Montana_72 | 14.05.2014 15:10 | Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 14.05.2014
Suchlauf-Zeit: 15:50:11
Logdatei: mbam.txt
Administrator: Ja
Version: 2.00.1.1004
Malware Datenbank: v2014.05.14.05
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Montana
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 286328
Verstrichene Zeit: 4 Min, 24 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 144
PUP.Optional.DealPly.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\dealplylive, In Quarantäne, [df6e98b96b1049eded591a020af7827e],
PUP.Optional.DealPly.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\dealplylivem, In Quarantäne, [df6e98b96b1049eded591a020af7827e],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\APPID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}, In Quarantäne, [b39a262b74077bbb8503b5a7f70b0ff1],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassSvc, In Quarantäne, [b39a262b74077bbb8503b5a7f70b0ff1],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassSvc.1.0, In Quarantäne, [b39a262b74077bbb8503b5a7f70b0ff1],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassSvc, In Quarantäne, [b39a262b74077bbb8503b5a7f70b0ff1],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassSvc.1.0, In Quarantäne, [b39a262b74077bbb8503b5a7f70b0ff1],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}, In Quarantäne, [b39a262b74077bbb8503b5a7f70b0ff1],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}, In Quarantäne, [b39a262b74077bbb8503b5a7f70b0ff1],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [95b81d34c9b2ab8b2a033b21976bea16],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [95b81d34c9b2ab8b2a033b21976bea16],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, In Quarantäne, [0548331eb6c51125986ea3ba46bc2ed2],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, In Quarantäne, [0548331eb6c51125986ea3ba46bc2ed2],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\APPID\{F48FC5B2-094A-44C7-B48C-289738C9582D}, In Quarantäne, [f6573e135724999d7316bd9f05fdcf31],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3COMClassService, In Quarantäne, [f6573e135724999d7316bd9f05fdcf31],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3COMClassService.1.0, In Quarantäne, [f6573e135724999d7316bd9f05fdcf31],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3COMClassService, In Quarantäne, [f6573e135724999d7316bd9f05fdcf31],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3COMClassService.1.0, In Quarantäne, [f6573e135724999d7316bd9f05fdcf31],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{F48FC5B2-094A-44C7-B48C-289738C9582D}, In Quarantäne, [f6573e135724999d7316bd9f05fdcf31],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D}, In Quarantäne, [f6573e135724999d7316bd9f05fdcf31],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}, In Quarantäne, [08455af70378cb6b4f3b8dcfea184eb2],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback.1.0, In Quarantäne, [08455af70378cb6b4f3b8dcfea184eb2],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback, In Quarantäne, [08455af70378cb6b4f3b8dcfea184eb2],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback, In Quarantäne, [08455af70378cb6b4f3b8dcfea184eb2],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback.1.0, In Quarantäne, [08455af70378cb6b4f3b8dcfea184eb2],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}, In Quarantäne, [82cbc68bbebdbc7aa2d5ab7e956db34d],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}, In Quarantäne, [44090d4497e4a393c2c9be9e6e9439c7],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CredentialDialogMachine.1.0, In Quarantäne, [44090d4497e4a393c2c9be9e6e9439c7],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CredentialDialogMachine, In Quarantäne, [44090d4497e4a393c2c9be9e6e9439c7],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CredentialDialogMachine, In Quarantäne, [44090d4497e4a393c2c9be9e6e9439c7],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CredentialDialogMachine.1.0, In Quarantäne, [44090d4497e4a393c2c9be9e6e9439c7],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}, In Quarantäne, [3419a3ae196290a6414bd28aef13ad53],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoCreateAsync.1.0, In Quarantäne, [3419a3ae196290a6414bd28aef13ad53],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoCreateAsync, In Quarantäne, [3419a3ae196290a6414bd28aef13ad53],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoCreateAsync, In Quarantäne, [3419a3ae196290a6414bd28aef13ad53],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoCreateAsync.1.0, In Quarantäne, [3419a3ae196290a6414bd28aef13ad53],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}, In Quarantäne, [e26b62ef730821156924e9735da523dd],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebMachineFallback.1.0, In Quarantäne, [e26b62ef730821156924e9735da523dd],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebMachineFallback, In Quarantäne, [e26b62ef730821156924e9735da523dd],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebMachineFallback, In Quarantäne, [e26b62ef730821156924e9735da523dd],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebMachineFallback.1.0, In Quarantäne, [e26b62ef730821156924e9735da523dd],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}, In Quarantäne, [222b0d44d3a88da9ff8fb2aa8e74c53b],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoreMachineClass.1, In Quarantäne, [222b0d44d3a88da9ff8fb2aa8e74c53b],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoreMachineClass, In Quarantäne, [222b0d44d3a88da9ff8fb2aa8e74c53b],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoreMachineClass, In Quarantäne, [222b0d44d3a88da9ff8fb2aa8e74c53b],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoreMachineClass.1, In Quarantäne, [222b0d44d3a88da9ff8fb2aa8e74c53b],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}, In Quarantäne, [c58866eb25560c2ad1be0b5110f236ca],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.ProcessLauncher.1.0, In Quarantäne, [c58866eb25560c2ad1be0b5110f236ca],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.ProcessLauncher, In Quarantäne, [c58866eb25560c2ad1be0b5110f236ca],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.ProcessLauncher, In Quarantäne, [c58866eb25560c2ad1be0b5110f236ca],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.ProcessLauncher.1.0, In Quarantäne, [c58866eb25560c2ad1be0b5110f236ca],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}, In