Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows 7: Werbebanner und Videos auf Internetseiten; teilweise Weiterleitung auf andere Seiten

Windows 7: Werbebanner und Videos auf Internetseiten; teilweise Weiterleitung auf andere Seiten


Log-Analyse und Auswertung: Windows 7: Werbebanner und Videos auf Internetseiten; teilweise Weiterleitung auf andere Seiten

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 11.05.2014, 19:11   #1
Montana_72
 
Windows 7: Werbebanner und Videos auf Internetseiten; teilweise Weiterleitung auf andere Seiten - Standard

Windows 7: Werbebanner und Videos auf Internetseiten; teilweise Weiterleitung auf andere Seiten


Hallo,

mein Problem ist folgendes:

Seit Kurzem (ca.1-2 Wochen) finden sich auf allen Internetseiten, die ich besuche, Werbebanner und Videos, die sich nicht dauerhaft entfernen lassen.
Ich kann sie zwar schließen oder stoppen aber beim neuladen kommen sie wieder.
Die Banner sind direkt nach dem Laden da. Die Videos erscheinen einfach zwischendurch.
Da schaut man auf Youtube im Vollbild ein Video an und auf einmal schreit die Werbung aus dem nichts los. Äußerst nervig.
Weiterhin werde ich manchmal einfach auf Seiten umgeleitet, obwohl ich nichts gemacht habe. Weder meine Maus berührt noch einen Link angeklickt.
Die häufigste dieser Seiten zeigt dann die Meldung "Erkennt veralteten Java Plugin". Allerdings traue ich der Seite definitiv nicht, weil das so ein Kauderwelsch-Google-Übersetzer-Deutsch ist.
Andere sind Registrierungsseiten für irgendwelche Online Spiele.
Ich habe außerdem das Gefühl, das mein Internet seitdem langsamer ist als sonst.
Mein Browser ist übrigens Google Chrome.
Ich hoffe das reicht als Beschreibung, ansonsten vielleicht einfach Fragen stellen.

Danke im voraus und beste Grüße

Montana
Geändert von Montana_72 (11.05.2014 um 19:24 Uhr)

Alt 12.05.2014, 06:51   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7: Werbebanner und Videos auf Internetseiten; teilweise Weiterleitung auf andere Seiten - Standard

Windows 7: Werbebanner und Videos auf Internetseiten; teilweise Weiterleitung auf andere Seiten


Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________
Alt 12.05.2014, 09:43   #3
Montana_72
 
Windows 7: Werbebanner und Videos auf Internetseiten; teilweise Weiterleitung auf andere Seiten - Standard

Windows 7: Werbebanner und Videos auf Internetseiten; teilweise Weiterleitung auf andere Seiten


Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:12 on 11/05/2014 (Montana)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014
Ran by Montana (administrator) on MONTANA-PC on 11-05-2014 19:14:18
Running from C:\Users\Montana\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
() C:\monitor.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
(Objectify Media Inc) C:\Program Files (x86)\Web Protect\PCProtect.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Akamai Technologies, Inc.) C:\Users\Montana\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(Akamai Technologies, Inc.) C:\Users\Montana\AppData\Local\Akamai\netsession_win.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Aeria Games & Entertainment) C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\wmi64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(DealPly Technologies Ltd) C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe
(DealPly Technologies Ltd) C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2013-05-27] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\MBCfg64.dll [34432 2013-04-23] (Creative Technology Ltd.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8294680 2014-02-28] (Logitech Inc.)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2012-11-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-05-15] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-3951798952-3253315376-1183451035-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3951798952-3253315376-1183451035-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Montana\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3951798952-3253315376-1183451035-1000\...\MountPoints2: {0c74c799-0a2e-11e3-8af8-d43d7edafe80} - G:\StartClickFreeBackup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gLihpaVJ5a5JCURBTmcu51emVQtkyf9rLWvmT0GkmqAGRi87l67Vr7qWbXETh8fMl4-0GDWhqUibiPPr_5MRX4QoBjyAwRsEuzmNyuVslMVGD6fZ9p0cQgvoSrnex88,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gLihpaVJ5a5JCURBTmcu51emVQtkyf9rLWvmT0GkmqAGRi87l67Vr7qWbXETh8fMm71B1nyAua96knyc3JbMmLOhCPcpweg7BV49_72KbLbny3Yvm4GdNANiZSjp1K8,
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=1A6FD43D7EDAFE80&affID=119357&tsp=4979
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1394760088&from=adks&uid=SanDiskXSDSSDP128G_131061400976
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gLihpaVJ5a5JCURBTmcu51emVQtkyf9rLWvmT0GkmqAGRi87l67Vr7qWbXETh8fMl4-0GDWhqUibiPPr_5MRX4QoBjyAwRsEuzmNyuVslMVGD6fZ9p0cQgvoSrnex88,&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1394760088&from=adks&uid=SanDiskXSDSSDP128G_131061400976&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1394760088&from=adks&uid=SanDiskXSDSSDP128G_131061400976
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=dvd_14_14_ch&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0E0D0A0F0EzztDyB0A0F0DtN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StA0FyD0EzyyDyBtAtGzy0BtCtDtGtDyE0B0DtGtC0FyE0FtGyCyC0B0ByE0CzztCtCtByDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByBzz0DtD0A0ByEtG0Fzy0D0CtGtD0F0B0FtGtA0CtCzytGtDyC0A0DyCtDtAtByEtCtB0A2Q&cr=1665546957&ir=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1394760088&from=adks&uid=SanDiskXSDSSDP128G_131061400976&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1394760088&from=adks&uid=SanDiskXSDSSDP128G_131061400976&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1394760088&from=adks&uid=SanDiskXSDSSDP128G_131061400976
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=dvd_14_14_ch&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0E0D0A0F0EzztDyB0A0F0DtN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StA0FyD0EzyyDyBtAtGzy0BtCtDtGtDyE0B0DtGtC0FyE0FtGyCyC0B0ByE0CzztCtCtByDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByBzz0DtD0A0ByEtG0Fzy0D0CtGtD0F0B0FtGtA0CtCzytGtDyC0A0DyCtDtAtByEtCtB0A2Q&cr=1665546957&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1394760088&from=adks&uid=SanDiskXSDSSDP128G_131061400976&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1394760088&from=adks&uid=SanDiskXSDSSDP128G_131061400976
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dvd_14_14_ch&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0E0D0A0F0EzztDyB0A0F0DtN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StA0FyD0EzyyDyBtAtGzy0BtCtDtGtDyE0B0DtGtC0FyE0FtGyCyC0B0ByE0CzztCtCtByDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByBzz0DtD0A0ByEtG0Fzy0D0CtGtD0F0B0FtGtA0CtCzytGtDyC0A0DyCtDtAtByEtCtB0A2Q&cr=1665546957&ir=
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dvd_14_14_ch&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0E0D0A0F0EzztDyB0A0F0DtN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StA0FyD0EzyyDyBtAtGzy0BtCtDtGtDyE0B0DtGtC0FyE0FtGyCyC0B0ByE0CzztCtCtByDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByBzz0DtD0A0ByEtG0Fzy0D0CtGtD0F0B0FtGtA0CtCzytGtDyC0A0DyCtDtAtByEtCtB0A2Q&cr=1665546957&ir=
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1394760088&from=adks&uid=SanDiskXSDSSDP128G_131061400976&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gLihpaVJ5a5JCURBTmcu51emVQtkyf9rLWvmT0GkmqAGRi87l67Vr7qWbXETh8fMl4-0GDWhqUibiPPr_5MRX4QoBjyAwRsEuzmNyuVslMVGD6fZ9p0cQgvoSrnex8g,&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gLihpaVJ5a5JCURBTmcu51emVQtkyf9rLWvmT0GkmqAGRi87l67Vr7qWbXETh8fMl4-0GDWhqUibiPPr_5MRX4QoBjyAwRsEuzmNyuVslMVGD6fZ9p0cQgvoSrnex8g,&q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gLihpaVJ5a5JCURBTmcu51emVQtkyf9rLWvmT0GkmqAGRi87l67Vr7qWbXETh8fMl4-0GDWhqUibiPPr_5MRX4QoBjyAwRsEuzmNyuVslMVGD6fZ9p0cQgvoSrnex88,&q={searchTerms}
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gLihpaVJ5a5JCURBTmcu51emVQtkyf9rLWvmT0GkmqAGRi87l67Vr7qWbXETh8fMl4-0GDWhqUibiPPr_5MRX4QoBjyAwRsEuzmNyuVslMVGD6fZ9p0cQgvoSrnex88,&q={searchTerms}
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: DealPly Shopping - {9cf699ca-2174-4ed8-bec1-ba82095edce0} - C:\Program Files (x86)\DealPly\DealPlyIE.dll No File
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Windows\SysWOW64\PCProtect.dll [293984] (Objectify Media Inc)
Winsock: Catalog9 02 C:\Windows\SysWOW64\PCProtect.dll [293984] (Objectify Media Inc)
Winsock: Catalog9 03 C:\Windows\SysWOW64\PCProtect.dll [293984] (Objectify Media Inc)
Winsock: Catalog9 04 C:\Windows\SysWOW64\PCProtect.dll [293984] (Objectify Media Inc)
Winsock: Catalog9 15 C:\Windows\SysWOW64\PCProtect.dll [293984] (Objectify Media Inc)
Winsock: Catalog9-x64 01 C:\Windows\system32\PCProtect64.dll [330624] (Objectify Media Inc)
Winsock: Catalog9-x64 02 C:\Windows\system32\PCProtect64.dll [330624] (Objectify Media Inc)
Winsock: Catalog9-x64 03 C:\Windows\system32\PCProtect64.dll [330624] (Objectify Media Inc)
Winsock: Catalog9-x64 04 C:\Windows\system32\PCProtect64.dll [330624] (Objectify Media Inc)
Winsock: Catalog9-x64 15 C:\Windows\system32\PCProtect64.dll [330624] (Objectify Media Inc)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=3 - C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin-x32: @tools.dpliveupdate.com/DealPlyLive Update;version=9 - C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-09-25]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-09-25]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-09-25]
FF HKCU\...\Firefox\Extensions: [{4340308e-3e37-4dd7-9192-8cf05ce9c9f2}] - C:\Program Files (x86)\LyriXeeker\130.xpi
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []

