Andreas\Desktop\D-Dimere.htm
2013-07-25 19:22 - 2013-07-25 19:22 - 00000000 ____D C:\Users\Andreas\Desktop\D-Dimere_files
2013-07-25 10:00 - 2013-08-19 22:01 - 00000000 ____D C:\Users\Andreas\Tracing
2013-07-24 07:55 - 2013-08-19 22:00 - 00003651 _____ C:\Windows\setupact.log
2013-07-24 07:55 - 2013-07-24 07:55 - 00000000 _____ C:\Windows\setuperr.log
2013-07-23 09:32 - 2013-07-23 09:32 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\digital publishing
2013-07-23 09:09 - 2013-07-23 09:10 - 00000000 ____D C:\Users\Andreas\Desktop\Old Firefox Data
2013-07-23 08:48 - 2013-07-23 08:48 - 03357912 _____ (Piriform Ltd) C:\Users\Andreas\Downloads\ccsetup403_slim.exe
2013-07-22 11:08 - 2013-07-22 11:09 - 49904760 _____ C:\Users\Andreas\Downloads\mpnx_3_0-win-3_05-ea23_2.exe
2013-07-22 09:47 - 2013-07-22 09:47 - 00277456 _____ C:\Users\Andreas\Downloads\Setup(1).exe
2013-07-21 17:17 - 2013-07-21 17:17 - 00000000 ____D C:\Users\Andreas\AppData\Local\PDF24
2013-07-21 17:12 - 2013-07-21 17:13 - 00000000 ____D C:\Program Files\PDF24
2013-07-21 17:12 - 2013-07-21 17:12 - 00001778 _____ C:\Users\Public\Desktop\PDF24 Editor.lnk
2013-07-21 17:12 - 2013-07-21 17:12 - 00001763 _____ C:\Users\Public\Desktop\PDF24 Fax.lnk
2013-07-21 17:09 - 2013-07-21 17:10 - 15905080 _____ (Geek Software GmbH                                          ) C:\Users\Andreas\Downloads\pdf24-creator-5.6.0.exe
2013-07-20 00:50 - 2013-07-22 10:33 - 00000005 _____ C:\Users\Andreas\AppData\Roaming\WBPU-Q5-TTL.DAT

