Hallo.
Hier die drei Log-Files:
1.) FRST.txt:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-08-2013 01
Ran by Andreas (administrator) on 14-08-2013 14:59:52
Running from C:\Users\Andreas\Downloads
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Comodo Security Solutions Inc.) C:\Program Files\Common Files\COMODO\launcher_service.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
() C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
() C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(X10) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe
(Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WButton.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(1und1 Mail und Media GmbH) C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Bake Cake) C:\Users\Andreas\AppData\Roaming\Betcat\WebCakeDesktop.exe
() C:\Users\Andreas\Qtrax\Player\Notification.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Users\Andreas\Downloads\Defogger(1).exe
(Farbar) C:\Users\Andreas\Downloads\FRST(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9177632 2010-04-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1423904 2010-04-23] (Realtek Semiconductor)
HKLM\...\Run: [HotkeyApp] - C:\Program Files\Launch Manager\HotkeyApp.exe [200704 2009-12-14] (Wistron)
HKLM\...\Run: [LMgrVolOSD] - C:\Program Files\Launch Manager\OSD.exe [348960 2009-12-11] (Wistron Corp.)
HKLM\...\Run: [LMgrOSD] - "C:\Program Files\Launch Manager\OSDCtrl.exe" [x]
HKLM\...\Run: [Wbutton] - C:\Program Files\Launch Manager\Wbutton.exe [413696 2010-01-13] (Wistron Corp.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2009-12-11] (Synaptics Incorporated)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [14830184 2010-04-15] (NVIDIA Corporation)
HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2516296 2010-03-25] (CANON INC.)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey [x] <===== ATTENTION (File name is altered)
HKLM\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime [x]
HKLM\...\Run: [MailCheck IE Broker] - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [1513536 2013-02-04] (1und1 Mail und Media GmbH)
HKLM\...\Run: [gbrspcontrol] - C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-04-17] (Comodo Security Solutions, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-06-10] (Geek Software GmbH)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [msnmsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKCU\...\Run: [Device Detection] - C:\Program Files\Lidl_Fotos\dd.exe [x]
HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [x]
HKCU\...\Run: [Browser Infrastructure Helper] - C:\Users\Andreas\AppData\Local\Smartbar\Application\SnapDo.exe startup [x]
HKCU\...\Run: [WebCake Desktop] - C:\Users\Andreas\AppData\Roaming\Betcat\WebCakeDesktop.exe [52504 2013-08-10] (Bake Cake)
HKCU\...\Run: [NTRedirect] - C:\Users\Andreas\AppData\Roaming\BabSolution\Shared\NTRedirect.dll [127472 2013-08-04] () <===== ATTENTION
HKCU\...\Run: [QtraxNotification] - C:\Users\Andreas\Qtrax\Player\Notification.exe [118568 2013-08-14] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\Comodo\GeekBuddy\launcher.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\t@x aktuell.lnk
ShortcutTarget: t@x aktuell.lnk -> C:\Program Files\tax Steuersoftware 2013\taxaktuell.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Live Mail.lnk
ShortcutTarget: Windows Live Mail.lnk -> C:\Program Files\Windows Live\Mail\wlmail.exe (No File)
Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=522ddc99-27d1-49b8-964b-e03a4788c02d&searchtype=ds&q={searchTerms}&installDate={installDate}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=1C311C4BD6E53C5C&affID=119357&tsp=4974
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=522ddc99-27d1-49b8-964b-e03a4788c02d&searchtype=ds&q={searchTerms}&installDate={installDate}
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=1C311C4BD6E53C5C&affID=119357&tsp=4974
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mysearch.sweetpacks.com/?src=10&st=12&crg=3.5000006.10053&barid={98D8D4D2-EFDF-11E2-BB4A-00262DBF7A31}
SearchScopes: HKLM - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://mysearch.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10053&barid={98D8D4D2-EFDF-11E2-BB4A-00262DBF7A31}
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://mysearch.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10053&barid={98D8D4D2-EFDF-11E2-BB4A-00262DBF7A31}
SearchScopes: HKCU - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://mysearch.sweetpacks.com?src=6&q={searchTerms}&barid={98D8D4D2-EFDF-11E2-BB4A-00262DBF7A31}&crg=3.5000006.10053&st=23
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=522ddc99-27d1-49b8-964b-e03a4788c02d&searchtype=ds&q={searchTerms}&installDate={installDate}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=1C311C4BD6E53C5C&affID=119357&tsp=4974
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://mysearch.sweetpacks.com?src=6&q={searchTerms}&barid={98D8D4D2-EFDF-11E2-BB4A-00262DBF7A31}&crg=3.5000006.10053&st=23
BHO: WebCake - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files\WebCake\WebCakeIEClient.dll No File
BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO: DealPly Shopping - {9cf699ca-2174-4ed8-bec1-ba82095edce0} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
BHO: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll No File
BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.22.0\bh\delta.dll (Delta-search.com)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll No File
Toolbar: HKLM - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
Toolbar: HKLM - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll No File
Toolbar: HKLM - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.22.0\deltaTlbr.dll (Delta-search.com)
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
Toolbar: HKCU -DVDVideoSoftTB Toolbar - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll No File
Toolbar: HKCU -No Name - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No File
Toolbar: HKCU -No Name - {7F4D8DE6-AC92-4A13-9DE9-F360736F2464} - No File
Toolbar: HKCU -WEB.DE MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll No File
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {28B66320-9687-4B13-8757-36F901887AB5} hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/canvasx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL No File
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll No File
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\pr6083ft.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @tools.dpliveupdate.com/DealPlyLive Update;version=3 - C:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin: @tools.dpliveupdate.com/DealPlyLive Update;version=9 - C:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{DEDAF650-12B8-48f5-A843-BBA100716106}] C:\Program Files\Updater By Sweetpacks\Firefox
========================== Services (Whitelisted) =================
R2 BrowserDefendert; C:\ProgramData\BrowserDefender\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2847696 2013-07-26] ()
S2 BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2787280 2013-03-22] ()
R2 CLPSLauncher; C:\Program Files\Common Files\COMODO\launcher_service.exe [70344 2013-04-17] (Comodo Security Solutions Inc.)
S2 dealplylive; C:\Program Files\DealPlyLive\Update\DealPlyLive.exe [148000 2013-08-14] (DealPly Technologies Ltd)
S3 dealplylivem; C:\Program Files\DealPlyLive\Update\DealPlyLive.exe [148000 2013-08-14] (DealPly Technologies Ltd)
S2 GeekBuddyRSP; C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-04-17] (Comodo Security Solutions, Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
R2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [1800808 2010-04-15] (NVIDIA Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1724192 2013-01-28] (TuneUp Software)
S4 WebCake Desktop Updater; C:\Users\Andreas\AppData\Roaming\WebCake\WebCakeDesktop.exe [47896 2013-05-31] (WebCake LLC)
R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118560 2009-10-22] (Wistron Corp.)