Chrome: 
=======
CHR HomePage: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gLihpaVJ5a5JCURBTmcu51emVQtkyf9rLWvmT0GkmqAGRi87l67Vr7qWbXETh8fMm71B1nyAua96knyc3JbMmLOhCPcpweg7BV49_72KbLbny3Yvm4GdNANiZSjp1Kg,
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (Intel00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Extension: (Kaspersky Protection) - C:\Users\Montana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-03-31]
CHR Extension: (YouTube) - C:\Users\Montana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-17]
CHR Extension: (Google-Suche) - C:\Users\Montana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-17]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Montana\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-09-25]
CHR Extension: (Google Wallet) - C:\Users\Montana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-31]
CHR Extension: (Google Mail) - C:\Users\Montana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-17]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-04-05]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-04-05]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [epojlgbehpaeekopencdagbdamnkppci] - C:\Program Files (x86)\LyriXeeker\130.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Montana\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-03-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-02] (Kaspersky Lab ZAO)
R2 dealplylive; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [148000 2013-08-17] (DealPly Technologies Ltd)
S3 dealplylivem; C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [148000 2013-08-17] (DealPly Technologies Ltd)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [180200 2013-02-13] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-17] (Intel Corporation)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [29728 2013-05-28] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [278336 2011-09-19] (NVIDIA)
R3 PCProtect; C:\Program Files (x86)\Web Protect\PCProtect.exe [1265608 2014-01-08] (Objectify Media Inc)
S2 ProtectMonitor; C:\monitorsvc.exe [34244 2014-02-13] ()
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [496640 2014-03-14] (Cherished Technololgy LIMITED)

==================== Drivers (Whitelisted) ====================

R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21048 2013-02-13] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21048 2013-02-13] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-02-13] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-07] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-30] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-30] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-02] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-19] (Kaspersky Lab ZAO)
R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-05-11] ()
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-11 19:14 - 2014-05-11 19:14 - 00026334 _____ () C:\Users\Montana\Desktop\FRST.txt
2014-05-11 19:13 - 2014-05-11 19:13 - 00000000 ____D () C:\Users\Montana\Desktop\FRST-OlderVersion
2014-05-11 19:12 - 2014-05-11 19:12 - 00000476 _____ () C:\Users\Montana\Desktop\defogger_disable.log
2014-05-06 22:31 - 2014-05-06 22:31 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-06 15:24 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-06 15:24 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-04 02:02 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-04 02:02 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-04 02:02 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-04 02:02 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-30 13:16 - 2014-04-30 13:16 - 00001083 _____ () C:\Users\Montana\Desktop\Minecraft.lnk
2014-04-30 13:15 - 2014-04-30 13:15 - 00675988 _____ () C:\Users\Montana\Downloads\Minecraft.exe
2014-04-28 10:44 - 2014-05-11 19:14 - 00000000 ____D () C:\FRST
2014-04-28 10:40 - 2014-04-28 10:40 - 00000000 _____ () C:\Users\Montana\defogger_reenable
2014-04-28 10:37 - 2014-04-28 10:37 - 00380416 _____ () C:\Users\Montana\Desktop\Gmer-19357.exe
2014-04-28 10:36 - 2014-05-11 19:13 - 02066432 _____ (Farbar) C:\Users\Montana\Desktop\FRST64.exe
2014-04-28 10:32 - 2014-04-28 10:32 - 00050477 _____ () C:\Users\Montana\Desktop\Defogger.exe
2014-04-15 02:51 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-15 02:51 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-15 02:51 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-15 02:51 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-15 02:51 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-15 02:51 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-15 02:51 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-15 02:51 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-15 02:51 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-15 02:51 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-15 02:51 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-15 02:51 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-15 02:51 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-15 02:51 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-15 02:51 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-15 02:51 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-15 02:51 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-15 02:51 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-15 02:51 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-15 02:51 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-15 02:51 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-15 02:51 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-15 02:51 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-15 02:51 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-15 02:51 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-15 02:51 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-15 02:51 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-15 02:51 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-15 02:51 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-15 02:51 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-15 02:51 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-15 02:51 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-15 02:51 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-15 02:51 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-15 02:51 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-15 02:51 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-15 02:51 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-15 02:51 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-15 02:51 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-15 02:51 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-15 02:51 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-15 02:51 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-15 02:51 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-15 02:51 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