Quarantäne, [024b31201665e74fd8b88bd19c66ca36],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0, In Quarantäne, [024b31201665e74fd8b88bd19c66ca36],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachine, In Quarantäne, [024b31201665e74fd8b88bd19c66ca36],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachine, In Quarantäne, [024b31201665e74fd8b88bd19c66ca36],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0, In Quarantäne, [024b31201665e74fd8b88bd19c66ca36],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094}, In Quarantäne, [ce7fd67bfe7de056ff92b5a79d65946c],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8}, In Quarantäne, [ce7fd67bfe7de056ff92b5a79d65946c],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}, In Quarantäne, [014c62ef08730a2cff9368f4dc2636ca],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}, In Quarantäne, [014c62ef08730a2cff9368f4dc2636ca],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLive.OneClickCtrl.9, In Quarantäne, [014c62ef08730a2cff9368f4dc2636ca],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLive.OneClickCtrl.9, In Quarantäne, [014c62ef08730a2cff9368f4dc2636ca],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}, In Quarantäne, [014c62ef08730a2cff9368f4dc2636ca],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}, In Quarantäne, [014c62ef08730a2cff9368f4dc2636ca],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLive.Update3WebControl.3, In Quarantäne, [014c62ef08730a2cff9368f4dc2636ca],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLive.Update3WebControl.3, In Quarantäne, [014c62ef08730a2cff9368f4dc2636ca],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}, In Quarantäne, [014c62ef08730a2cff9368f4dc2636ca],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}, In Quarantäne, [014c62ef08730a2cff9368f4dc2636ca],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8}, In Quarantäne, [ca83df7269129e98f69d82da8c76a15f],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C536F080-57B7-46D6-8894-C647553F2889}, In Quarantäne, [a5a8fe535e1ddb5b34606deff50d39c7],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLive.OneClickProcessLauncherMachine.1.0, In Quarantäne, [a5a8fe535e1ddb5b34606deff50d39c7],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLive.OneClickProcessLauncherMachine, In Quarantäne, [a5a8fe535e1ddb5b34606deff50d39c7],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLive.OneClickProcessLauncherMachine, In Quarantäne, [a5a8fe535e1ddb5b34606deff50d39c7],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLive.OneClickProcessLauncherMachine.1.0, In Quarantäne, [a5a8fe535e1ddb5b34606deff50d39c7],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C536F080-57B7-46D6-8894-C647553F2889}, In Quarantäne, [a5a8fe535e1ddb5b34606deff50d39c7],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659}, In Quarantäne, [212c232eb7c477bfc9cc0953c63ce11f],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoreClass.1, In Quarantäne, [212c232eb7c477bfc9cc0953c63ce11f],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoreClass, In Quarantäne, [212c232eb7c477bfc9cc0953c63ce11f],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoreClass, In Quarantäne, [212c232eb7c477bfc9cc0953c63ce11f],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoreClass.1, In Quarantäne, [212c232eb7c477bfc9cc0953c63ce11f],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}, In Quarantäne, [82cbd97889f29d994dec8ecea1618a76],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, In Quarantäne, [82cbd97889f29d994dec8ecea1618a76],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, In Quarantäne, [82cbd97889f29d994dec8ecea1618a76],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc.1, In Quarantäne, [82cbd97889f29d994dec8ecea1618a76],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc, In Quarantäne, [82cbd97889f29d994dec8ecea1618a76],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc, In Quarantäne, [82cbd97889f29d994dec8ecea1618a76],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc.1, In Quarantäne, [82cbd97889f29d994dec8ecea1618a76],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725}, In Quarantäne, [dd705bf67cff1f17e7afde7e38ca41bf],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebSvc.1.0, In Quarantäne, [dd705bf67cff1f17e7afde7e38ca41bf],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebSvc, In Quarantäne, [dd705bf67cff1f17e7afde7e38ca41bf],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebSvc, In Quarantäne, [dd705bf67cff1f17e7afde7e38ca41bf],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebSvc.1.0, In Quarantäne, [dd705bf67cff1f17e7afde7e38ca41bf],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}, In Quarantäne, [2d20f859afcc330315829fbdb44e738d],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebMachine.1.0, In Quarantäne, [2d20f859afcc330315829fbdb44e738d],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebMachine, In Quarantäne, [2d20f859afcc330315829fbdb44e738d],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebMachine, In Quarantäne, [2d20f859afcc330315829fbdb44e738d],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebMachine.1.0, In Quarantäne, [2d20f859afcc330315829fbdb44e738d],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{4599D05A-D545-4069-BB42-5895B4EAE05B}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1231839B-064E-4788-B865-465A1B5266FD}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{2DAC2231-CC35-482B-97C5-CED1D4185080}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{57C91446-8D81-4156-A70E-624551442DE9}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{97DD820D-2E20-40AD-B01E-6730B2FCE630}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B177446D-54A4-4869-BABC-8566110B4BE0}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F05B12E1-ADE8-4485-B45B-898748B53C37}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1231839B-064E-4788-B865-465A1B5266FD}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2DAC2231-CC35-482B-97C5-CED1D4185080}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{57C91446-8D81-4156-A70E-624551442DE9}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{97DD820D-2E20-40AD-B01E-6730B2FCE630}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B177446D-54A4-4869-BABC-8566110B4BE0}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F05B12E1-ADE8-4485-B45B-898748B53C37}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{4599D05A-D545-4069-BB42-5895B4EAE05B}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\delta.deltaHlpr, In Quarantäne, [ee5fe66b75066fc72efed08bd42e1de3],