R2 x10nets; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [20480 2009-11-07] (X10)
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [x]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [x]
S3 gusvc; "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" [x]
S2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [x]
==================== Drivers (Whitelisted) ====================
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-05-16] ()
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-05-10] (Avira Operations GmbH & Co. KG)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [35064 2012-09-03] (Windows (R) Win 7 DDK provider)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-02-05] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2011-05-16] ()
S3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [786400 2009-08-13] (DiBcom SA)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-14] (Ralink Technology Corp.)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2009-05-13] (X10 Wireless Technology, Inc.)
S3 TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-14 14:58 - 2013-08-14 14:58 - 01068807 _____ (Farbar) C:\Users\Andreas\Downloads\FRST.exe
2013-08-14 14:58 - 2013-08-14 14:58 - 01068807 _____ (Farbar) C:\Users\Andreas\Downloads\FRST(1).exe
2013-08-14 14:56 - 2013-08-14 14:56 - 00000476 _____ C:\Users\Andreas\Downloads\defogger_disable.log
2013-08-14 14:56 - 2013-08-14 14:56 - 00000000 _____ C:\Users\Andreas\defogger_reenable
2013-08-14 14:55 - 2013-08-14 14:55 - 00050477 _____ C:\Users\Andreas\Downloads\Defogger.exe
2013-08-14 14:55 - 2013-08-14 14:55 - 00050477 _____ C:\Users\Andreas\Downloads\Defogger(1).exe
2013-08-14 14:50 - 2013-08-14 14:50 - 00000000 ____D C:\Users\Andreas\Qtrax
2013-08-14 14:46 - 2013-08-14 14:52 - 00000892 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
2013-08-14 14:46 - 2013-08-14 14:51 - 00000896 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
2013-08-14 14:46 - 2013-08-14 14:46 - 00001032 _____ C:\Users\Public\Desktop\Open It!.lnk
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\BabSolution
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\Users\Andreas\AppData\Local\DealPlyLive
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\ProgramData\DealPlyLive
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\Program Files\OpenIt
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\Program Files\Delta
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\Program Files\DealPlyLive
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\Program Files\DealPly
2013-08-14 14:45 - 2013-08-14 14:45 - 00714352 _____ C:\Users\Andreas\Downloads\ZipOpenerSetup.exe
2013-08-10 21:25 - 2013-08-14 14:53 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Betcat
2013-08-10 20:58 - 2013-08-11 09:37 - 00085012 _____ C:\Windows\PFRO.log
2013-08-09 18:54 - 2013-08-09 18:54 - 00666633 _____ C:\Users\Andreas\Downloads\adwcleaner.exe
2013-08-09 16:27 - 2013-08-09 16:27 - 01067456 _____ (Solid State Networks) C:\Users\Andreas\Downloads\install_flashplayer11x32au_mssd_aaa_aih.exe
2013-08-06 21:32 - 2013-08-06 21:32 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-03 21:20 - 2013-08-03 21:20 - 00903080 _____ (Oracle Corporation) C:\Users\Andreas\Downloads\jxpiinstall(2).exe
2013-08-03 21:19 - 2013-08-03 21:19 - 00000000 ____D C:\ProgramData\APN
2013-08-03 21:17 - 2013-08-03 21:17 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-03 21:17 - 2013-08-03 21:17 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-03 21:17 - 2013-08-03 21:17 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-03 21:17 - 2013-08-03 21:17 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-08-03 21:17 - 2013-08-03 21:17 - 00000000 ____D C:\Program Files\Java
2013-08-03 21:17 - 2013-08-03 21:17 - 00000000 ____D C:\Program Files\Common Files\Java
2013-08-03 21:15 - 2013-08-03 21:15 - 00903080 _____ (Oracle Corporation) C:\Users\Andreas\Downloads\jxpiinstall(1).exe
2013-08-03 21:14 - 2013-08-03 21:14 - 00903080 _____ (Oracle Corporation) C:\Users\Andreas\Downloads\jxpiinstall.exe
2013-07-30 12:13 - 2013-07-30 12:13 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\LaunchPad
2013-07-27 16:28 - 2013-08-10 21:02 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Web Cake
2013-07-27 09:34 - 2013-08-03 11:34 - 00000077 _____ C:\Users\Andreas\AppData\Roaming\WB.CFG
2013-07-25 19:22 - 2013-07-25 19:22 - 00036102 _____ C:\Users\Andreas\Desktop\D-Dimere.htm
2013-07-25 19:22 - 2013-07-25 19:22 - 00000000 ____D C:\Users\Andreas\Desktop\D-Dimere_files
2013-07-25 10:00 - 2013-08-14 14:53 - 00000000 ____D C:\Users\Andreas\Tracing
2013-07-24 07:55 - 2013-08-14 14:52 - 00003091 _____ C:\Windows\setupact.log
2013-07-24 07:55 - 2013-07-24 07:55 - 00000000 _____ C:\Windows\setuperr.log
2013-07-23 09:32 - 2013-07-23 09:32 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\digital publishing
2013-07-23 09:09 - 2013-07-23 09:10 - 00000000 ____D C:\Users\Andreas\Desktop\Old Firefox Data
2013-07-23 08:50 - 2013-07-23 08:50 - 00000929 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-07-23 08:50 - 2013-07-23 08:50 - 00000000 ____D C:\Program Files\CCleaner
2013-07-23 08:48 - 2013-07-23 08:48 - 03357912 _____ (Piriform Ltd) C:\Users\Andreas\Downloads\ccsetup403_slim.exe
2013-07-22 11:08 - 2013-07-22 11:09 - 49904760 _____ C:\Users\Andreas\Downloads\mpnx_3_0-win-3_05-ea23_2.exe
2013-07-22 09:47 - 2013-07-22 09:47 - 00277456 _____ C:\Users\Andreas\Downloads\Setup(1).exe
2013-07-21 17:17 - 2013-07-21 17:17 - 00000000 ____D C:\Users\Andreas\AppData\Local\PDF24
2013-07-21 17:12 - 2013-07-21 17:13 - 00000000 ____D C:\Program Files\PDF24
2013-07-21 17:12 - 2013-07-21 17:12 - 00001778 _____ C:\Users\Public\Desktop\PDF24 Editor.lnk
2013-07-21 17:12 - 2013-07-21 17:12 - 00001763 _____ C:\Users\Public\Desktop\PDF24 Fax.lnk
2013-07-21 17:09 - 2013-07-21 17:10 - 15905080 _____ (Geek Software GmbH ) C:\Users\Andreas\Downloads\pdf24-creator-5.6.0.exe
2013-07-20 00:50 - 2013-07-22 10:33 - 00000005 _____ C:\Users\Andreas\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-07-18 21:24 - 2013-07-18 21:24 - 00000000 ____D C:\Program Files\SweetIM
2013-07-18 21:24 - 2011-05-14 01:17 - 00554832 _____ (Microsoft Corporation) C:\Windows\system32\msvcp80.dll
2013-07-18 21:24 - 2011-05-14 01:17 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\msvcm80.dll
2013-07-18 21:24 - 2011-05-13 16:59 - 00001870 _____ C:\Windows\system32\Microsoft.VC80.CRT.manifest