==================== One Month Modified Files and Folders =======

2013-08-19 22:03 - 2013-08-19 22:03 - 00001817 _____ C:\Users\Andreas\Desktop\AdwCleaner[S2].txt
2013-08-19 22:01 - 2013-07-25 10:00 - 00000000 ____D C:\Users\Andreas\Tracing
2013-08-19 22:00 - 2013-07-24 07:55 - 00003651 _____ C:\Windows\setupact.log
2013-08-19 22:00 - 2011-03-30 09:49 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-19 22:00 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-19 21:59 - 2013-08-19 21:58 - 00001817 _____ C:\AdwCleaner[S2].txt
2013-08-19 21:59 - 2010-12-09 22:04 - 01846397 _____ C:\Windows\WindowsUpdate.log
2013-08-19 21:58 - 2009-07-14 06:34 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-19 21:58 - 2009-07-14 06:34 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-19 21:55 - 2010-05-05 12:28 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-19 21:49 - 2013-08-19 21:48 - 00000143 _____ C:\Windows\DeleteOnReboot.bat
2013-08-19 21:47 - 2013-08-19 21:47 - 00666633 _____ C:\Users\Andreas\Downloads\adwcleaner(1).exe
2013-08-19 21:47 - 2012-08-18 15:14 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-19 21:16 - 2011-03-30 09:49 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-19 16:21 - 2013-08-10 21:25 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Betcat
2013-08-19 10:47 - 2013-08-19 10:47 - 01069895 _____ (Farbar) C:\Users\Andreas\Desktop\FRST.exe
2013-08-19 10:46 - 2013-08-19 10:46 - 01069895 _____ (Farbar) C:\Users\Andreas\Downloads\FRST(2).exe
2013-08-19 09:46 - 2013-07-14 16:34 - 00000005 _____ C:\Users\Andreas\AppData\Roaming\WBPU-TTL.DAT
2013-08-19 08:23 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-19 08:19 - 2013-08-16 11:14 - 00000000 ____D C:\Windows\system32\MRT
2013-08-19 08:16 - 2010-05-05 14:57 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-19 08:16 - 2010-05-05 13:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-19 08:07 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-08-19 07:59 - 2013-06-06 23:13 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-18 11:18 - 2011-04-18 09:39 - 00000000 ____D C:\Users\Andreas\Desktop\Nicole
2013-08-18 11:13 - 2011-07-25 21:49 - 00000000 ____D C:\Users\Andreas\Documents\Bewerbungsunterlagen AK
2013-08-18 09:05 - 2013-08-06 21:32 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-17 23:08 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2013-08-17 23:08 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-08-17 23:07 - 2013-08-14 21:18 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-17 23:07 - 2013-08-14 14:50 - 00000000 ____D C:\Users\Andreas\Qtrax
2013-08-17 23:07 - 2013-08-14 14:46 - 00000000 ____D C:\Program Files\OpenIt
2013-08-17 23:07 - 2013-07-27 16:28 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Web Cake
2013-08-17 23:07 - 2013-06-14 20:52 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-08-17 23:07 - 2013-04-18 21:27 - 00000000 ____D C:\Program Files\Common Files\COMODO
2013-08-17 23:07 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-08-17 23:07 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\AppCompat
2013-08-17 23:07 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-08-17 23:05 - 2010-05-05 12:56 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-17 23:05 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-08-17 23:05 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-08-17 22:09 - 2010-12-09 22:05 - 00000000 ____D C:\Users\Andreas
2013-08-16 20:42 - 2013-08-16 20:36 - 00035799 _____ C:\Users\Andreas\Downloads\FRST.txt
2013-08-16 20:14 - 2013-08-16 20:14 - 00005104 _____ C:\Users\Andreas\Desktop\JRT.txt
2013-08-16 20:10 - 2013-08-16 20:10 - 00014226 _____ C:\Users\Andreas\Desktop\AdwCleaner[S1].txt
2013-08-16 11:34 - 2010-05-05 22:00 - 00000000 ____D C:\Windows\Panther
2013-08-15 17:13 - 2013-08-15 17:13 - 00000000 ____D C:\Users\Andreas\Desktop\MS
2013-08-14 21:18 - 2013-08-14 21:18 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Malwarebytes
2013-08-14 21:18 - 2013-08-14 21:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-14 16:31 - 2013-08-14 16:31 - 00023019 _____ C:\ComboFix.txt
2013-08-14 16:31 - 2013-08-14 16:16 - 00000000 ____D C:\Qoobox
2013-08-14 15:01 - 2013-08-14 15:01 - 00023227 _____ C:\Users\Andreas\Downloads\Addition.txt
2013-08-14 14:59 - 2013-08-14 14:59 - 00000000 ____D C:\FRST
2013-08-14 14:58 - 2013-08-14 14:58 - 01068807 _____ (Farbar) C:\Users\Andreas\Downloads\FRST.exe
2013-08-14 14:58 - 2013-08-14 14:58 - 01068807 _____ (Farbar) C:\Users\Andreas\Downloads\FRST(1).exe
2013-08-14 14:56 - 2013-08-14 14:56 - 00000476 _____ C:\Users\Andreas\Downloads\defogger_disable.log
2013-08-14 14:56 - 2013-08-14 14:56 - 00000000 _____ C:\Users\Andreas\defogger_reenable
2013-08-14 14:55 - 2013-08-14 14:55 - 00050477 _____ C:\Users\Andreas\Downloads\Defogger.exe
2013-08-14 14:55 - 2013-08-14 14:55 - 00050477 _____ C:\Users\Andreas\Downloads\Defogger(1).exe
2013-08-14 14:46 - 2013-08-14 14:46 - 00001032 _____ C:\Users\Public\Desktop\Open It!.lnk