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\delta.deltaHlpr.1, In Quarantäne, [a6a762efbcbfd264979565f6df23936d],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\delta.deltaHlpr, In Quarantäne, [a6a762efbcbfd264979565f6df23936d],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\delta.deltaHlpr.1, In Quarantäne, [a6a762efbcbfd264979565f6df23936d],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\APPID\DealPlyLive.exe, In Quarantäne, [ce7f0150e09bbc7acac0b8f817ec8f71],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [7bd2a1b0b2c91e187f6e5d5db94a9a66],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\DealPlyLive, In Quarantäne, [133a133edf9caf87d2bacee222e15da3],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\DealPlyLive.exe, In Quarantäne, [82cb63eea5d6181e4c3e119f6a998878],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\DEALPLY, In Quarantäne, [2924ff525625c96d305b258bbc47fa06],
PUP.Optional.Lyrics.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\epojlgbehpaeekopencdagbdamnkppci, In Quarantäne, [430ac48db4c7a78ff5d2e7a840c2ab55],
PUP.Optional.QuickStart.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pelmeidfhdlhlbjimpabfcbnnojbboma, In Quarantäne, [0d4075dc443770c6e30a0d7ff40eff01],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@tools.dpliveupdate.com/DealPlyLive Update;version=3, In Quarantäne, [60ed60f10774d462dab4228e30d39d63],
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@tools.dpliveupdate.com/DealPlyLive Update;version=9, In Quarantäne, [8ebf5cf55a21be788a04a50b857e10f0],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-3951798952-3253315376-1183451035-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, In Quarantäne, [58f5a7aa2b50e353d928cce302010af6],
PUP.Optional.DealPly.A, HKU\S-1-5-21-3951798952-3253315376-1183451035-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DealPlyLive, In Quarantäne, [67e693be6c0f2313e8a80ca428dbb44c],
PUP.Optional.DealPly.A, HKU\S-1-5-21-3951798952-3253315376-1183451035-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DEALPLY, In Quarantäne, [95b8cb86a4d76fc746495759748f03fd],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3951798952-3253315376-1183451035-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [ba934f0274070036ef1c7b1ecd3546ba],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3951798952-3253315376-1183451035-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [88c597ba12690531a583bff0e41f6d93],
PUP.Optional.BProtector.A, HKU\S-1-5-21-3951798952-3253315376-1183451035-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, In Quarantäne, [3d10c68b9ae1bd79eb726c46c241956b],
Registrierungswerte: 5
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\DEALPLY|ChromeCrxPath, C:\Program Files (x86)\DealPly\DealPly.crx, In Quarantäne, [2924ff525625c96d305b258bbc47fa06]
PUP.Optional.DealPly.A, HKU\S-1-5-21-3951798952-3253315376-1183451035-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DEALPLY|Partner, iron, In Quarantäne, [95b8cb86a4d76fc746495759748f03fd]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3951798952-3253315376-1183451035-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0A2O1C1R1H2Z1S1G1M1F, In Quarantäne, [88c597ba12690531a583bff0e41f6d93]
PUP.BProtector, HKU\S-1-5-21-3951798952-3253315376-1183451035-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|bProtector Start Page, hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=1A6FD43D7EDAFE80&affID=119357&tsp=4979, In Quarantäne, [9ab3d57c403b57df24dfc0ef7b88fd03]
PUP.BProtector, HKU\S-1-5-21-3951798952-3253315376-1183451035-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|bProtectorDefaultScope, {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, In Quarantäne, [371686cb631877bfd82c5c530102cb35]
Registrierungsdaten: 10
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://start.mysearchdial.com/?f=1&a=dvd_14_14_ch&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0E0D0A0F0EzztDyB0A0F0DtN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StA0FyD0EzyyDyBtAtGzy0BtCtDtGtDyE0B0DtGtC0FyE0FtGyCyC0B0ByE0CzztCtCtByDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByBzz0DtD0A0ByEtG0Fzy0D0CtGtD0F0B0FtGtA0CtCzytGtDyC0A0DyCtDtAtByEtCtB0A2Q&cr=1665546957&ir=, Gut: (hxxp://www.google.com), Schlecht: (hxxp://start.mysearchdial.com/?f=1&a=dvd_14_14_ch&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0E0D0A0F0EzztDyB0A0F0DtN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StA0FyD0EzyyDyBtAtGzy0BtCtDtGtDyE0B0DtGtC0FyE0FtGyCyC0B0ByE0CzztCtCtByDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByBzz0DtD0A0ByEtG0Fzy0D0CtGtD0F0B0FtGtA0CtCzytGtDyC0A0DyCtDtAtByEtCtB0A2Q&cr=1665546957&ir=),Ersetzt,[91bc62ef215a3ef80046ef58768e619f]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[0b42a6ab78036ec8e0fb56f127dde917]
PUP.Optional.Awesomehp.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.awesomehp.com/web/?type=ds&ts=1394760088&from=adks&uid=SanDiskXSDSSDP128G_131061400976&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www.awesomehp.com/web/?type=ds&ts=1394760088&from=adks&uid=SanDiskXSDSSDP128G_131061400976&q={searchTerms}),Ersetzt,[4d009eb30774033360c0b7872ed67e82]
PUP.Optional.Awesomehp.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.awesomehp.com/?type=hp&ts=1394760088&from=adks&uid=SanDiskXSDSSDP128G_131061400976, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www.awesomehp.com/?type=hp&ts=1394760088&from=adks&uid=SanDiskXSDSSDP128G_131061400976),Ersetzt,[eb628bc60675f541f9222717ad576b95]
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://start.mysearchdial.com/?f=1&a=dvd_14_14_ch&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0E0D0A0F0EzztDyB0A0F0DtN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StA0FyD0EzyyDyBtAtGzy0BtCtDtGtDyE0B0DtGtC0FyE0FtGyCyC0B0ByE0CzztCtCtByDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByBzz0DtD0A0ByEtG0Fzy0D0CtGtD0F0B0FtGtA0CtCzytGtDyC0A0DyCtDtAtByEtCtB0A2Q&cr=1665546957&ir=, Gut: (hxxp://www.google.com), Schlecht: (hxxp://start.mysearchdial.com/?f=1&a=dvd_14_14_ch&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0E0D0A0F0EzztDyB0A0F0DtN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StA0FyD0EzyyDyBtAtGzy0BtCtDtGtDyE0B0DtGtC0FyE0FtGyCyC0B0ByE0CzztCtCtByDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByBzz0DtD0A0ByEtG0Fzy0D0CtGtD0F0B0FtGtA0CtCzytGtDyC0A0DyCtDtAtByEtCtB0A2Q&cr=1665546957&ir=),Ersetzt,[3518aca584f71620361035121ce8ab55]