2013-07-18 21:23 - 2013-07-18 21:23 - 00277440 _____ C:\Users\Andreas\Downloads\Setup.exe
2013-07-17 09:18 - 2013-07-17 09:18 - 00011320 _____ C:\Users\Andreas\Documents\Finanzierung von Nicoles Auto_Hyundai i30.xlsx
==================== One Month Modified Files and Folders =======
2013-08-14 14:59 - 2013-08-14 14:59 - 00000000 ____D C:\FRST
2013-08-14 14:58 - 2013-08-14 14:58 - 01068807 _____ (Farbar) C:\Users\Andreas\Downloads\FRST.exe
2013-08-14 14:58 - 2013-08-14 14:58 - 01068807 _____ (Farbar) C:\Users\Andreas\Downloads\FRST(1).exe
2013-08-14 14:56 - 2013-08-14 14:56 - 00000476 _____ C:\Users\Andreas\Downloads\defogger_disable.log
2013-08-14 14:56 - 2013-08-14 14:56 - 00000000 _____ C:\Users\Andreas\defogger_reenable
2013-08-14 14:56 - 2010-12-09 22:05 - 00000000 ____D C:\Users\Andreas
2013-08-14 14:55 - 2013-08-14 14:55 - 00050477 _____ C:\Users\Andreas\Downloads\Defogger.exe
2013-08-14 14:55 - 2013-08-14 14:55 - 00050477 _____ C:\Users\Andreas\Downloads\Defogger(1).exe
2013-08-14 14:53 - 2013-08-10 21:25 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Betcat
2013-08-14 14:53 - 2013-07-25 10:00 - 00000000 ____D C:\Users\Andreas\Tracing
2013-08-14 14:52 - 2013-08-14 14:46 - 00000892 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
2013-08-14 14:52 - 2013-07-24 07:55 - 00003091 _____ C:\Windows\setupact.log
2013-08-14 14:52 - 2013-07-14 14:34 - 00000294 _____ C:\Windows\Tasks\DSite.job
2013-08-14 14:52 - 2013-06-06 23:12 - 00000298 _____ C:\Windows\Tasks\Dealply.job
2013-08-14 14:52 - 2011-03-30 09:49 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-14 14:52 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-14 14:51 - 2013-08-14 14:46 - 00000896 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
2013-08-14 14:51 - 2010-12-09 22:04 - 01978499 _____ C:\Windows\WindowsUpdate.log
2013-08-14 14:50 - 2013-08-14 14:50 - 00000000 ____D C:\Users\Andreas\Qtrax
2013-08-14 14:47 - 2012-08-18 15:14 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-14 14:46 - 2013-08-14 14:46 - 00001032 _____ C:\Users\Public\Desktop\Open It!.lnk
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\BabSolution
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\Users\Andreas\AppData\Local\DealPlyLive
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\ProgramData\DealPlyLive
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\Program Files\OpenIt
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\Program Files\Delta
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\Program Files\DealPlyLive
2013-08-14 14:46 - 2013-08-14 14:46 - 00000000 ____D C:\Program Files\DealPly
2013-08-14 14:45 - 2013-08-14 14:45 - 00714352 _____ C:\Users\Andreas\Downloads\ZipOpenerSetup.exe
2013-08-14 14:26 - 2010-05-05 12:28 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-14 14:16 - 2011-03-30 09:49 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-14 11:37 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-08-14 08:20 - 2009-07-14 06:34 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-14 08:20 - 2009-07-14 06:34 - 00009888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-13 10:34 - 2013-07-14 16:34 - 00000005 _____ C:\Users\Andreas\AppData\Roaming\WBPU-TTL.DAT
2013-08-12 23:08 - 2011-07-25 21:49 - 00000000 ____D C:\Users\Andreas\Documents\Bewerbungsunterlagen AK
2013-08-11 09:37 - 2013-08-10 20:58 - 00085012 _____ C:\Windows\PFRO.log
2013-08-10 21:02 - 2013-07-27 16:28 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\Web Cake
2013-08-10 20:58 - 2010-12-14 22:44 - 00000000 ____D C:\ProgramData\WebEx
2013-08-09 18:54 - 2013-08-09 18:54 - 00666633 _____ C:\Users\Andreas\Downloads\adwcleaner.exe
2013-08-09 16:27 - 2013-08-09 16:27 - 01067456 _____ (Solid State Networks) C:\Users\Andreas\Downloads\install_flashplayer11x32au_mssd_aaa_aih.exe
2013-08-08 07:57 - 2013-06-06 23:13 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-06 21:32 - 2013-08-06 21:32 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-03 21:20 - 2013-08-03 21:20 - 00903080 _____ (Oracle Corporation) C:\Users\Andreas\Downloads\jxpiinstall(2).exe
2013-08-03 21:19 - 2013-08-03 21:19 - 00000000 ____D C:\ProgramData\APN
2013-08-03 21:17 - 2013-08-03 21:17 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-08-03 21:17 - 2013-08-03 21:17 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-08-03 21:17 - 2013-08-03 21:17 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-08-03 21:17 - 2013-08-03 21:17 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-08-03 21:17 - 2013-08-03 21:17 - 00000000 ____D C:\Program Files\Java
2013-08-03 21:17 - 2013-08-03 21:17 - 00000000 ____D C:\Program Files\Common Files\Java
2013-08-03 21:17 - 2010-05-05 13:18 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-08-03 21:17 - 2010-05-05 13:18 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-08-03 21:15 - 2013-08-03 21:15 - 00903080 _____ (Oracle Corporation) C:\Users\Andreas\Downloads\jxpiinstall(1).exe
2013-08-03 21:14 - 2013-08-03 21:14 - 00903080 _____ (Oracle Corporation) C:\Users\Andreas\Downloads\jxpiinstall.exe
2013-08-03 11:34 - 2013-07-27 09:34 - 00000077 _____ C:\Users\Andreas\AppData\Roaming\WB.CFG
2013-07-30 12:13 - 2013-07-30 12:13 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\LaunchPad
2013-07-29 15:10 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\LiveKernelReports
2013-07-27 20:36 - 2013-06-02 12:27 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\WebCake
2013-07-25 20:33 - 2011-04-18 09:39 - 00000000 ____D C:\Users\Andreas\Desktop\Nicole
2013-07-25 19:22 - 2013-07-25 19:22 - 00036102 _____ C:\Users\Andreas\Desktop\D-Dimere.htm
2013-07-25 19:22 - 2013-07-25 19:22 - 00000000 ____D C:\Users\Andreas\Desktop\D-Dimere_files
2013-07-24 07:55 - 2013-07-24 07:55 - 00000000 _____ C:\Windows\setuperr.log
2013-07-23 09:32 - 2013-07-23 09:32 - 00000000 ____D C:\Users\Andreas\AppData\Roaming\digital publishing
2013-07-23 09:10 - 2013-07-23 09:09 - 00000000 ____D C:\Users\Andreas\Desktop\Old Firefox Data
2013-07-23 09:04 - 2011-09-19 13:11 - 00000000 ____D C:\Windows\Minidump
2013-07-23 09:04 - 2010-05-05 22:00 - 00000000 ____D C:\Windows\Panther
2013-07-23 08:50 - 2013-07-23 08:50 - 00000929 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-07-23 08:50 - 2013-07-23 08:50 - 00000000 ____D C:\Program Files\CCleaner
2013-07-23 08:48 - 2013-07-23 08:48 - 03357912 _____ (Piriform Ltd) C:\Users\Andreas\Downloads\ccsetup403_slim.exe
2013-07-22 20:27 - 2012-10-10 13:08 - 00000000 ____D C:\Users\Andreas\Desktop\Verkauf!!!!!!!