==================== One Month Modified Files and Folders =======

2014-05-11 19:14 - 2014-05-11 19:14 - 00026334 _____ () C:\Users\Montana\Desktop\FRST.txt
2014-05-11 19:14 - 2014-04-28 10:44 - 00000000 ____D () C:\FRST
2014-05-11 19:14 - 2013-08-17 19:09 - 00000908 _____ () C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
2014-05-11 19:14 - 2013-08-17 19:09 - 00000904 _____ () C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
2014-05-11 19:13 - 2014-05-11 19:13 - 00000000 ____D () C:\Users\Montana\Desktop\FRST-OlderVersion
2014-05-11 19:13 - 2014-04-28 10:36 - 02066432 _____ (Farbar) C:\Users\Montana\Desktop\FRST64.exe
2014-05-11 19:12 - 2014-05-11 19:12 - 00000476 _____ () C:\Users\Montana\Desktop\defogger_disable.log
2014-05-11 19:11 - 2014-03-13 12:43 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-05-11 19:11 - 2013-09-25 12:08 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-05-11 19:11 - 2013-09-15 18:51 - 00000000 ____D () C:\Users\Montana\AppData\Local\LogMeIn Hamachi
2014-05-11 19:11 - 2013-08-17 19:09 - 00000392 _____ () C:\Windows\Tasks\LyricXeeker Update.job
2014-05-11 19:11 - 2013-08-17 18:55 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-11 19:11 - 2013-08-17 18:52 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-05-11 19:11 - 2013-08-17 18:49 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-11 19:11 - 2010-11-21 05:47 - 00438718 _____ () C:\Windows\PFRO.log
2014-05-11 19:11 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-11 19:11 - 2009-07-14 06:51 - 00061166 _____ () C:\Windows\setupact.log
2014-05-11 18:45 - 2013-08-17 18:40 - 01730954 _____ () C:\Windows\WindowsUpdate.log
2014-05-11 18:38 - 2014-02-09 13:38 - 00000300 _____ () C:\Windows\Tasks\Digital Sites.job
2014-05-11 18:38 - 2013-08-19 10:36 - 00000294 _____ () C:\Windows\Tasks\DSite.job
2014-05-11 17:55 - 2013-08-17 18:49 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-11 16:39 - 2009-07-14 06:45 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-11 16:39 - 2009-07-14 06:45 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-11 16:38 - 2013-08-19 11:39 - 00000038 _____ () C:\Users\Montana\AppData\Roaming\WB.CFG
2014-05-11 16:38 - 2011-04-12 09:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-05-11 16:38 - 2011-04-12 09:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-05-11 16:38 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-07 22:50 - 2013-08-17 18:49 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-07 22:50 - 2013-08-17 18:49 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 22:31 - 2014-05-06 22:31 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-03 20:30 - 2013-08-21 16:23 - 00000000 ____D () C:\Users\Montana\AppData\Roaming\vlc
2014-05-03 20:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-30 13:16 - 2014-04-30 13:16 - 00001083 _____ () C:\Users\Montana\Desktop\Minecraft.lnk
2014-04-30 13:15 - 2014-04-30 13:15 - 00675988 _____ () C:\Users\Montana\Downloads\Minecraft.exe
2014-04-30 13:15 - 2013-08-17 19:09 - 00000000 ____D () C:\Users\Montana\AppData\Roaming\.minecraft
2014-04-29 23:52 - 2014-03-18 02:45 - 00000000 ____D () C:\Users\Montana\AppData\Roaming\Skype
2014-04-29 16:01 - 2014-05-04 02:02 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 15:40 - 2014-05-04 02:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 14:48 - 2014-05-04 02:02 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 14:34 - 2014-05-04 02:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-28 10:40 - 2014-04-28 10:40 - 00000000 _____ () C:\Users\Montana\defogger_reenable
2014-04-28 10:40 - 2013-08-17 18:40 - 00000000 ____D () C:\Users\Montana
2014-04-28 10:37 - 2014-04-28 10:37 - 00380416 _____ () C:\Users\Montana\Desktop\Gmer-19357.exe
2014-04-28 10:32 - 2014-04-28 10:32 - 00050477 _____ () C:\Users\Montana\Desktop\Defogger.exe
2014-04-28 00:18 - 2014-04-05 21:06 - 00000000 ____D () C:\Users\Montana\AppData\Local\Battle.net
2014-04-24 14:07 - 2013-09-04 19:07 - 00000000 ____D () C:\Users\Montana\AppData\Local\Akamai
2014-04-16 20:38 - 2014-04-05 21:16 - 00000000 ____D () C:\Users\Montana\AppData\Roaming\TS3Client
2014-04-15 13:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-15 01:04 - 2013-08-21 16:23 - 00000000 ____D () C:\Users\Montana\AppData\Local\CrashDumps
2014-04-14 04:24 - 2014-05-06 15:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-05-06 15:24 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-12 15:23 - 2014-04-05 21:06 - 00000000 ____D () C:\Program Files (x86)\Battle.net

Some content of TEMP:
====================
C:\Users\Montana\AppData\Local\Temp\1_Offer_5.exe
C:\Users\Montana\AppData\Local\Temp\1_Offer_7.exe
C:\Users\Montana\AppData\Local\Temp\BackupSetup.exe
C:\Users\Montana\AppData\Local\Temp\devcon64.exe
C:\Users\Montana\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Montana\AppData\Local\Temp\ICReinstall_PDFReaderSetup.exe
C:\Users\Montana\AppData\Local\Temp\instruct.exe
C:\Users\Montana\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Montana\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Montana\AppData\Local\Temp\ose00000.exe
C:\Users\Montana\AppData\Local\Temp\SpOrder.dll
C:\Users\Montana\AppData\Local\Temp\uninst1.exe
C:\Users\Montana\AppData\Local\Temp\Uninstaller-8348.exe
C:\Users\Montana\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-03 20:12

==================== End Of Log ============================
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2014
Ran by Montana at 2014-04-28 10:45:11
Running from C:\Users\Montana\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Anti-Virus (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BrowserDefender (HKLM-x32\...\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}) (Version:  - Bit89 Inc) <==== ATTENTION
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version:  - )
Command & Conquer(TM) Generäle (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)
Command & Conquer(TM) Generäle (x32 Version: 0.50.0000 - Electronic Arts) Hidden
Command and Conquer(TM) Generäle Die Stunde Null  (HKLM-x32\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts)
Command and Conquer(TM) Generäle Die Stunde Null  (x32 Version: 1.00.0000 - Electronic Arts) Hidden
Counter-Strike: Source (HKLM-x32\...\Counter-Strike: Source) (Version:  - Valve)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version:  - Microsoft)
Empire: Total War (HKLM-x32\...\Steam App 10500) (Version:  - The Creative Assembly)
Free YouTube to MP3 Converter version 3.12.32.327 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.32.327 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.10.1372 - Intel Corporation)
Intel(R) Smart Connect Technology 4.0 x64 (HKLM\...\{B0CA78DB-745A-4857-A73F-9ACD95E62BD0}) (Version: 4.0.41.2072 - Intel)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.52 (HKLM\...\Logitech Gaming Software) (Version: 8.52.15 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.1.0.362 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.1.0.362 - LogMeIn, Inc.) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version:  - The Creative Assembly)
NVIDIA 3D Vision Controller-Treiber 306.38 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 306.38 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA Performance (HKLM-x32\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA Performance (x32 Version: 6.5 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0807 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.0807 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0807 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA System Monitor (HKLM-x32\...\InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA System Monitor (x32 Version: 6.5 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2716 - Electronic Arts, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6923 - Realtek Semiconductor Corp.)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
S.T.A.L.K.E.R. - Shadow of Chernobyl (HKLM-x32\...\S.T.A.L.K.E.R. - Shadow of Chernobyl_is1) (Version: 1.0000 - THQ)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sound Blaster Cinema (HKLM-x32\...\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}) (Version: 1.00.02 - Creative Technology Limited)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SupTab (HKLM-x32\...\SupTab) (Version: 1.1.1.0 - ) <==== ATTENTION
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
The Island - Castaway (HKLM-x32\...\The Island - Castaway) (Version:  - )
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update for Zip Opener (HKCU\...\DSite) (Version:  - ) <==== ATTENTION
VGA Boost (HKLM-x32\...\{809ACFAE-9A4D-4C60-9223-D8B615CD8CBA}}_is1) (Version: 1.0.0.5 - MSI)
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Web Protect for Windows (HKLM-x32\...\wp-adk) (Version: 10.0.0 - Web Protect)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
WPM17.8.0.3442 (HKLM-x32\...\WPM) (Version: 17.8.0.3442 - Cherished Technololgy LIMITED) <==== ATTENTION
Zip Opener Packages (HKCU\...\Zip Opener Packages) (Version:  - ) <==== ATTENTION