PUP.Optional.SnapDo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gLihpaVJ5a5JCURBTmcu51emVQtkyf9rLWvmT0GkmqAGRi87l67Vr7qWbXETh8fMl4-0GDWhqUibiPPr_5MRX4QoBjyAwRsEuzmNyuVslMVGD6fZ9p0cQgvoSrnex8g,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gLihpaVJ5a5JCURBTmcu51emVQtkyf9rLWvmT0GkmqAGRi87l67Vr7qWbXETh8fMl4-0GDWhqUibiPPr_5MRX4QoBjyAwRsEuzmNyuVslMVGD6fZ9p0cQgvoSrnex8g,&q={searchTerms}),Ersetzt,[aaa3bb96d0ab3ff716cf95a88183f20e]
PUP.Optional.Snapdo, HKU\S-1-5-21-3951798952-3253315376-1183451035-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gLihpaVJ5a5JCURBTmcu51emVQtkyf9rLWvmT0GkmqAGRi87l67Vr7qWbXETh8fMm71B1nyAua96knyc3JbMmLOhCPcpweg7BV49_72KbLbny3Yvm4GdNANiZSjp1K8,, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gLihpaVJ5a5JCURBTmcu51emVQtkyf9rLWvmT0GkmqAGRi87l67Vr7qWbXETh8fMm71B1nyAua96knyc3JbMmLOhCPcpweg7BV49_72KbLbny3Yvm4GdNANiZSjp1K8,),Ersetzt,[ed60420ff88368ce51fb1532b64e926e]
PUP.Optional.Snapdo, HKU\S-1-5-21-3951798952-3253315376-1183451035-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gLihpaVJ5a5JCURBTmcu51emVQtkyf9rLWvmT0GkmqAGRi87l67Vr7qWbXETh8fMl4-0GDWhqUibiPPr_5MRX4QoBjyAwRsEuzmNyuVslMVGD6fZ9p0cQgvoSrnex88,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gLihpaVJ5a5JCURBTmcu51emVQtkyf9rLWvmT0GkmqAGRi87l67Vr7qWbXETh8fMl4-0GDWhqUibiPPr_5MRX4QoBjyAwRsEuzmNyuVslMVGD6fZ9p0cQgvoSrnex88,&q={searchTerms}),Ersetzt,[82cbfc55601b96a08bc2a3a4a460e61a]
PUP.Optional.Snapdo, HKU\S-1-5-21-3951798952-3253315376-1183451035-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gLihpaVJ5a5JCURBTmcu51emVQtkyf9rLWvmT0GkmqAGRi87l67Vr7qWbXETh8fMl4-0GDWhqUibiPPr_5MRX4QoBjyAwRsEuzmNyuVslMVGD6fZ9p0cQgvoSrnex88,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gLihpaVJ5a5JCURBTmcu51emVQtkyf9rLWvmT0GkmqAGRi87l67Vr7qWbXETh8fMl4-0GDWhqUibiPPr_5MRX4QoBjyAwRsEuzmNyuVslMVGD6fZ9p0cQgvoSrnex88,&q={searchTerms}),Ersetzt,[2b2209486f0c8bab9cb21f28897be61a]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-3951798952-3253315376-1183451035-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gLihpaVJ5a5JCURBTmcu51emVQtkyf9rLWvmT0GkmqAGRi87l67Vr7qWbXETh8fMl4-0GDWhqUibiPPr_5MRX4QoBjyAwRsEuzmNyuVslMVGD6fZ9p0cQgvoSrnex88,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gLihpaVJ5a5JCURBTmcu51emVQtkyf9rLWvmT0GkmqAGRi87l67Vr7qWbXETh8fMl4-0GDWhqUibiPPr_5MRX4QoBjyAwRsEuzmNyuVslMVGD6fZ9p0cQgvoSrnex88,&q={searchTerms}),Ersetzt,[0647173a562592a421c51924778d6f91]
Ordner: 26
PUP.Optional.Updater, C:\Users\Montana\AppData\Roaming\DigitalSites\UpdateProc, In Quarantäne, [87c6460b9fdc79bdfc58a4f523dff808],
PUP.OPtional.Dealply.A, C:\Users\Montana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly, In Quarantäne, [1d3075dcfe7d8ea803759915f90a7e82],
PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive, In Quarantäne, [b59839184932a29405ecd49aa95919e7],
PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive\Update, In Quarantäne, [b59839184932a29405ecd49aa95919e7],
PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive\Update\Log, In Quarantäne, [b59839184932a29405ecd49aa95919e7],
PUP.Optional.DealPly.A, C:\Users\Montana\AppData\Roaming\Dealply, In Quarantäne, [5af3c988097275c11fd33c3234cee51b],
PUP.Optional.DealPly.A, C:\Users\Montana\AppData\Roaming\Dealply\UpdateProc, In Quarantäne, [5af3c988097275c11fd33c3234cee51b],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\CrashReports, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\Download, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\Install, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\Offline, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\Offline\{AEEC4BBE-6A51-486C-8A7C-D2C1D0B771DD}, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.Delta.A, C:\Program Files (x86)\Delta\delta\1.8.24.5, In Quarantäne, [92bb4110d8a3b97d7c7986e8ea1818e8],
PUP.Optional.OpenCandy, C:\Users\Montana\AppData\Roaming\OpenCandy, In Quarantäne, [84c9c38ef784ff370f1aacc3837fdf21],
PUP.Optional.OpenCandy, C:\Users\Montana\AppData\Roaming\OpenCandy\048312E388DC44E3BD161DFE59206FAE, In Quarantäne, [84c9c38ef784ff370f1aacc3837fdf21],
PUP.Optional.OpenCandy, C:\Users\Montana\AppData\Roaming\OpenCandy\81118B5DB02B475BB29E060E132F8361, In Quarantäne, [84c9c38ef784ff370f1aacc3837fdf21],
PUP.Optional.DealPly.A, C:\Users\Montana\AppData\Local\DealPlyLive, In Quarantäne, [d776de735f1c37ffb7903e3131d1a759],
PUP.Optional.DealPly.A, C:\Users\Montana\AppData\Local\DealPlyLive\CrashReports, In Quarantäne, [d776de735f1c37ffb7903e3131d1a759],
PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial, In Quarantäne, [004d5ef3007ba690631dd89824def10f],
PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.29.0, In Quarantäne, [004d5ef3007ba690631dd89824def10f],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, In Quarantäne, [49042d24bac1171f23cab3be867cdf21],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update, In Quarantäne, [49042d24bac1171f23cab3be867cdf21],
PUP.Optional.WeatherItUp.A, C:\Program Files (x86)\Weather It Up, In Quarantäne, [93babb969dde3303741b4231976bdc24],
Dateien: 89
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe, In Quarantäne, [df6e98b96b1049eded591a020af7827e],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\psmachine.dll, In Quarantäne, [ce7fd67bfe7de056ff92b5a79d65946c],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll, In Quarantäne, [014c62ef08730a2cff9368f4dc2636ca],
PUP.Optional.Babylon.A, C:\Users\Montana\AppData\Roaming\OpenCandy\048312E388DC44E3BD161DFE59206FAE\DeltaTB.exe, In Quarantäne, [cd807bd6780377bf38f8a461e91846ba],
PUP.Optional.Superfish.A, C:\Users\Montana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Löschen bei Neustart, [89c43c1595e66bcbc5e4106f7c86649c],
PUP.Optional.Superfish.A, C:\Users\Montana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, In Quarantäne, [2528430ef784171fa702cfb0a062e11f],
PUP.Optional.QuickStart.A, C:\Users\Montana\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx, In Quarantäne, [212cdf725724e45231d6f596e51d1ce4],
PUP.Optional.Updater, C:\Users\Montana\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe, In Quarantäne, [87c6460b9fdc79bdfc58a4f523dff808],
PUP.Optional.Updater, C:\Users\Montana\AppData\Roaming\DigitalSites\UpdateProc\config.dat, In Quarantäne, [87c6460b9fdc79bdfc58a4f523dff808],