2013-07-22 11:10 - 2010-12-30 22:56 - 00002005 _____ C:\Users\Public\Desktop\Canon MP Navigator EX 3.0.lnk
2013-07-22 11:09 - 2013-07-22 11:08 - 49904760 _____ C:\Users\Andreas\Downloads\mpnx_3_0-win-3_05-ea23_2.exe
2013-07-22 11:09 - 2010-12-30 22:55 - 00000000 ____D C:\Program Files\Canon
2013-07-22 10:33 - 2013-07-20 00:50 - 00000005 _____ C:\Users\Andreas\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-07-22 09:47 - 2013-07-22 09:47 - 00277456 _____ C:\Users\Andreas\Downloads\Setup(1).exe
2013-07-21 17:17 - 2013-07-21 17:17 - 00000000 ____D C:\Users\Andreas\AppData\Local\PDF24
2013-07-21 17:13 - 2013-07-21 17:12 - 00000000 ____D C:\Program Files\PDF24
2013-07-21 17:12 - 2013-07-21 17:12 - 00001778 _____ C:\Users\Public\Desktop\PDF24 Editor.lnk
2013-07-21 17:12 - 2013-07-21 17:12 - 00001763 _____ C:\Users\Public\Desktop\PDF24 Fax.lnk
2013-07-21 17:10 - 2013-07-21 17:09 - 15905080 _____ (Geek Software GmbH ) C:\Users\Andreas\Downloads\pdf24-creator-5.6.0.exe
2013-07-19 20:30 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-07-18 21:24 - 2013-07-18 21:24 - 00000000 ____D C:\Program Files\SweetIM
2013-07-18 21:24 - 2013-05-22 16:53 - 00000000 ____D C:\Users\Andreas\Desktop\Silverlight
2013-07-18 21:23 - 2013-07-18 21:23 - 00277440 _____ C:\Users\Andreas\Downloads\Setup.exe
2013-07-17 09:18 - 2013-07-17 09:18 - 00011320 _____ C:\Users\Andreas\Documents\Finanzierung von Nicoles Auto_Hyundai i30.xlsx
Files to move or delete:
====================
C:\Users\Andreas\AppData\Roaming\BabSolution\Shared\NTRedirect.dll
C:\Users\Andreas\kidizoom-twist-pink-kidizoom-twist-foto-editor-pc.exe
C:\Users\Andreas\TagesSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-30 10:01
==================== End Of Log ============================
--- --- ---
--- --- ---
[/CODE]
2.) Addition.txt: Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-08-2013 01
Ran by Andreas at 2013-08-14 15:01:23
Running from C:\Users\Andreas\Downloads
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03)
Apple Software Update (Version: 2.1.3.127)
Arbeitszeugnisse für Führungskräfte
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.27)
Blacksails
BrowserDefender
Canon MP Navigator EX 3.0
Canon MP560 series MP Drivers
Canon My Printer
CCleaner (Version: 4.03)
CDBurnerXP (Version: 4.5.0.3717)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000)
Conduit Engine (Version: )
CyberLink LabelPrint (Version: 2.5.2602)
CyberLink Power2Go (Version: 6.1.3602c)
CyberLink PowerDVD Copy (Version: 1.5.1306)
CyberLink YouCam (Version: 3.0.2609)
D3DX10 (Version: 15.4.2368.0902)
Dealply
DealPly (remove only) (Version: 4.8.7.3)
Delta Chrome Toolbar
Delta toolbar (Version: 1.8.22.0)
FormatFactory 3.0.1 (Version: 3.0.1)
Free Audio CD Burner version 1.4.7
Free YouTube to MP3 Converter version 3.11.17.319 (Version: 3.11.17.319)
GeekBuddy (Version: 4.7.55)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.135)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.2086)
Intel(R) Management Engine Components (Version: 6.0.0.1179)
Intel(R) Rapid Storage Technology (Version: 9.6.0.1014)
Internet Explorer Toolbar 4.9 by SweetPacks (Version: 4.9.0000)
Jack Keane
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java(TM) 6 Update 20 (Version: 6.0.200)
Junk Mail filter update (Version: 15.4.3502.0922)
Kidizoom Photo Editor (Version: 1.00.0000)
K-Lite Codec Pack 6.0.4 (Basic) (Version: 6.0.4)
Launch Manager V1.5.0.8 (Version: 1.5.0.8)
Medion Home Cinema (Version: 8.0.1318)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [DEU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 23.0 (x86 en-US) (Version: 23.0)
Mozilla Maintenance Service (Version: 23.0)
MP4 To MP3 Converter V3.0
MSVCRT (Version: 15.4.2862.0708)
MyFreeCodec
MyPhoneExplorer (Version: 1.8.4)
NVIDIA Drivers (Version: 1.10.60.38)
NVIDIA Updatus (Version: 1.0.3)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Open It! (Version: 1.1.1)
PDF24 Creator 5.6.0
PDFCreator (Version: 1.1.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
Qtrax Connection Manager (HKCU Version: 20.13.07.02)
QuickTime (Version: 7.73.80.64)
Ravensburger tiptoi
Realtek High Definition Audio Driver (Version: 6.0.1.6096)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30117)
REALTEK Wireless LAN Driver (Version: 1.00.0145)
Skype™ 6.3 (Version: 6.3.105)
Snap.Do (Version: 1.6.1.921)
Snap.Do Engine (HKCU Version: 1.6.1.921)
Synaptics Pointing Device Driver (Version: 14.0.19.0)
t@x 2011 (Version: 18.00.6928)
t@x 2012 (Version: 19.03.7334)
t@x 2013 (Version: 20.00.8137)
TuneUp Utilities 2013 (Version: 13.0.3020.2)
TuneUp Utilities Language Pack (de-DE) (Version: 13.0.3020.2)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition
Update for Zip Opener
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Video Converter Packages
WebCake 3.00 (Version: 3.00)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR
X10 Hardware(TM)
Zip Opener Packages
==================== Restore Points =========================
22-07-2013 22:11:01 Windows Update
23-07-2013 21:30:38 Windows Update
25-07-2013 21:15:45 Windows Update
26-07-2013 20:29:46 Windows Update
27-07-2013 20:28:21 Windows Update
29-07-2013 04:43:04 Windows Update
30-07-2013 05:34:12 Windows Update
31-07-2013 06:07:33 Windows Update
31-07-2013 20:20:51 Windows Update
01-08-2013 20:50:30 Windows Update
03-08-2013 09:22:00 Windows Update
03-08-2013 19:16:38 Installed Java 7 Update 25