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2013-08-14 14:45 - 2013-08-14 14:45 - 00714352 _____ C:\Users\Andreas\Downloads\ZipOpenerSetup.exe
2013-08-14 11:37 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-08-11 09:37 - 2013-08-10 20:58 - 00085012 _____ C:\Windows\PFRO.log
2013-08-10 20:58 - 2010-12-14 22:44 - 00000000 ____D C:\ProgramData\WebEx
2013-08-09 18:54 - 2013-08-09 18:54 - 00666633 _____ C:\Users\Andreas\Downloads\adwcleaner.exe
2013-08-09 16:27 - 2013-08-09 16:27 - 01067456 _____ (Solid State Networks) C:\Users\Andreas\Downloads\install_flashplayer11x32au_mssd_aaa_aih.exe
2013-08-03 21:20 - 2013-08-03 21:20 - 00903080 _____ (Oracle Corporation) C:\Users\Andreas\Downloads\jxpiinstall(2).exe
2013-08-03 21:17 - 2013-08-03 21:17 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-03 21:17 - 2013-08-03 21:17 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-03 21:17 - 2013-08-03 21:17 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-03 21:17 - 2013-08-03 21:17 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-08-03 21:17 - 2013-08-03 21:17 - 00000000 ____D C:\Program Files\Java
2013-08-03 21:17 - 2013-08-03 21:17 - 00000000 ____D C:\Program Files\Common Files\Java
2013-08-03 21:17 - 2010-05-05 13:18 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-03 21:17 - 2010-05-05 13:18 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-03 21:15 - 2013-08-03 21:15 - 00903080 _____ (Oracle Corporation) C:\Users\Andreas\Downloads\jxpiinstall(1).exe
2013-08-03 21:14 - 2013-08-03 21:14 - 00903080 _____ (Oracle Corporation) C:\Users\Andreas\Downloads\jxpiinstall.exe
2013-08-03 11:34 - 2013-07-27 09:34 - 00000077 _____ C:\Users\Andreas\AppData\Roaming\WB.CFG
2013-07-30 12:13 - 2013-07-30 12:13 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\LaunchPad
2013-07-29 15:10 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\LiveKernelReports
2013-07-26 05:13 - 2013-08-18 08:15 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 05:13 - 2013-08-18 08:15 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 05:13 - 2013-08-18 08:15 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 05:12 - 2013-08-18 08:15 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 05:12 - 2013-08-18 08:15 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 05:12 - 2013-08-18 08:15 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 05:12 - 2013-08-18 08:15 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 05:12 - 2013-08-18 08:15 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 05:12 - 2013-08-18 08:15 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 05:12 - 2013-08-18 08:15 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 05:12 - 2013-08-18 08:15 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 05:12 - 2013-08-18 08:15 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 05:11 - 2013-08-18 08:15 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 05:11 - 2013-08-18 08:15 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 04:49 - 2013-08-18 08:15 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 03:59 - 2013-08-18 08:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-25 19:22 - 2013-07-25 19:22 - 00036102 _____ C:\Users\Andreas\Desktop\D-Dimere.htm
2013-07-25 19:22 - 2013-07-25 19:22 - 00000000 ____D C:\Users\Andreas\Desktop\D-Dimere_files
2013-07-25 10:57 - 2013-08-17 22:18 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-24 07:55 - 2013-07-24 07:55 - 00000000 _____ C:\Windows\setuperr.log
2013-07-23 09:32 - 2013-07-23 09:32 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\digital publishing
2013-07-23 09:10 - 2013-07-23 09:09 - 00000000 ____D C:\Users\Andreas\Desktop\Old Firefox Data
2013-07-23 09:04 - 2011-09-19 13:11 - 00000000 ____D C:\Windows\Minidump
2013-07-23 08:48 - 2013-07-23 08:48 - 03357912 _____ (Piriform Ltd) C:\Users\Andreas\Downloads\ccsetup403_slim.exe
2013-07-22 20:27 - 2012-10-10 13:08 - 00000000 ____D C:\Users\Andreas\Desktop\Verkauf!!!!!!!
2013-07-22 11:10 - 2010-12-30 22:56 - 00002005 _____ C:\Users\Public\Desktop\Canon MP Navigator EX 3.0.lnk
2013-07-22 11:09 - 2013-07-22 11:08 - 49904760 _____ C:\Users\Andreas\Downloads\mpnx_3_0-win-3_05-ea23_2.exe
2013-07-22 11:09 - 2010-12-30 22:55 - 00000000 ____D C:\Program Files\Canon
2013-07-22 10:33 - 2013-07-20 00:50 - 00000005 _____ C:\Users\Andreas\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-07-22 09:47 - 2013-07-22 09:47 - 00277456 _____ C:\Users\Andreas\Downloads\Setup(1).exe
2013-07-21 17:17 - 2013-07-21 17:17 - 00000000 ____D C:\Users\Andreas\AppData\Local\PDF24
2013-07-21 17:13 - 2013-07-21 17:12 - 00000000 ____D C:\Program Files\PDF24
2013-07-21 17:12 - 2013-07-21 17:12 - 00001778 _____ C:\Users\Public\Desktop\PDF24 Editor.lnk
2013-07-21 17:12 - 2013-07-21 17:12 - 00001763 _____ C:\Users\Public\Desktop\PDF24 Fax.lnk
2013-07-21 17:10 - 2013-07-21 17:09 - 15905080 _____ (Geek Software GmbH                                          ) C:\Users\Andreas\Downloads\pdf24-creator-5.6.0.exe