PUP.Optional.Updater, C:\Users\Montana\AppData\Roaming\DigitalSites\UpdateProc\info.dat, In Quarantäne, [87c6460b9fdc79bdfc58a4f523dff808],
PUP.Optional.Updater, C:\Users\Montana\AppData\Roaming\DigitalSites\UpdateProc\STTL.DAT, In Quarantäne, [87c6460b9fdc79bdfc58a4f523dff808],
PUP.Optional.Updater, C:\Users\Montana\AppData\Roaming\DigitalSites\UpdateProc\TTL.DAT, In Quarantäne, [87c6460b9fdc79bdfc58a4f523dff808],
PUP.OPtional.Dealply.A, C:\Users\Montana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\Uninstall DealPly.lnk, In Quarantäne, [1d3075dcfe7d8ea803759915f90a7e82],
PUP.OPtional.Dealply.A, C:\Users\Montana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly Help.url, In Quarantäne, [1d3075dcfe7d8ea803759915f90a7e82],
PUP.OPtional.Dealply.A, C:\Users\Montana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly.url, In Quarantäne, [1d3075dcfe7d8ea803759915f90a7e82],
PUP.Optional.DealPly.A, C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job, In Quarantäne, [a0ada5acd9a2053136b5a80cef14d927],
PUP.Optional.DealPly.A, C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job, In Quarantäne, [84c9c78a176444f2faf164500cf7c43c],
PUP.Optional.FunMoods.A, C:\Users\Montana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage, In Quarantäne, [e964b899daa1ab8bcb8c43759f6415eb],
PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive\Update\Log\DealPlyLive.log, In Quarantäne, [b59839184932a29405ecd49aa95919e7],
PUP.Optional.DealPly.A, C:\Users\Montana\AppData\Roaming\Dealply\UpdateProc\config.dat, In Quarantäne, [5af3c988097275c11fd33c3234cee51b],
PUP.Optional.DealPly.A, C:\Users\Montana\AppData\Roaming\Dealply\UpdateProc\info.dat, In Quarantäne, [5af3c988097275c11fd33c3234cee51b],
PUP.Optional.DealPly.A, C:\Users\Montana\AppData\Roaming\Dealply\UpdateProc\STTL.DAT, In Quarantäne, [5af3c988097275c11fd33c3234cee51b],
PUP.Optional.DealPly.A, C:\Users\Montana\AppData\Roaming\Dealply\UpdateProc\TTL.DAT, In Quarantäne, [5af3c988097275c11fd33c3234cee51b],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLive.exe, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveBroker.exe, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveHandler.exe, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveHelper.msi, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveOnDemand.exe, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_bn.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ca.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_cs.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_da.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_de.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_el.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_en-GB.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_en.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_es-419.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_es.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_et.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fa.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fi.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fil.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fr.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_gu.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hr.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hu.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_id.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_is.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_it.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_iw.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ja.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_kn.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ko.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_lt.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_lv.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ml.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_mr.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ms.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_nl.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_no.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdate.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_am.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ar.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pt-BR.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pt-PT.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ro.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ru.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sk.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sl.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sr.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sv.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sw.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ta.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_te.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_th.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_tr.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_uk.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ur.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_vi.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_zh-CN.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_zh-TW.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\psuser.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_bg.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hi.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pl.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2],
PUP.Optional.OpenCandy, C:\Users\Montana\AppData\Roaming\OpenCandy\81118B5DB02B475BB29E060E132F8361\TuneUpUtilities2013-2200217_de-DE.exe, In Quarantäne, [84c9c38ef784ff370f1aacc3837fdf21],
PUP.Optional.WeatherItUp.A, C:\Program Files (x86)\Weather It Up\Weather It Up-bho64.dll, In Quarantäne, [93babb969dde3303741b4231976bdc24],
PUP.Optional.WeatherItUp.A, C:\Program Files (x86)\Weather It Up\Weather It Up-bho.dll, In Quarantäne, [93babb969dde3303741b4231976bdc24],
PUP.Optional.Snapdo.A, C:\Users\Montana\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "homepage": "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gLihpaVJ5a5JCURBTmcu51emVQtkyf9rLWvmT0GkmqAGRi87l67Vr7qWbXETh8fMm71B1nyAua96knyc3JbMmLOhCPcpweg7BV49_72KbLbny3Yvm4GdNANiZSjp1Kg,",), Ersetzt,[c38a460b7803b77fdcce6f04b35158a8]
Physische Sektoren: 0
(No malicious items detected)
(end) Code:
# AdwCleaner v3.208 - Bericht erstellt am 14/05/2014 um 15:58:01
# Aktualisiert 11/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Montana - MONTANA-PC
# Gestartet von : C:\Users\Montana\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BrowserDefender
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Program Files (x86)\Delta
Ordner Gelöscht : C:\Program Files (x86)\Web Protect
Ordner Gelöscht : C:\Users\Montana\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Ordner Gelöscht : C:\Users\Montana\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Montana\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\Montana\AppData\Roaming\DSite
Ordner Gelöscht : C:\Users\Montana\AppData\Roaming\SupTab
Datei Gelöscht : C:\Windows\System32\Tasks\BrowserDefendert
Datei Gelöscht : C:\Windows\System32\Tasks\Dealply
Datei Gelöscht : C:\Windows\System32\Tasks\DealPlyUpdate
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\webcakeupdater
Schlüssel Gelöscht : HKCU\Software\5a57d88fb36dba15
Schlüssel Gelöscht : HKLM\SOFTWARE\5a57d88fb36dba15
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9CF699CA-2174-4ED8-BEC1-BA82095EDCE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DE27CF30-9C47-4FF7-AE8A-2C3DF0ABDE90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CF699CA-2174-4ED8-BEC1-BA82095EDCE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\WebProtect
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\lyrixeeker
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\WebProtect
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17041
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Google Chrome v33.0.1750.154
[ Datei : C:\Users\Montana\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Search Provider] : hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gLihpaVJ5a5JCURBTmcu51emVQtkyf9rLWvmT0GkmqAGRi87l67Vr7qWbXETh8fMl4-0GDWhqUibiPPr_5MRX4QoBjyAwRsEuzmNyuVslMVGD6fZ9p0cQgvoSrnex8g,&q={searchTerms}
Gelöscht [Homepage] : hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gLihpaVJ5a5JCURBTmcu51emVQtkyf9rLWvmT0GkmqAGRi87l67Vr7qWbXETh8fMm71B1nyAua96knyc3JbMmLOhCPcpweg7BV49_72KbLbny3Yvm4GdNANiZSjp1Kg,
Gelöscht [Extension] : fjoijdanhaiflhibkljeklcghcmmfffh
Gelöscht [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma
*************************
AdwCleaner[R0].txt - [6973 octets] - [14/05/2014 15:55:42]
AdwCleaner[S0].txt - [6442 octets] - [14/05/2014 15:58:01]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6502 octets] ########## Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Montana on 14.05.2014 at 16:03:33,51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3951798952-3253315376-1183451035-1000\Software\sweetim
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.05.2014 at 16:06:32,05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014
Ran by Montana (administrator) on MONTANA-PC on 14-05-2014 16:07:04
Running from C:\Users\Montana\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
() C:\monitor.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\DeviceDisplayObjectProvider.exe
(Microsoft Corporation) C:\Windows\System32\Dxpserver.exe
(Akamai Technologies, Inc.) C:\Users\Montana\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Akamai Technologies, Inc.) C:\Users\Montana\AppData\Local\Akamai\netsession_win.exe
(Aeria Games & Entertainment) C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2013-05-27] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\MBCfg64.dll [34432 2013-04-23] (Creative Technology Ltd.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8294680 2014-02-28] (Logitech Inc.)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2012-11-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-05-15] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-3951798952-3253315376-1183451035-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Montana\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3951798952-3253315376-1183451035-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-09-25]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-09-25]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-09-25]
FF HKCU\...\Firefox\Extensions: [{4340308e-3e37-4dd7-9192-8cf05ce9c9f2}] - C:\Program Files (x86)\LyriXeeker\130.xpi
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (Intel00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Extension: (Kaspersky Protection) - C:\Users\Montana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-03-31]
CHR Extension: (YouTube) - C:\Users\Montana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-17]
CHR Extension: (Google-Suche) - C:\Users\Montana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-17]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Montana\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-09-25]
CHR Extension: (Google Wallet) - C:\Users\Montana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-31]
CHR Extension: (Google Mail) - C:\Users\Montana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-17]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-04-05]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-04-05]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-08-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-02] (Kaspersky Lab ZAO)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [180200 2013-02-13] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-17] (Intel Corporation)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [29728 2013-05-28] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [278336 2011-09-19] (NVIDIA)
S2 ProtectMonitor; C:\monitorsvc.exe [34244 2014-02-13] ()
S3 PCProtect; C:\Program Files (x86)\Web Protect\PCProtect.exe [X]
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21048 2013-02-13] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21048 2013-02-13] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-02-13] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-07] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-30] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-30] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-02] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-19] (Kaspersky Lab ZAO)
R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-05-14] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-14 16:06 - 2014-05-14 16:06 - 00001110 _____ () C:\Users\Montana\Desktop\JRT.txt
2014-05-14 16:03 - 2014-05-14 16:03 - 00000000 ____D () C:\Windows\ERUNT