03-08-2013 21:27:18 Windows Update
04-08-2013 18:30:38 Windows Update
04-08-2013 20:45:49 Windows Update
05-08-2013 21:00:31 Windows Update
07-08-2013 05:40:54 Windows Update
08-08-2013 06:01:47 Windows Update
08-08-2013 20:49:58 Windows Update
09-08-2013 16:32:41 Removed Apple Software Update
09-08-2013 16:33:53 Removed Bonjour
09-08-2013 16:35:06 Removed GuardBar
10-08-2013 19:04:41 Windows Update
10-08-2013 21:28:39 Windows Update
11-08-2013 08:43:24 Windows Update
11-08-2013 20:08:23 Windows Update
12-08-2013 21:08:53 Windows Update
13-08-2013 19:26:38 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {04454970-1D93-482F-AA1D-AC84EA542578} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2013\OneClick.exe [2013-01-28] (TuneUp Software)
Task: {0FEB5211-F666-4EA9-A5B7-808404430783} - System32\Tasks\Registration 1und1 Task => C:\Program Files\1und1Softwareaktualisierung\cdsupdclient.exe No File
Task: {13478D28-0C90-4E03-BDB7-4A6B81B4DE31} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {1BC0B76F-C66F-4800-A48B-8B680A957437} - System32\Tasks\BrowserDefendert => C:\Windows\system32\sc.exe [2009-07-14] (Microsoft Corporation)
Task: {2A22786D-FC88-4F4C-96A4-6984311C208B} - System32\Tasks\DealPlyLiveUpdateTaskMachineUA => C:\Program Files\DealPlyLive\Update\DealPlyLive.exe [2013-08-14] (DealPly Technologies Ltd)
Task: {33183586-A44E-483E-90A4-E1D69EB4DA2B} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\MpCmdRun.exe No File
Task: {3B4525C7-8A33-4F6C-9F3F-967057E4EA5A} - System32\Tasks\Dealply => C:\Users\Andreas\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE [2013-04-12] ()
Task: {49F63648-BB81-40B2-8D22-03132E7711A3} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe No File
Task: {521E3475-5BA6-4354-850E-C0159AC82230} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {694C2FB4-C5F2-4C9F-961A-EBBF0A4839C9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {6CCF3FD5-9549-4DEE-93C7-1922B24E0E41} - System32\Tasks\DSite => C:\Users\Andreas\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE [2013-08-14] ()
Task: {7B5497B0-A459-4EC9-AF04-0092544646B9} - System32\Tasks\DealPlyLiveUpdateTaskMachineCore => C:\Program Files\DealPlyLive\Update\DealPlyLive.exe [2013-08-14] (DealPly Technologies Ltd)
Task: {8D36F3E0-EAB5-4466-B629-3C65003679FD} - System32\Tasks\DealPlyUpdate => C:\Program No File
Task: {9C19363A-1688-47F8-B20E-7D08337EE007} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe No File
Task: {A447371F-CA08-456D-B160-DAC264FE5D3C} - System32\Tasks\QtraxPlayer => C:\Program Files\Microsoft Silverlight\sllauncher.exe [2013-05-13] (Microsoft Corporation)
Task: {B763684E-7295-40AA-9EE2-DAF61740F9D4} - System32\Tasks\EPUpdater => C:\Users\Andreas\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [2013-08-04] ()
Task: {C2B39372-E7F0-43B5-A657-7C4C2F51729D} - System32\Tasks\BrowserProtect => C:\Windows\system32\sc.exe [2009-07-14] (Microsoft Corporation)
Task: {C3AC2A95-68AB-4509-A22B-3CF5D606A88D} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {CF38E589-331C-4639-B563-97D68162FBB4} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {F257198F-7B9C-4022-A3AC-3DF15EFD7487} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe No File
Task: {F7D7E18C-C106-405B-BCF8-233FA1F1FCEA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe No File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Dealply.job => C:\Users\Andreas\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job => C:\Program Files\DealPlyLive\Update\DealPlyLive.exe
Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job => C:\Program Files\DealPlyLive\Update\DealPlyLive.exe
Task: C:\Windows\Tasks\DSite.job => C:\Users\Andreas\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Faulty Device Manager Devices =============
Name: TuneUpUtilitiesDrv
Description: TuneUpUtilitiesDrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: TuneUpUtilitiesDrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/14/2013 02:53:00 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: taskhost.exe, Version: 6.1.7601.18010, Zeitstempel: 0x50aee407
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003224d
ID des fehlerhaften Prozesses: 0x80
Startzeit der fehlerhaften Anwendung: 0xtaskhost.exe0
Pfad der fehlerhaften Anwendung: taskhost.exe1
Pfad des fehlerhaften Moduls: taskhost.exe2
Berichtskennung: taskhost.exe3
Error: (08/14/2013 02:52:11 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path name Fehler bei der Überprüfung. Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error: (08/14/2013 02:52:11 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path name Fehler bei der Überprüfung. Fehler: Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error: (08/14/2013 02:52:11 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path name Fehler bei der Überprüfung. Fehler: Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error: (08/14/2013 02:46:23 PM) (Source: MsiInstaller) (User: Andreas-PC)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\DealPlyLive\Update\1.3.23.0\GoogleUpdateHelper.msi
Error: (08/14/2013 02:46:00 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: BrowserProtect.exe, Version: 2.6.1249.132, Zeitstempel: 0x514c661b
Name des fehlerhaften Moduls: BrowserProtect.exe, Version: 2.6.1249.132, Zeitstempel: 0x514c661b
Ausnahmecode: 0x40000015
Fehleroffset: 0x00102a30
ID des fehlerhaften Prozesses: 0x1280