==================== Restore Points  =========================

08-04-2014 12:29:30 Windows Update
10-04-2014 01:00:12 Windows Update
10-04-2014 21:24:44 Removed Aeria Ignite
15-04-2014 00:51:03 Windows Update
23-04-2014 16:47:17 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0B69B6D5-C251-4EED-BF61-BE3CBD572849} - System32\Tasks\Dealply => C:\Users\Montana\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {1A4C6936-609C-48DE-85F8-BD9CEBD11601} - System32\Tasks\DealPlyUpdate => C:\Program <==== ATTENTION
Task: {35A8315A-2E54-4C21-9253-4935F72396BA} - System32\Tasks\BrowserDefendert => Sc.exe start BrowserDefendert <==== ATTENTION
Task: {3C082AFB-0F11-4845-9CE3-41098DAD1DDD} - System32\Tasks\DealPlyLiveUpdateTaskMachineUA => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-08-17] (DealPly Technologies Ltd) <==== ATTENTION
Task: {5BC4024D-1BC5-411B-B110-228B4033AEBE} - System32\Tasks\Digital Sites => C:\Users\Montana\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {931C749D-3645-4B64-95C0-BE2A35D0950B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-17] (Google Inc.)
Task: {9654B317-ECF4-415A-8C89-657ED83A3549} - System32\Tasks\DealPlyLiveUpdateTaskMachineCore => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-08-17] (DealPly Technologies Ltd) <==== ATTENTION
Task: {BD4D19D0-3B3F-47C8-A722-716EEEE41E5D} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3951798952-3253315376-1183451035-1000
Task: {C6187626-D61E-4537-8016-4A09998B863E} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {D34A75F5-DA77-484F-A28C-F4A66B021385} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-17] (Google Inc.)
Task: {E87148C4-1CE4-435E-8446-7CAA3EB78AD6} - \LyricXeeker Update No Task File <==== ATTENTION
Task: {EB9C04BB-7F66-41BF-ADFC-AE865EA266A5} - System32\Tasks\DSite => C:\Users\Montana\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe [2013-08-19] () <==== ATTENTION
Task: C:\Windows\Tasks\Dealply.job => C:\Users\Montana\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe <==== ATTENTION
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Montana\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\DSite.job => C:\Users\Montana\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\LyricXeeker Update.job => C:\Program Files (x86)\LyriXeeker\LyriXupdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-17 18:55 - 2013-01-18 17:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-02-13 10:35 - 2013-02-13 10:35 - 00180200 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-02-13 10:35 - 2013-02-13 10:35 - 00060392 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-08-17 18:49 - 2012-11-01 11:21 - 00325120 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2014-02-13 16:12 - 2014-02-13 16:12 - 00487517 _____ () C:\monitor.exe
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2014-01-28 19:23 - 2014-01-28 19:23 - 00823296 _____ () C:\Program Files (x86)\web protect\pcproxydll.dll
2013-08-17 18:49 - 2012-10-31 15:00 - 00991232 ____N () C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\de-DE\SBCinema.resources.dll
2014-03-31 23:33 - 2014-03-15 02:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-31 23:33 - 2014-03-15 02:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
2014-03-31 23:33 - 2014-03-15 02:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
2014-03-31 23:33 - 2014-03-15 02:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-31 23:33 - 2014-03-15 02:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-31 23:33 - 2014-03-15 02:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
2014-03-31 23:33 - 2014-03-15 02:50 - 13637448 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
2013-08-17 18:50 - 2013-05-17 01:06 - 01199576 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-01-25 03:44 - 2014-04-22 00:55 - 00340480 _____ () E:\Steam\libavresample-1.dll
2014-04-24 21:21 - 2014-04-22 00:55 - 00471552 _____ () E:\Steam\libavutil-53.dll
2014-01-25 03:44 - 2014-04-01 00:09 - 00754688 _____ () E:\Steam\SDL2.dll
2014-01-25 03:44 - 2014-04-24 00:01 - 01092288 _____ () E:\Steam\bin\chromehtml.DLL
2014-01-25 03:44 - 2014-03-03 21:15 - 20626624 _____ () E:\Steam\bin\libcef.dll
2014-01-25 03:44 - 2013-06-15 01:49 - 01100800 _____ () E:\Steam\bin\avcodec-53.dll
2014-01-25 03:44 - 2013-06-15 01:49 - 00124416 _____ () E:\Steam\bin\avutil-51.dll
2014-01-25 03:44 - 2013-06-15 01:49 - 00192000 _____ () E:\Steam\bin\avformat-53.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCProtect => ""="service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/28/2014 10:02:10 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/27/2014 07:04:07 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/27/2014 05:22:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/27/2014 02:22:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/27/2014 04:26:12 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/26/2014 05:40:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/26/2014 04:19:36 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/25/2014 08:06:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/25/2014 03:32:50 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats von <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E.crt>. Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben.
.

Error: (04/25/2014 02:23:09 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/28/2014 10:35:29 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (04/28/2014 10:35:29 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (04/28/2014 10:02:19 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (04/28/2014 10:02:19 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (04/28/2014 10:00:17 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Protect Monitor" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (04/28/2014 10:00:17 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Protect Monitor erreicht.

Error: (04/27/2014 07:04:16 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (04/27/2014 07:04:16 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (04/27/2014 07:02:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Protect Monitor" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (04/27/2014 07:02:14 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Protect Monitor erreicht.


Microsoft Office Sessions:
=========================
Error: (04/28/2014 10:02:10 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/27/2014 07:04:07 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/27/2014 05:22:35 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/27/2014 02:22:31 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/27/2014 04:26:12 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/26/2014 05:40:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/26/2014 04:19:36 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/25/2014 08:06:51 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/25/2014 03:32:50 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E.crtDieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben.