2014-05-14 16:01 - 2014-05-14 16:01 - 01016261 _____ (Thisisu) C:\Users\Montana\Desktop\JRT.exe
2014-05-14 16:00 - 2014-05-14 16:00 - 00006602 _____ () C:\Users\Montana\Desktop\AdwCleaner[S0].txt
2014-05-14 15:55 - 2014-05-14 15:58 - 00000000 ____D () C:\AdwCleaner
2014-05-14 15:55 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-14 15:53 - 2014-05-14 15:53 - 01325827 _____ () C:\Users\Montana\Downloads\adwcleaner.exe
2014-05-14 15:52 - 2014-05-14 15:52 - 00047572 _____ () C:\Users\Montana\Desktop\mbam.txt
2014-05-14 15:44 - 2014-05-14 15:52 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-14 15:43 - 2014-05-14 15:43 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-14 15:43 - 2014-05-14 15:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-14 15:43 - 2014-05-14 15:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-14 15:43 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-14 15:43 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-14 15:43 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-14 15:40 - 2014-05-14 15:41 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Montana\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-13 12:06 - 2014-05-13 12:06 - 00015913 _____ () C:\Users\Montana\Desktop\ComboFix.txt
2014-05-13 12:02 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-13 12:02 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-13 12:02 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-13 12:02 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-13 12:02 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-13 12:02 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-13 12:02 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-13 12:02 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-13 12:00 - 2014-05-13 12:06 - 00000000 ____D () C:\Windows\erdnt
2014-05-13 12:00 - 2014-05-13 12:06 - 00000000 ____D () C:\Qoobox
2014-05-13 11:58 - 2014-05-13 11:58 - 05200050 ____R (Swearware) C:\Users\Montana\Downloads\ComboFix.exe
2014-05-13 11:46 - 2014-05-13 11:46 - 00001268 _____ () C:\Users\Montana\Desktop\Revo Uninstaller.lnk
2014-05-13 11:46 - 2014-05-13 11:46 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-13 11:44 - 2014-05-13 11:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Montana\Downloads\revosetup95.exe
2014-05-11 20:11 - 2014-05-11 20:11 - 00000476 _____ () C:\Users\Montana\Downloads\defogger_disable.log
2014-05-11 19:30 - 2014-05-11 19:30 - 00053447 _____ () C:\Users\Montana\Desktop\Gmer.txt
2014-05-11 19:14 - 2014-05-14 16:07 - 00016576 _____ () C:\Users\Montana\Desktop\FRST.txt
2014-05-11 19:12 - 2014-05-11 19:12 - 00000476 _____ () C:\Users\Montana\Desktop\defogger_disable.log
2014-05-06 22:31 - 2014-05-06 22:31 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-06 15:24 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-06 15:24 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-04 02:02 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-04 02:02 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-04 02:02 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-04 02:02 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-30 13:16 - 2014-04-30 13:16 - 00001083 _____ () C:\Users\Montana\Desktop\Minecraft.lnk
2014-04-30 13:15 - 2014-04-30 13:15 - 00675988 _____ () C:\Users\Montana\Downloads\Minecraft.exe
2014-04-28 10:45 - 2014-04-28 10:45 - 00034458 _____ () C:\Users\Montana\Desktop\Addition.txt
2014-04-28 10:44 - 2014-05-14 16:07 - 00000000 ____D () C:\FRST
2014-04-28 10:40 - 2014-04-28 10:40 - 00000000 _____ () C:\Users\Montana\defogger_reenable
2014-04-28 10:37 - 2014-04-28 10:37 - 00380416 _____ () C:\Users\Montana\Desktop\Gmer-19357.exe
2014-04-28 10:36 - 2014-05-11 19:13 - 02066432 _____ (Farbar) C:\Users\Montana\Desktop\FRST64.exe
2014-04-28 10:32 - 2014-04-28 10:32 - 00050477 _____ () C:\Users\Montana\Desktop\Defogger.exe
2014-04-15 02:51 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-15 02:51 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-15 02:51 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-15 02:51 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-15 02:51 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-15 02:51 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-15 02:51 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-15 02:51 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-15 02:51 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-15 02:51 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-15 02:51 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-15 02:51 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-15 02:51 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-15 02:51 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-15 02:51 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-15 02:51 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-15 02:51 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-15 02:51 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-15 02:51 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-15 02:51 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-15 02:51 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-15 02:51 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-15 02:51 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-15 02:51 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-15 02:51 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-15 02:51 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-15 02:51 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-15 02:51 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-15 02:51 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-15 02:51 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-15 02:51 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-15 02:51 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-15 02:51 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-15 02:51 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-15 02:51 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-15 02:51 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-15 02:51 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-15 02:51 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-15 02:51 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-15 02:51 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-15 02:51 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-15 02:51 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-15 02:51 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-15 02:51 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