Startzeit der fehlerhaften Anwendung: 0xBrowserProtect.exe0
Pfad der fehlerhaften Anwendung: BrowserProtect.exe1
Pfad des fehlerhaften Moduls: BrowserProtect.exe2
Berichtskennung: BrowserProtect.exe3
Error: (08/14/2013 02:45:00 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: BrowserProtect.exe, Version: 2.6.1249.132, Zeitstempel: 0x514c661b
Name des fehlerhaften Moduls: BrowserProtect.exe, Version: 2.6.1249.132, Zeitstempel: 0x514c661b
Ausnahmecode: 0x40000015
Fehleroffset: 0x00102a30
ID des fehlerhaften Prozesses: 0x1ab4
Startzeit der fehlerhaften Anwendung: 0xBrowserProtect.exe0
Pfad der fehlerhaften Anwendung: BrowserProtect.exe1
Pfad des fehlerhaften Moduls: BrowserProtect.exe2
Berichtskennung: BrowserProtect.exe3
Error: (08/14/2013 02:44:00 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: BrowserProtect.exe, Version: 2.6.1249.132, Zeitstempel: 0x514c661b
Name des fehlerhaften Moduls: BrowserProtect.exe, Version: 2.6.1249.132, Zeitstempel: 0x514c661b
Ausnahmecode: 0x40000015
Fehleroffset: 0x00102a30
ID des fehlerhaften Prozesses: 0x1b20
Startzeit der fehlerhaften Anwendung: 0xBrowserProtect.exe0
Pfad der fehlerhaften Anwendung: BrowserProtect.exe1
Pfad des fehlerhaften Moduls: BrowserProtect.exe2
Berichtskennung: BrowserProtect.exe3
Error: (08/14/2013 02:43:00 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: BrowserProtect.exe, Version: 2.6.1249.132, Zeitstempel: 0x514c661b
Name des fehlerhaften Moduls: BrowserProtect.exe, Version: 2.6.1249.132, Zeitstempel: 0x514c661b
Ausnahmecode: 0x40000015
Fehleroffset: 0x00102a30
ID des fehlerhaften Prozesses: 0x188c
Startzeit der fehlerhaften Anwendung: 0xBrowserProtect.exe0
Pfad der fehlerhaften Anwendung: BrowserProtect.exe1
Pfad des fehlerhaften Moduls: BrowserProtect.exe2
Berichtskennung: BrowserProtect.exe3
Error: (08/14/2013 02:42:00 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: BrowserProtect.exe, Version: 2.6.1249.132, Zeitstempel: 0x514c661b
Name des fehlerhaften Moduls: BrowserProtect.exe, Version: 2.6.1249.132, Zeitstempel: 0x514c661b
Ausnahmecode: 0x40000015
Fehleroffset: 0x00102a30
ID des fehlerhaften Prozesses: 0xc4c
Startzeit der fehlerhaften Anwendung: 0xBrowserProtect.exe0
Pfad der fehlerhaften Anwendung: BrowserProtect.exe1
Pfad des fehlerhaften Moduls: BrowserProtect.exe2
Berichtskennung: BrowserProtect.exe3
System errors:
=============
Error: (08/14/2013 03:01:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BrowserProtect" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1083
Error: (08/14/2013 03:00:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BrowserProtect" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1083
Error: (08/14/2013 02:59:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BrowserProtect" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1083
Error: (08/14/2013 02:58:26 PM) (Source: NetBT) (User: )
Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.20
registriert werden. Der Computer mit IP-Adresse 192.168.178.1 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (08/14/2013 02:58:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BrowserProtect" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1083
Error: (08/14/2013 02:57:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BrowserProtect" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1083
Error: (08/14/2013 02:56:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BrowserProtect" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1083
Error: (08/14/2013 02:55:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (08/14/2013 02:55:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BrowserProtect" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1083
Error: (08/14/2013 02:54:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "BrowserProtect" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1083
Microsoft Office Sessions:
=========================
Error: (01/17/2013 04:01:10 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7977 seconds with 0 seconds of active time. This session ended with a crash.
Error: (01/20/2011 10:49:16 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2970 seconds with 0 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 42%
Total physical RAM: 3254.53 MB
Available physical RAM: 1868.69 MB
Total Pagefile: 6507.35 MB
Available Pagefile: 4815.4 MB
Total Virtual: 2047.88 MB
Available Virtual: 1887.63 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:424.66 GB) (Free:268.09 GB) NTFS
Drive d: (Recover) (Fixed) (Total:40 GB) (Free:31.92 GB) NTFS
Drive e: (Bibi und Tina) (CDROM) (Total:4.27 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: B5FDF437)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=425 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)
==================== End Of Log ============================
3.) ComboFix: Code:
Combofix Logfile:
Code:
ComboFix 13-08-14.01 - Andreas 14.08.2013 16:19:13.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3255.1969 [GMT 2:00]
ausgeführt von:: c:\users\Andreas\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\DealPly
c:\program files\DealPly\uninst.exe
c:\users\Andreas\4.0
c:\users\Andreas\Documents\~WRL0001.tmp
c:\windows\IsUn0407.exe
c:\windows\system32\tmpA746.tmp
c:\windows\system32\tmpA7B4.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-07-14 bis 2013-08-14 ))))))))))))))))))))))))))))))
.
.