Error: (04/25/2014 02:23:09 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-04-15 15:27:24.149
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-15 15:27:24.107
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-15 15:27:24.064
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-15 15:26:45.493
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-15 15:26:45.492
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-15 15:26:45.491
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-15 15:26:45.488
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-15 15:26:45.487
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-15 15:26:45.485
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-11 02:37:57.334
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 41%
Total physical RAM: 7640.06 MB
Available physical RAM: 4449.98 MB
Total Pagefile: 15278.3 MB
Available Pagefile: 11360.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:70.15 GB) NTFS
Drive e: (Spiele) (Fixed) (Total:886.45 GB) (Free:777.99 GB) NTFS
Drive f: (Musik, Filme, Bilder) (Fixed) (Total:976.56 GB) (Free:463.87 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 7B2FC948)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 60A85132)
Partition 1: (Not Active) - (Size=886 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=977 GB) - (Type=07 NTFS)

==================== End Of Log ============================
__________________
Alt 12.05.2014, 09:44   #4
Montana_72
 
Windows 7: Werbebanner und Videos auf Internetseiten; teilweise Weiterleitung auf andere Seiten - Standard

Windows 7: Werbebanner und Videos auf Internetseiten; teilweise Weiterleitung auf andere Seiten


Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-11 19:30:23
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SanDisk_SDSSDP128G rev.2.0.0 119,24GB
Running: Gmer-19357.exe; Driver: C:\Users\Montana\AppData\Local\Temp\uxliifow.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Web Protect\PCProtect.exe[3252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                               0000000075601465 2 bytes [60, 75]
.text    C:\Program Files (x86)\Web Protect\PCProtect.exe[3252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                              00000000756014bb 2 bytes [60, 75]
.text    ...                                                                                                                                                                          * 2
.text    C:\Users\Montana\AppData\Local\Akamai\netsession_win.exe[1484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                       0000000075601465 2 bytes [60, 75]
.text    C:\Users\Montana\AppData\Local\Akamai\netsession_win.exe[1484] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                      00000000756014bb 2 bytes [60, 75]
.text    ...                                                                                                                                                                          * 2
.text    C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[3808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                         0000000075601465 2 bytes [60, 75]
.text    C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe[3808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        00000000756014bb 2 bytes [60, 75]
.text    ...                                                                                                                                                                          * 2
.text    C:\Users\Montana\AppData\Local\Akamai\netsession_win.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                       0000000075601465 2 bytes [60, 75]
.text    C:\Users\Montana\AppData\Local\Akamai\netsession_win.exe[4136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                      00000000756014bb 2 bytes [60, 75]
.text    ...                                                                                                                                                                          * 2
.text    C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                      0000000075601465 2 bytes [60, 75]
.text    C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                     00000000756014bb 2 bytes [60, 75]
.text    ...                                                                                                                                                                          * 2
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                   00000000777411f5 8 bytes {JMP 0xd}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                 0000000077741390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                        000000007774143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                        000000007774158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                000000007774191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                0000000077741b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                               0000000077741bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                  0000000077741d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                  0000000077741eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                      0000000077741edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                     0000000077741f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                    0000000077741fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                            0000000077741fd7 8 bytes {JMP 0xb}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                        0000000077742272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                        0000000077742301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578             0000000077742792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                    00000000777427b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                  00000000777427d2 8 bytes {JMP 0x10}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79   000000007774282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176  0000000077742890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                          * 2
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299          0000000077742d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367          0000000077742d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                          * 3
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                  0000000077743023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                      000000007774323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                      00000000777433c0 16 bytes {JMP 0x4e}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                     0000000077743a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                     0000000077743ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197         0000000077743b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611         0000000077743d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                  0000000077744190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                            0000000077791380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                          0000000077791500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                0000000077791530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                              0000000077791650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                  0000000077791700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                  0000000077791d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                0000000077791f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                00000000777927e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312              00000000752813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471              000000007528146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                           00000000752816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                             00000000752816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                        00000000752819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                        00000000752819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                  0000000075281a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                    0000000075281a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                  0000000075281a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[9896] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                       0000000075281a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                          00000000777411f5 8 bytes {JMP 0xd}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                        0000000077741390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                               000000007774143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                               000000007774158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                       000000007774191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                       0000000077741b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                      0000000077741bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                         0000000077741d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                         0000000077741eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                             0000000077741edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                            0000000077741f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                           0000000077741fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                   0000000077741fd7 8 bytes {JMP 0xb}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                               0000000077742272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                               0000000077742301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                    0000000077742792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                           00000000777427b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                         00000000777427d2 8 bytes {JMP 0x10}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79          000000007774282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176         0000000077742890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                          * 2
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                 0000000077742d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                 0000000077742d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                          * 3
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                         0000000077743023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                             000000007774323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                             00000000777433c0 16 bytes {JMP 0x4e}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                            0000000077743a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                            0000000077743ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                0000000077743b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                0000000077743d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                         0000000077744190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                   0000000077791380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                 0000000077791500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                       0000000077791530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                     0000000077791650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                         0000000077791700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                         0000000077791d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                       0000000077791f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                       00000000777927e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                     00000000752813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                     000000007528146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                  00000000752816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                    00000000752816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                               00000000752819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                               00000000752819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                         0000000075281a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                           0000000075281a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                         0000000075281a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[10008] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                              0000000075281a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                                  00000000777411f5 8 bytes {JMP 0xd}
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                                0000000077741390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                       000000007774143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                                       000000007774158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                               000000007774191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                               0000000077741b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                              0000000077741bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                 0000000077741d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                                 0000000077741eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                     0000000077741edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                                    0000000077741f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                                   0000000077741fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                           0000000077741fd7 8 bytes {JMP 0xb}
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                                       0000000077742272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                                       0000000077742301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                            0000000077742792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                   00000000777427b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                 00000000777427d2 8 bytes {JMP 0x10}
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                  000000007774282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                                 0000000077742890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                          * 2
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                         0000000077742d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                                         0000000077742d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                          * 3
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                                 0000000077743023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                     000000007774323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                                     00000000777433c0 16 bytes {JMP 0x4e}
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                                    0000000077743a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                                    0000000077743ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                        0000000077743b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                                        0000000077743d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                 0000000077744190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                           0000000077791380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                         0000000077791500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                               0000000077791530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                             0000000077791650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                 0000000077791700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                 0000000077791d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                               0000000077791f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                               00000000777927e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                             00000000752813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                             000000007528146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                          00000000752816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                            00000000752816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                       00000000752819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                       00000000752819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                                 0000000075281a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                                   0000000075281a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                 0000000075281a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Montana\Desktop\Gmer-19357.exe[4116] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                      0000000075281a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]