Files to move or delete:
====================
C:\Users\Andreas\kidizoom-twist-pink-kidizoom-twist-foto-editor-pc.exe
C:\Users\Andreas\TagesSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-14 19:08

==================== End Of Log ============================
         
--- --- ---

Alt 20.08.2013, 12:27   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Probleme durch Webcake - Standard

Probleme durch Webcake




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Probleme durch Webcake
deinstalliere, farbar, immer wieder, nachrichten, pup.optional.babsolution.a, pup.optional.babylon.a, pup.optional.browserdefender.a, pup.optional.dealply.a, pup.optional.installbrain, pup.optional.opencandy, pup.optional.softonic, pup.optional.solimba, pup.optional.startpage, pup.optional.sweetim, pup.optional.tarma.a, pup.sweetim, pup.webcake, pup.webcake.a, schwach, systemsteuerung, öffnet sich ständig



Ähnliche Themen: Probleme durch Webcake


  1. Win 7 64bit: Internet / Performance / Downstream probleme durch angebliche port probleme !
    Log-Analyse und Auswertung - 26.04.2014 (19)
  2. Windows Xp, AddLyrics und Webcake Befall
    Plagegeister aller Art und deren Bekämpfung - 29.11.2013 (7)
  3. jede menge win32 probleme (webcake, Bprotekt-A etc.)
    Log-Analyse und Auswertung - 08.11.2013 (8)
  4. WebCake POP-UP entfernen
    Anleitungen, FAQs & Links - 29.10.2013 (2)
  5. Windows 7: Webcake 3.0
    Plagegeister aller Art und deren Bekämpfung - 26.08.2013 (9)
  6. WebCake 3.00 erntfernen?
    Plagegeister aller Art und deren Bekämpfung - 24.08.2013 (1)
  7. Entfernen von WebCake
    Plagegeister aller Art und deren Bekämpfung - 18.08.2013 (5)
  8. WebCake Deals and WebCake Ads entfernen
    Anleitungen, FAQs & Links - 12.08.2013 (2)
  9. Windows 7 - Problem mit WebCake 3.00
    Plagegeister aller Art und deren Bekämpfung - 08.08.2013 (5)
  10. Webcake und Monstermarketplace Befall
    Log-Analyse und Auswertung - 04.08.2013 (9)
  11. Entfernen von WebCake (und mehr?)
    Plagegeister aller Art und deren Bekämpfung - 03.08.2013 (13)
  12. Virus Webcake
    Log-Analyse und Auswertung - 30.07.2013 (5)
  13. WebCake Malware
    Plagegeister aller Art und deren Bekämpfung - 25.07.2013 (16)
  14. WebCake 3.00 - komische PC aktivitäten
    Plagegeister aller Art und deren Bekämpfung - 20.07.2013 (3)
  15. Entfernen von WebCake - Wichtig
    Plagegeister aller Art und deren Bekämpfung - 25.06.2013 (9)
  16. WebCake.BHO hat die Startseite vom IE geändert
    Log-Analyse und Auswertung - 23.06.2013 (15)
  17. Adware V9 und WebCake löschen
    Plagegeister aller Art und deren Bekämpfung - 01.06.2013 (5)

Zum Thema Probleme durch Webcake - Hallo, ich habe auch - wie wohl so einige Anwender - ein Problem mit Webcake. Im meinem Browser Firefox öffnet sich ständig ein Fenster mit seltsamen Nachrichten, dass die Leistung - Probleme durch Webcake...
Archiv
Du betrachtest: Probleme durch Webcake auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.