2013-08-14 12:59 . 2013-08-14 12:59 -------- d-----w- C:\FRST
2013-08-14 12:50 . 2013-08-14 12:50 -------- d-----w- c:\users\Andreas\Qtrax
2013-08-14 12:46 . 2013-08-14 12:46 -------- d-----w- c:\users\Andreas\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2013-08-14 12:46 . 2013-08-14 12:46 -------- d-----w- c:\programdata\BrowserDefender
2013-08-14 12:46 . 2013-08-14 14:11 -------- d-----w- c:\users\Andreas\AppData\Roaming\BabSolution
2013-08-14 12:46 . 2013-08-14 12:46 -------- d-----w- c:\program files\DealPlyLive
2013-08-14 12:46 . 2013-08-14 12:46 -------- d-----w- c:\users\Andreas\AppData\Local\DealPlyLive
2013-08-14 12:46 . 2013-08-14 12:46 -------- d-----w- c:\programdata\DealPlyLive
2013-08-14 12:46 . 2013-08-14 12:46 -------- d-----w- c:\program files\OpenIt
2013-08-10 19:25 . 2013-08-14 12:53 -------- d-----w- c:\users\Andreas\AppData\Roaming\Betcat
2013-08-03 19:19 . 2013-08-03 19:19 -------- d-----w- c:\programdata\APN
2013-08-03 19:17 . 2013-08-03 19:17 -------- d-----w- c:\program files\Common Files\Java
2013-08-03 19:17 . 2013-08-03 19:17 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-08-03 19:17 . 2013-08-03 19:17 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-08-03 19:17 . 2013-08-03 19:17 -------- d-----w- c:\program files\Java
2013-07-30 10:13 . 2013-07-30 10:13 -------- d-----w- c:\users\Andreas\AppData\Roaming\LaunchPad
2013-07-27 14:28 . 2013-08-10 19:02 -------- d-----w- c:\users\Andreas\AppData\Roaming\Web Cake
2013-07-25 08:00 . 2013-08-14 12:53 -------- d-----w- c:\users\Andreas\Tracing
2013-07-23 07:32 . 2013-07-23 07:32 -------- d-----w- c:\users\Andreas\AppData\Roaming\digital publishing
2013-07-21 15:17 . 2013-07-21 15:17 -------- d-----w- c:\users\Andreas\AppData\Local\PDF24
2013-07-21 15:12 . 2013-07-21 15:13 -------- d-----w- c:\program files\PDF24
2013-07-21 15:12 . 2013-07-21 15:12 -------- d-----w- c:\users\Andreas\AppData\Local\Programs
2013-07-18 19:24 . 2013-07-18 19:24 -------- d-----w- c:\program files\SweetIM
2013-07-18 19:24 . 2011-05-13 23:17 479232 ----a-w- c:\windows\system32\msvcm80.dll
2013-07-18 19:24 . 2011-05-13 23:17 554832 ----a-w- c:\windows\system32\msvcp80.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-03 19:17 . 2010-05-05 11:18 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-07-03 20:16 . 2013-07-03 20:16 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-07-03 20:16 . 2013-07-03 20:16 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-07-03 20:16 . 2013-07-03 20:16 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-07-03 20:16 . 2013-07-03 20:16 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-07-03 20:16 . 2013-07-03 20:16 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-07-03 20:16 . 2013-07-03 20:16 158720 ----a-w- c:\windows\system32\msls31.dll
2013-07-03 20:16 . 2013-07-03 20:16 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-07-03 20:16 . 2013-07-03 20:16 138752 ----a-w- c:\windows\system32\wextract.exe
2013-07-03 20:16 . 2013-07-03 20:16 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-07-03 20:16 . 2013-07-03 20:16 12800 ----a-w- c:\windows\system32\mshta.exe
2013-07-03 20:16 . 2013-07-03 20:16 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-07-03 20:16 . 2013-07-03 20:16 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-07-03 20:16 . 2013-07-03 20:16 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-07-03 20:16 . 2013-07-03 20:16 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-07-03 20:16 . 2013-07-03 20:16 361984 ----a-w- c:\windows\system32\html.iec
2013-07-03 20:16 . 2013-07-03 20:16 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-07-03 20:16 . 2013-07-03 20:16 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-07-03 20:15 . 2013-07-03 20:15 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-03 20:15 . 2013-07-03 20:15 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-07-03 20:15 . 2013-07-03 20:15 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2013-07-03 20:15 . 2013-07-03 20:15 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-03 20:15 . 2013-07-03 20:15 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-03 20:15 . 2013-07-03 20:15 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-07-03 20:15 . 2013-07-03 20:15 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-03 20:15 . 2013-07-03 20:15 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-07-03 20:15 . 2013-07-03 20:15 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-03 20:15 . 2013-07-03 20:15 3419136 ----a-w- c:\windows\system32\d2d1.dll
2013-07-03 20:15 . 2013-07-03 20:15 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-03 20:15 . 2013-07-03 20:15 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-03 20:15 . 2013-07-03 20:15 293376 ----a-w- c:\windows\system32\dxgi.dll
2013-07-03 20:15 . 2013-07-03 20:15 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-03 20:15 . 2013-07-03 20:15 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-07-03 20:15 . 2013-07-03 20:15 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-07-03 20:15 . 2013-07-03 20:15 220160 ----a-w- c:\windows\system32\d3d10core.dll
2013-07-03 20:15 . 2013-07-03 20:15 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-07-03 20:15 . 2013-07-03 20:15 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
2013-07-03 20:15 . 2013-07-03 20:15 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-07-03 20:15 . 2013-07-03 20:15 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2013-07-03 20:15 . 2013-07-03 20:15 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2013-07-03 20:15 . 2013-07-03 20:15 1080832 ----a-w- c:\windows\system32\d3d10.dll
2013-07-03 20:15 . 2013-07-03 20:15 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-11 23:43 . 2013-07-10 23:00 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-06-11 23:43 . 2013-07-10 23:00 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-06-11 23:42 . 2013-07-10 23:00 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-06-11 23:42 . 2013-07-10 23:00 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-06-11 22:51 . 2013-07-10 23:00 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-06-11 20:47 . 2012-08-18 13:14 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-11 20:47 . 2012-08-18 13:14 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-07 02:37 . 2013-07-10 23:00 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-05 03:05 . 2013-07-10 06:00 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 04:53 . 2013-07-10 06:00 509440 ----a-w- c:\windows\system32\qedit.dll
2013-05-18 09:30 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WebCake Desktop"="c:\users\Andreas\AppData\Roaming\Betcat\WebCakeDesktop.exe" [2013-08-10 52504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-23 9177632]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-04-23 1423904]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2009-12-14 200704]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2009-12-11 348960]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2010-01-13 413696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-11 1594664]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-15 14830184]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"MailCheck IE Broker"="c:\program files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe" [2013-02-04 1513536]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2013-06-10 162856]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-05-18 280576]
.
c:\users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
t@x aktuell.lnk - c:\program files\tax Steuersoftware 2013\taxaktuell.exe [2013-1-28 542800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\BROWSE~1\261249~1.132\{C16C1~1\BrowserProtect.dll c:\windows\System32\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 BrowserProtect;BrowserProtect;c:\programdata\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-03-22 2787280]
R2 dealplylive;DealPly Live-Dienst (dealplylive);c:\program files\DealPlyLive\Update\DealPlyLive.exe [2013-08-14 148000]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2013-02-05 233472]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 dealplylivem;DealPly Live-Dienst (dealplylivem);c:\program files\DealPlyLive\Update\DealPlyLive.exe [2013-08-14 148000]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2013-02-05 37344]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 netr28u;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 295232]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-24 191008]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [x]
R4 WebCake Desktop Updater;WebCake Desktop Updater;c:\program files\WebCake\WebCakeDesktop.Updater.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-05-10 37352]
S1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys [2012-09-03 35064]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 100328]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [2013-01-28 1724192]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-10 2320920]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 132352]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-03-04 67624]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-01-19 996896]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2009-10-22 118560]
S3 X10Hid;X10 Hid Device;c:\windows\System32\Drivers\x10hid.sys [2009-05-13 13720]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-18 20:47]
.
2013-08-14 c:\windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
- c:\program files\DealPlyLive\Update\DealPlyLive.exe [2013-08-14 12:46]
.