---- Threads - GMER 2.1 ----

Thread   C:\Windows\system32\services.exe [792:3176]                                                                                                                                  000000000103edf0
Thread   C:\Windows\system32\services.exe [792:3180]                                                                                                                                  000000000103edf0
Thread   C:\Windows\system32\services.exe [792:3184]                                                                                                                                  000000000103edf0
Thread   C:\Windows\system32\services.exe [792:3188]                                                                                                                                  000000000103edf0
Thread   C:\Windows\system32\services.exe [792:3192]                                                                                                                                  000000000103edf0
Thread   C:\Windows\system32\services.exe [792:3196]                                                                                                                                  000000000103edf0
Thread   C:\Windows\system32\services.exe [792:3200]                                                                                                                                  000000000103edf0
Thread   C:\Windows\system32\services.exe [792:3204]                                                                                                                                  000000000103edf0
Thread   C:\Windows\system32\svchost.exe [392:624]                                                                                                                                    000000000122edf0
Thread   C:\Windows\system32\svchost.exe [392:620]                                                                                                                                    000000000122edf0
Thread   C:\Windows\system32\svchost.exe [392:616]                                                                                                                                    000000000122edf0
Thread   C:\Windows\system32\svchost.exe [392:640]                                                                                                                                    000000000122edf0
Thread   C:\Windows\system32\svchost.exe [392:488]                                                                                                                                    000000000122edf0
Thread   C:\Windows\system32\svchost.exe [392:780]                                                                                                                                    000000000122edf0
Thread   C:\Windows\system32\svchost.exe [392:740]                                                                                                                                    000000000122edf0
Thread   C:\Windows\system32\svchost.exe [392:716]                                                                                                                                    000000000122edf0
Thread   C:\Windows\system32\svchost.exe [1136:1536]                                                                                                                                  0000000000c8edf0
Thread   C:\Windows\system32\svchost.exe [1136:1540]                                                                                                                                  0000000000c8edf0
Thread   C:\Windows\system32\svchost.exe [1136:1544]                                                                                                                                  0000000000c8edf0
Thread   C:\Windows\system32\svchost.exe [1136:1548]                                                                                                                                  0000000000c8edf0
Thread   C:\Windows\system32\svchost.exe [1136:1552]                                                                                                                                  0000000000c8edf0
Thread   C:\Windows\system32\svchost.exe [1136:1556]                                                                                                                                  0000000000c8edf0
Thread   C:\Windows\system32\svchost.exe [1136:1560]                                                                                                                                  0000000000c8edf0
Thread   C:\Windows\system32\svchost.exe [1136:1564]                                                                                                                                  0000000000c8edf0
Thread   C:\Windows\System32\spoolsv.exe [1604:1804]                                                                                                                                  0000000001f2edf0
Thread   C:\Windows\System32\spoolsv.exe [1604:1808]                                                                                                                                  0000000001f2edf0
Thread   C:\Windows\System32\spoolsv.exe [1604:1812]                                                                                                                                  0000000001f2edf0
Thread   C:\Windows\System32\spoolsv.exe [1604:1816]                                                                                                                                  0000000001f2edf0
Thread   C:\Windows\System32\spoolsv.exe [1604:1820]                                                                                                                                  0000000001f2edf0
Thread   C:\Windows\System32\spoolsv.exe [1604:1824]                                                                                                                                  0000000001f2edf0
Thread   C:\Windows\System32\spoolsv.exe [1604:1828]                                                                                                                                  0000000001f2edf0
Thread   C:\Windows\System32\spoolsv.exe [1604:1832]                                                                                                                                  0000000001f2edf0
Thread   C:\Windows\system32\svchost.exe [1652:1924]                                                                                                                                  0000000000c9edf0
Thread   C:\Windows\system32\svchost.exe [1652:1928]                                                                                                                                  0000000000c9edf0
Thread   C:\Windows\system32\svchost.exe [1652:1932]                                                                                                                                  0000000000c9edf0
Thread   C:\Windows\system32\svchost.exe [1652:1936]                                                                                                                                  0000000000c9edf0
Thread   C:\Windows\system32\svchost.exe [1652:1940]                                                                                                                                  0000000000c9edf0
Thread   C:\Windows\system32\svchost.exe [1652:1944]                                                                                                                                  0000000000c9edf0
Thread   C:\Windows\system32\svchost.exe [1652:1948]                                                                                                                                  0000000000c9edf0
Thread   C:\Windows\system32\svchost.exe [1652:1952]                                                                                                                                  0000000000c9edf0
Thread   C:\Windows\Explorer.EXE [2024:3384]                                                                                                                                          000000000760edf0
Thread   C:\Windows\Explorer.EXE [2024:3376]                                                                                                                                          000000000760edf0
Thread   C:\Windows\Explorer.EXE [2024:3364]                                                                                                                                          000000000760edf0
Thread   C:\Windows\Explorer.EXE [2024:3360]                                                                                                                                          000000000760edf0
Thread   C:\Windows\Explorer.EXE [2024:3380]                                                                                                                                          000000000760edf0
Thread   C:\Windows\Explorer.EXE [2024:988]                                                                                                                                           000000000760edf0
Thread   C:\Windows\Explorer.EXE [2024:3392]                                                                                                                                          000000000760edf0
Thread   C:\Windows\Explorer.EXE [2024:1448]                                                                                                                                          000000000760edf0
Thread   C:\Windows\Explorer.EXE [2024:9324]                                                                                                                                          000000000762d160
Thread   C:\Windows\Explorer.EXE [2024:1672]                                                                                                                                          000000000762d160
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [5168:5688]                                                                                                               000007fefb882a7c
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [5168:5696]                                                                                                               0000000000d9edf0
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [5168:5700]                                                                                                               0000000000d9edf0
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [5168:5704]                                                                                                               0000000000d9edf0
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [5168:5708]                                                                                                               0000000000d9edf0
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [5168:5712]                                                                                                               0000000000d9edf0
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [5168:5716]                                                                                                               0000000000d9edf0
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [5168:5720]                                                                                                               0000000000d9edf0
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [5168:5724]                                                                                                               0000000000d9edf0
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [5168:5732]                                                                                                               0000000000dbd160
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [5168:5736]                                                                                                               000007feefdf4830
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [5168:5772]                                                                                                               0000000000dbd160
Thread   C:\Windows\System32\svchost.exe [5516:5568]                                                                                                                                  000000000097edf0
Thread   C:\Windows\System32\svchost.exe [5516:5572]                                                                                                                                  000000000097edf0
Thread   C:\Windows\System32\svchost.exe [5516:5576]                                                                                                                                  000000000097edf0
Thread   C:\Windows\System32\svchost.exe [5516:5580]                                                                                                                                  000000000097edf0
Thread   C:\Windows\System32\svchost.exe [5516:5584]                                                                                                                                  000000000097edf0
Thread   C:\Windows\System32\svchost.exe [5516:5588]                                                                                                                                  000000000097edf0
Thread   C:\Windows\System32\svchost.exe [5516:5592]                                                                                                                                  000000000097edf0
Thread   C:\Windows\System32\svchost.exe [5516:5596]                                                                                                                                  000000000097edf0
Thread   C:\Windows\System32\svchost.exe [3848:1160]                                                                                                                                  000007fef4699688
---- Processes - GMER 2.1 ----

Process  C:\ProgramData\WPM\wprotectmanager.exe (*** suspicious ***) @ C:\ProgramData\WPM\wprotectmanager.exe [1412] (WPM Service/Cherished Technololgy LIMITED)(2                    0000000000bf0000

---- EOF - GMER 2.1 ----

Alt 13.05.2014, 09:26   #5
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7: Werbebanner und Videos auf Internetseiten; teilweise Weiterleitung auf andere Seiten - Standard

Windows 7: Werbebanner und Videos auf Internetseiten; teilweise Weiterleitung auf andere Seiten


Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 13.05.2014, 11:14   #6
Montana_72
 
Windows 7: Werbebanner und Videos auf Internetseiten; teilweise Weiterleitung auf andere Seiten - Standard

Windows 7: Werbebanner und Videos auf Internetseiten; teilweise Weiterleitung auf andere Seiten