==================== One Month Modified Files and Folders =======
2014-05-14 16:07 - 2014-05-11 19:14 - 00016576 _____ () C:\Users\Montana\Desktop\FRST.txt
2014-05-14 16:07 - 2014-04-28 10:44 - 00000000 ____D () C:\FRST
2014-05-14 16:06 - 2014-05-14 16:06 - 00001110 _____ () C:\Users\Montana\Desktop\JRT.txt
2014-05-14 16:06 - 2011-04-12 09:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-05-14 16:06 - 2011-04-12 09:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-05-14 16:06 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-14 16:06 - 2009-07-14 06:45 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-14 16:06 - 2009-07-14 06:45 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-14 16:03 - 2014-05-14 16:03 - 00000000 ____D () C:\Windows\ERUNT
2014-05-14 16:01 - 2014-05-14 16:01 - 01016261 _____ (Thisisu) C:\Users\Montana\Desktop\JRT.exe
2014-05-14 16:00 - 2014-05-14 16:00 - 00006602 _____ () C:\Users\Montana\Desktop\AdwCleaner[S0].txt
2014-05-14 15:59 - 2014-03-13 12:43 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-05-14 15:59 - 2013-09-25 12:08 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-05-14 15:59 - 2013-09-15 18:51 - 00000000 ____D () C:\Users\Montana\AppData\Local\LogMeIn Hamachi
2014-05-14 15:59 - 2013-08-17 18:55 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-14 15:59 - 2013-08-17 18:52 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-05-14 15:59 - 2013-08-17 18:49 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-14 15:59 - 2010-11-21 05:47 - 00474698 _____ () C:\Windows\PFRO.log
2014-05-14 15:59 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-14 15:59 - 2009-07-14 06:51 - 00061838 _____ () C:\Windows\setupact.log
2014-05-14 15:58 - 2014-05-14 15:55 - 00000000 ____D () C:\AdwCleaner
2014-05-14 15:58 - 2013-08-17 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-14 15:58 - 2013-08-17 18:40 - 02069383 _____ () C:\Windows\WindowsUpdate.log
2014-05-14 15:55 - 2013-08-17 18:49 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-14 15:53 - 2014-05-14 15:53 - 01325827 _____ () C:\Users\Montana\Downloads\adwcleaner.exe
2014-05-14 15:52 - 2014-05-14 15:52 - 00047572 _____ () C:\Users\Montana\Desktop\mbam.txt
2014-05-14 15:52 - 2014-05-14 15:44 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-14 15:43 - 2014-05-14 15:43 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-14 15:43 - 2014-05-14 15:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-14 15:43 - 2014-05-14 15:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-14 15:41 - 2014-05-14 15:40 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Montana\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-13 12:06 - 2014-05-13 12:06 - 00015913 _____ () C:\Users\Montana\Desktop\ComboFix.txt
2014-05-13 12:06 - 2014-05-13 12:00 - 00000000 ____D () C:\Windows\erdnt
2014-05-13 12:06 - 2014-05-13 12:00 - 00000000 ____D () C:\Qoobox
2014-05-13 12:06 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-05-13 12:05 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-13 11:58 - 2014-05-13 11:58 - 05200050 ____R (Swearware) C:\Users\Montana\Downloads\ComboFix.exe
2014-05-13 11:46 - 2014-05-13 11:46 - 00001268 _____ () C:\Users\Montana\Desktop\Revo Uninstaller.lnk
2014-05-13 11:46 - 2014-05-13 11:46 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-13 11:45 - 2014-05-13 11:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Montana\Downloads\revosetup95.exe
2014-05-13 00:38 - 2013-08-19 11:39 - 00000042 _____ () C:\Users\Montana\AppData\Roaming\WB.CFG
2014-05-12 23:36 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-11 20:11 - 2014-05-11 20:11 - 00000476 _____ () C:\Users\Montana\Downloads\defogger_disable.log
2014-05-11 19:30 - 2014-05-11 19:30 - 00053447 _____ () C:\Users\Montana\Desktop\Gmer.txt
2014-05-11 19:22 - 2013-08-21 16:23 - 00000000 ____D () C:\Users\Montana\AppData\Local\CrashDumps
2014-05-11 19:13 - 2014-04-28 10:36 - 02066432 _____ (Farbar) C:\Users\Montana\Desktop\FRST64.exe
2014-05-11 19:12 - 2014-05-11 19:12 - 00000476 _____ () C:\Users\Montana\Desktop\defogger_disable.log
2014-05-07 22:50 - 2013-08-17 18:49 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-07 22:50 - 2013-08-17 18:49 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 22:31 - 2014-05-06 22:31 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-03 20:30 - 2013-08-21 16:23 - 00000000 ____D () C:\Users\Montana\AppData\Roaming\vlc
2014-05-03 20:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-30 13:16 - 2014-04-30 13:16 - 00001083 _____ () C:\Users\Montana\Desktop\Minecraft.lnk
2014-04-30 13:15 - 2014-04-30 13:15 - 00675988 _____ () C:\Users\Montana\Downloads\Minecraft.exe
2014-04-30 13:15 - 2013-08-17 19:09 - 00000000 ____D () C:\Users\Montana\AppData\Roaming\.minecraft
2014-04-29 23:52 - 2014-03-18 02:45 - 00000000 ____D () C:\Users\Montana\AppData\Roaming\Skype
2014-04-29 16:01 - 2014-05-04 02:02 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 15:40 - 2014-05-04 02:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 14:48 - 2014-05-04 02:02 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 14:34 - 2014-05-04 02:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-28 10:45 - 2014-04-28 10:45 - 00034458 _____ () C:\Users\Montana\Desktop\Addition.txt
2014-04-28 10:40 - 2014-04-28 10:40 - 00000000 _____ () C:\Users\Montana\defogger_reenable
2014-04-28 10:40 - 2013-08-17 18:40 - 00000000 ____D () C:\Users\Montana
2014-04-28 10:37 - 2014-04-28 10:37 - 00380416 _____ () C:\Users\Montana\Desktop\Gmer-19357.exe
2014-04-28 10:32 - 2014-04-28 10:32 - 00050477 _____ () C:\Users\Montana\Desktop\Defogger.exe
2014-04-28 00:18 - 2014-04-05 21:06 - 00000000 ____D () C:\Users\Montana\AppData\Local\Battle.net
2014-04-24 14:07 - 2013-09-04 19:07 - 00000000 ____D () C:\Users\Montana\AppData\Local\Akamai
2014-04-16 20:38 - 2014-04-05 21:16 - 00000000 ____D () C:\Users\Montana\AppData\Roaming\TS3Client
2014-04-15 13:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-14 04:24 - 2014-05-06 15:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-05-06 15:24 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
Some content of TEMP:
====================
C:\Users\Montana\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-03 20:12
==================== End Of Log ============================ --- --- --- |