2013-08-14 c:\windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
- c:\program files\DealPlyLive\Update\DealPlyLive.exe [2013-08-14 12:46]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=1C311C4BD6E53C5C&affID=119357&tsp=4974
mStart Page = hxxp://mysearch.sweetpacks.com/?src=10&st=12&crg=3.5000006.10053&barid={98D8D4D2-EFDF-11E2-BB4A-00262DBF7A31}
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=DE&userid=522ddc99-27d1-49b8-964b-e03a4788c02d&searchtype=ds&q={searchTerms}&installDate={installDate}
IE: Free YouTube to MP3 Converter - c:\users\Andreas\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.178.1
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} -
FF - ProfilePath - c:\users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\pr6083ft.default-1374563393628\
FF - ExtSQL: 2013-07-23 09:32; dplauncher@digitalpublishing.de; c:\users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\pr6083ft.default-1374563393628\extensions\dplauncher@digitalpublishing.de
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 1c317b490000000000001c4bd6e53c5c
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15931
FF - user.js: extensions.delta.vrsn - 1.8.22.0
FF - user.js: extensions.delta.vrsni - 1.8.22.0
FF - user.js: extensions.delta.vrsnTs - 1.8.22.014:46
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119357&tsp=4974
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\prxConduitEngine.dll
BHO-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\DVDVideoSoftTB\prxtbDVDV.dll
Toolbar-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\DVDVideoSoftTB\prxtbDVDV.dll
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\prxConduitEngine.dll
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - c:\program files\DVDVideoSoftTB\prxtbDVDV.dll
WebBrowser-{977AE9CC-AF83-45E8-9E03-E2798216E2D5} - (no file)
HKCU-Run-Device Detection - c:\program files\Lidl_Fotos\dd.exe
HKCU-Run-Browser Infrastructure Helper - c:\users\Andreas\AppData\Local\Smartbar\Application\SnapDo.exe
HKLM-Run-LMgrOSD - c:\program files\Launch Manager\OSDCtrl.exe
HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe
HKLM-Run-QuickTime Task - c:\program files\QuickTime\QTTask.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Windows Live Mail.lnk - c:\program files\Windows Live\Mail\wlmail.exe
SafeBoot-BsScanner
AddRemove-Blacksails - c:\program files\Blacksails\uninstall.exe
AddRemove-CanonMyPrinter - c:\program files\Canon\MyPrinter\uninst.exe
AddRemove-conduitEngine - c:\progra~1\CONDUI~1\ConduitEngineUninstall.exe
AddRemove-FormatFactory - c:\program files\FreeTime\FormatFactory\uninst.exe
AddRemove-Free Audio CD Burner_is1 - c:\program files\DVDVideoSoft\Free Audio CD Burner\unins000.exe
AddRemove-InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D} - c:\program files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\Setup.exe
AddRemove-InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79} - c:\program files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe
AddRemove-InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658} - c:\program files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe
AddRemove-InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243} - c:\program files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe
AddRemove-InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1} - c:\program files\InstallShield Installation Information\{E3D04529-6EDB-11D8-A372-0050BAE317E1}\Setup.exe
AddRemove-Jack Keane - c:\program files\10TACLE STUDIOS\Jack Keane\uninstall.exe
AddRemove-KLiteCodecPack_is1 - c:\program files\K-Lite Codec Pack\unins000.exe
AddRemove-Microsoft Security Client - c:\program files\Microsoft Security Client\Setup.exe
AddRemove-NVIDIA.Updatus - c:\program files\InstallShield Installation Information\{7357286A-CBE7-4F4A-BABC-EC4B3DD63862}\setup.exe
AddRemove-PI1783_ArbZFuehr - c:\windows\IsUn0407.exe
AddRemove-Ravensburger tiptoi - c:\program files\Ravensburger tiptoi\uninstall.exe
AddRemove-WinLiveSuite - c:\program files\Windows Live\Installer\wlarp.exe
AddRemove-WinRAR archiver - c:\program files\WinRAR\uninstall.exe
AddRemove-{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D} - c:\program files\PDFCreator\unins000.exe
AddRemove-{01FB4998-33C4-4431-85ED-079E3EEFE75D} - c:\program files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\Setup.exe
AddRemove-{0E806605-5B82-4A4F-BC31-AA4FADA03C42} - c:\program files\InstallShield Installation Information\{0E806605-5B82-4A4F-BC31-AA4FADA03C42}\Setup.exe
AddRemove-{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79} - c:\program files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe
AddRemove-{3108C217-BE83-42E4-AE9E-A56A2A92E549} - c:\program files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe
AddRemove-{3E29EE6C-963A-4aae-86C1-DC237C4A49FC} - c:\program files\Intel\Intel(R) Rapid Storage Technology\Uninstall\setup.exe
AddRemove-{40BF1E83-20EB-11D8-97C5-0009C5020658} - c:\program files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe
AddRemove-{4C97EED6-997E-4DF6-9753-21ED4AC1E763} - c:\program files\InstallShield Installation Information\{4C97EED6-997E-4DF6-9753-21ED4AC1E763}\setup.exe
AddRemove-{65153EA5-8B6E-43B6-857B-C6E4FC25798A} - c:\program files\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe
AddRemove-{6737F045-A91A-4177-9C8C-59460FC1C84D} - c:\program files\InstallShield Installation Information\{6737F045-A91A-4177-9C8C-59460FC1C84D}\Setup.exe
AddRemove-{7E265513-8CDA-4631-B696-F40D983F3B07}_is1 - c:\program files\CDBurnerXP\unins000.exe
AddRemove-{96AE7E41-E34E-47D0-AC07-1091A8127911} - c:\program files\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\setup.exe
AddRemove-{9D3D8C60-A55F-4fed-B2B9-173F09590E16} - c:\program files\InstallShield Installation Information\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}\Install.exe
AddRemove-{B0414A3B-3AE3-47B8-8FC0-2129781FF425} - c:\program files\InstallShield Installation Information\{B0414A3B-3AE3-47B8-8FC0-2129781FF425}\Setup.exe
AddRemove-{C59C179C-668D-49A9-B6EA-0121CCFC1243} - c:\program files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe
AddRemove-{D0846526-66DD-4DC9-A02C-98F9A2806812} - c:\program files\InstallShield Installation Information\{D0846526-66DD-4DC9-A02C-98F9A2806812}\setup.exe
AddRemove-{E3D04529-6EDB-11D8-A372-0050BAE317E1} - c:\program files\InstallShield Installation Information\{E3D04529-6EDB-11D8-A372-0050BAE317E1}\Setup.exe
AddRemove-{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA} - c:\program files\Intel\Intel(R) Graphics Media Accelerator Driver\Uninstall\setup.exe
AddRemove-MyFreeCodec - c:\program files\MyFree Codec\1.0b beta\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-08-14 16:31:50
ComboFix-quarantined-files.txt 2013-08-14 14:31
.
Vor Suchlauf: 10 Verzeichnis(se), 287.832.506.368 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 288.496.668.672 Bytes frei
.
- - End Of File - - DE06567292D6B445FDB3FF636AB20B13
--- --- ---
8A1C59E4DFEF87510470928550466632
Vielen Dank vorab für Deine Hilfe.
Escado |
So funktioniert es:
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