Hier erstmal die Combofix.txt

Code:
ATTFilter
ComboFix 14-05-13.01 - Montana 13.05.2014  12:02:33.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.7640.4732 [GMT 2:00]
ausgeführt von:: c:\users\Montana\Downloads\ComboFix.exe
AV: Kaspersky Anti-Virus *Enabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Anti-Virus *Enabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\users\Montana\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
c:\users\Montana\AppData\Local\Google\Chrome\User Data\Default\bProtectorPreferences
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-04-13 bis 2014-05-13  ))))))))))))))))))))))))))))))
.
.
2014-05-13 09:46 . 2014-05-13 09:46	--------	d-----w-	c:\program files (x86)\VS Revo Group
2014-05-13 09:19 . 2014-04-17 03:31	10651704	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{BF4A06DA-E718-4BD6-9567-A013481B8CA5}\mpengine.dll
2014-05-06 20:31 . 2014-05-06 20:31	--------	d-s---w-	c:\windows\system32\CompatTel
2014-05-06 13:24 . 2014-04-14 02:24	465408	----a-w-	c:\windows\system32\aepdu.dll
2014-05-06 13:24 . 2014-04-14 02:19	424448	----a-w-	c:\windows\system32\aeinv.dll
2014-05-04 00:02 . 2014-04-29 14:01	23547904	----a-w-	c:\windows\system32\mshtml.dll
2014-05-04 00:02 . 2014-04-29 13:40	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-05-04 00:02 . 2014-04-29 12:34	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-04-28 08:44 . 2014-05-11 17:14	--------	d-----w-	C:\FRST
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-13 10:05 . 2014-03-13 10:43	94656	----a-w-	c:\windows\system32\WPRO_41_2001woem.tmp
2014-05-13 10:05 . 2013-08-17 16:52	34752	----a-w-	c:\windows\system32\drivers\WPRO_41_2001.sys
2014-04-10 01:00 . 2013-08-17 17:41	90655440	----a-w-	c:\windows\system32\MRT.exe
2014-03-31 07:35 . 2010-11-21 03:27	270496	------w-	c:\windows\system32\MpSigStub.exe
2014-03-30 14:01 . 2013-09-25 10:08	625248	----a-w-	c:\windows\system32\drivers\klif.sys
2014-03-30 14:01 . 2013-09-25 10:08	115296	----a-w-	c:\windows\system32\drivers\klflt.sys
2014-03-24 11:27 . 2014-03-24 11:27	178800	----a-w-	c:\windows\SysWow64\CmdLineExt_x64.dll
2014-03-04 09:44 . 2014-04-09 23:37	362496	----a-w-	c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-09 23:37	243712	----a-w-	c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-09 23:37	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-09 23:37	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-09 23:37	1163264	----a-w-	c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-09 23:37	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-09 23:37	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-09 23:37	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-09 23:37	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-09 23:37	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-09 23:37	2048	----a-w-	c:\windows\SysWow64\user.exe
2014-02-18 14:02 . 2013-05-05 20:42	29280	----a-w-	c:\windows\system32\drivers\klkbdflt.sys
2014-02-13 14:12 . 2014-02-13 14:12	487517	----a-w-	C:\monitor.exe
2014-02-13 13:43 . 2014-02-13 13:43	34244	----a-w-	C:\monitorsvc.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-03-27 18:29	297128	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Montana\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Sound Blaster Cinema"="c:\program files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe" [2012-11-29 711680]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]
"Aeria Ignite"="c:\program files (x86)\Aeria Games\Ignite\aeriaignite.exe" [2013-06-06 1925656]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-05-15 2255184]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
iSCTsysTray.lnk - c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [2013-2-13 249320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 dealplylive;DealPly Live-Dienst (dealplylive);c:\program files (x86)\DealPlyLive\Update\DealPlyLive.exe;c:\program files (x86)\DealPlyLive\Update\DealPlyLive.exe [x]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
R2 ProtectMonitor;Protect Monitor;c:\monitorsvc.exe;c:\monitorsvc.exe [x]
R3 dealplylivem;DealPly Live-Dienst (dealplylivem);c:\program files (x86)\DealPlyLive\Update\DealPlyLive.exe;c:\program files (x86)\DealPlyLive\Update\DealPlyLive.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 ISCTAgent;Intel(R) Smart Connect Technology Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe  [x]
S2 MSI_Trigger_Service;MSI_Trigger_Service;c:\program files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe;c:\program files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys;c:\windows\SYSNATIVE\DRIVERS\nvoclk64.sys [x]
S3 PCProtect;PCProtect;c:\program files (x86)\Web Protect\PCProtect.exe;c:\program files (x86)\Web Protect\PCProtect.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-31 21:33	1150280	----a-w-	c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-13 c:\windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job
- c:\program files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-08-17 17:09]
.
2014-05-13 c:\windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
- c:\program files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-08-17 17:09]
.
2014-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-17 16:49]
.
2014-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-17 16:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-03-20 16:08	357432	----a-w-	c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-05-27 7188552]
"MBCfg64"="c:\windows\system32\MBCfg64.dll" [2013-04-23 34432]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2014-02-27 8294680]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gLihpaVJ5a5JCURBTmcu51emVQtkyf9rLWvmT0GkmqAGRi87l67Vr7qWbXETh8fMm71B1nyAua96knyc3JbMmLOhCPcpweg7BV49_72KbLbny3Yvm4GdNANiZSjp1K8,
mDefault_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1394760088&from=adks&uid=SanDiskXSDSSDP128G_131061400976&q={searchTerms}
mDefault_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1394760088&from=adks&uid=SanDiskXSDSSDP128G_131061400976
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=dvd_14_14_ch&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0E0D0A0F0EzztDyB0A0F0DtN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StA0FyD0EzyyDyBtAtGzy0BtCtDtGtDyE0B0DtGtC0FyE0FtGyCyC0B0ByE0CzztCtCtByDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByBzz0DtD0A0ByEtG0Fzy0D0CtGtD0F0B0FtGtA0CtCzytGtDyC0A0DyCtDtAtByEtCtB0A2Q&cr=1665546957&ir=
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1394760088&from=adks&uid=SanDiskXSDSSDP128G_131061400976&q={searchTerms}
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gLihpaVJ5a5JCURBTmcu51emVQtkyf9rLWvmT0GkmqAGRi87l67Vr7qWbXETh8fMl4-0GDWhqUibiPPr_5MRX4QoBjyAwRsEuzmNyuVslMVGD6fZ9p0cQgvoSrnex88,&q={searchTerms}
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
Trusted Zone: aeriagames.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{9cf699ca-2174-4ed8-bec1-ba82095edce0} - c:\program files (x86)\DealPly\DealPlyIE.dll
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
C:\monitor.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-05-13  12:06:48 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-05-13 10:06
.
Vor Suchlauf: 12 Verzeichnis(se), 78.181.490.688 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 78.960.295.936 Bytes frei
.
- - End Of File - - 5772DB0C9049D1F76D3FEEE2BD67C6BE
A36C5E4F47E84449FF07ED3517B43A31
Die Fehlermeldung nach dem Neustart kam nicht. Andere Frage: Ist es relevant das ich die Combofix.exe auf dem Desktop habe oder nicht?

Danke erstmal bis hierhin für deine schnelle und verständliche Hilfe.

Alt 14.05.2014, 11:15   #7
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7: Werbebanner und Videos auf Internetseiten; teilweise Weiterleitung auf andere Seiten - Standard

Windows 7: Werbebanner und Videos auf Internetseiten; teilweise Weiterleitung auf andere Seiten


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 14.05.2014, 15:10   #8
Montana_72
 
Windows 7: Werbebanner und Videos auf Internetseiten; teilweise Weiterleitung auf andere Seiten - Standard

Windows 7: Werbebanner und Videos auf Internetseiten; teilweise Weiterleitung auf andere Seiten


Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 14.05.2014
Suchlauf-Zeit: 15:50:11
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.05.14.05
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Montana

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 286328
Verstrichene Zeit: 4 Min, 24 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 144
PUP.Optional.DealPly.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\dealplylive, In Quarantäne, [df6e98b96b1049eded591a020af7827e], 
PUP.Optional.DealPly.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\dealplylivem, In Quarantäne, [df6e98b96b1049eded591a020af7827e], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\APPID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}, In Quarantäne, [b39a262b74077bbb8503b5a7f70b0ff1], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassSvc, In Quarantäne, [b39a262b74077bbb8503b5a7f70b0ff1], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassSvc.1.0, In Quarantäne, [b39a262b74077bbb8503b5a7f70b0ff1], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassSvc, In Quarantäne, [b39a262b74077bbb8503b5a7f70b0ff1], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassSvc.1.0, In Quarantäne, [b39a262b74077bbb8503b5a7f70b0ff1], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}, In Quarantäne, [b39a262b74077bbb8503b5a7f70b0ff1], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}, In Quarantäne, [b39a262b74077bbb8503b5a7f70b0ff1], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [95b81d34c9b2ab8b2a033b21976bea16], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [95b81d34c9b2ab8b2a033b21976bea16], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, In Quarantäne, [0548331eb6c51125986ea3ba46bc2ed2], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, In Quarantäne, [0548331eb6c51125986ea3ba46bc2ed2], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\APPID\{F48FC5B2-094A-44C7-B48C-289738C9582D}, In Quarantäne, [f6573e135724999d7316bd9f05fdcf31], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3COMClassService, In Quarantäne, [f6573e135724999d7316bd9f05fdcf31], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3COMClassService.1.0, In Quarantäne, [f6573e135724999d7316bd9f05fdcf31], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3COMClassService, In Quarantäne, [f6573e135724999d7316bd9f05fdcf31], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3COMClassService.1.0, In Quarantäne, [f6573e135724999d7316bd9f05fdcf31], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{F48FC5B2-094A-44C7-B48C-289738C9582D}, In Quarantäne, [f6573e135724999d7316bd9f05fdcf31], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D}, In Quarantäne, [f6573e135724999d7316bd9f05fdcf31], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}, In Quarantäne, [08455af70378cb6b4f3b8dcfea184eb2], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback.1.0, In Quarantäne, [08455af70378cb6b4f3b8dcfea184eb2], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback, In Quarantäne, [08455af70378cb6b4f3b8dcfea184eb2], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback, In Quarantäne, [08455af70378cb6b4f3b8dcfea184eb2], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback.1.0, In Quarantäne, [08455af70378cb6b4f3b8dcfea184eb2], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}, In Quarantäne, [82cbc68bbebdbc7aa2d5ab7e956db34d], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}, In Quarantäne, [44090d4497e4a393c2c9be9e6e9439c7], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CredentialDialogMachine.1.0, In Quarantäne, [44090d4497e4a393c2c9be9e6e9439c7], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CredentialDialogMachine, In Quarantäne, [44090d4497e4a393c2c9be9e6e9439c7], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CredentialDialogMachine, In Quarantäne, [44090d4497e4a393c2c9be9e6e9439c7], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CredentialDialogMachine.1.0, In Quarantäne, [44090d4497e4a393c2c9be9e6e9439c7], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}, In Quarantäne, [3419a3ae196290a6414bd28aef13ad53], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoCreateAsync.1.0, In Quarantäne, [3419a3ae196290a6414bd28aef13ad53], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoCreateAsync, In Quarantäne, [3419a3ae196290a6414bd28aef13ad53], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoCreateAsync, In Quarantäne, [3419a3ae196290a6414bd28aef13ad53], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoCreateAsync.1.0, In Quarantäne, [3419a3ae196290a6414bd28aef13ad53], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}, In Quarantäne, [e26b62ef730821156924e9735da523dd], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebMachineFallback.1.0, In Quarantäne, [e26b62ef730821156924e9735da523dd], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebMachineFallback, In Quarantäne, [e26b62ef730821156924e9735da523dd], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebMachineFallback, In Quarantäne, [e26b62ef730821156924e9735da523dd], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebMachineFallback.1.0, In Quarantäne, [e26b62ef730821156924e9735da523dd], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}, In Quarantäne, [222b0d44d3a88da9ff8fb2aa8e74c53b], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoreMachineClass.1, In Quarantäne, [222b0d44d3a88da9ff8fb2aa8e74c53b], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoreMachineClass, In Quarantäne, [222b0d44d3a88da9ff8fb2aa8e74c53b], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoreMachineClass, In Quarantäne, [222b0d44d3a88da9ff8fb2aa8e74c53b], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoreMachineClass.1, In Quarantäne, [222b0d44d3a88da9ff8fb2aa8e74c53b], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}, In Quarantäne, [c58866eb25560c2ad1be0b5110f236ca], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.ProcessLauncher.1.0, In Quarantäne, [c58866eb25560c2ad1be0b5110f236ca], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.ProcessLauncher, In Quarantäne, [c58866eb25560c2ad1be0b5110f236ca], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.ProcessLauncher, In Quarantäne, [c58866eb25560c2ad1be0b5110f236ca], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.ProcessLauncher.1.0, In Quarantäne, [c58866eb25560c2ad1be0b5110f236ca], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}, In Quarantäne, [024b31201665e74fd8b88bd19c66ca36], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0, In Quarantäne, [024b31201665e74fd8b88bd19c66ca36], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachine, In Quarantäne, [024b31201665e74fd8b88bd19c66ca36], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachine, In Quarantäne, [024b31201665e74fd8b88bd19c66ca36], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0, In Quarantäne, [024b31201665e74fd8b88bd19c66ca36], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094}, In Quarantäne, [ce7fd67bfe7de056ff92b5a79d65946c], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8}, In Quarantäne, [ce7fd67bfe7de056ff92b5a79d65946c], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}, In Quarantäne, [014c62ef08730a2cff9368f4dc2636ca], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}, In Quarantäne, [014c62ef08730a2cff9368f4dc2636ca], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLive.OneClickCtrl.9, In Quarantäne, [014c62ef08730a2cff9368f4dc2636ca], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLive.OneClickCtrl.9, In Quarantäne, [014c62ef08730a2cff9368f4dc2636ca], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}, In Quarantäne, [014c62ef08730a2cff9368f4dc2636ca], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}, In Quarantäne, [014c62ef08730a2cff9368f4dc2636ca], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLive.Update3WebControl.3, In Quarantäne, [014c62ef08730a2cff9368f4dc2636ca], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLive.Update3WebControl.3, In Quarantäne, [014c62ef08730a2cff9368f4dc2636ca], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}, In Quarantäne, [014c62ef08730a2cff9368f4dc2636ca], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}, In Quarantäne, [014c62ef08730a2cff9368f4dc2636ca], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8}, In Quarantäne, [ca83df7269129e98f69d82da8c76a15f], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C536F080-57B7-46D6-8894-C647553F2889}, In Quarantäne, [a5a8fe535e1ddb5b34606deff50d39c7], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLive.OneClickProcessLauncherMachine.1.0, In Quarantäne, [a5a8fe535e1ddb5b34606deff50d39c7], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLive.OneClickProcessLauncherMachine, In Quarantäne, [a5a8fe535e1ddb5b34606deff50d39c7], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLive.OneClickProcessLauncherMachine, In Quarantäne, [a5a8fe535e1ddb5b34606deff50d39c7], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLive.OneClickProcessLauncherMachine.1.0, In Quarantäne, [a5a8fe535e1ddb5b34606deff50d39c7], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C536F080-57B7-46D6-8894-C647553F2889}, In Quarantäne, [a5a8fe535e1ddb5b34606deff50d39c7], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659}, In Quarantäne, [212c232eb7c477bfc9cc0953c63ce11f], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoreClass.1, In Quarantäne, [212c232eb7c477bfc9cc0953c63ce11f], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.CoreClass, In Quarantäne, [212c232eb7c477bfc9cc0953c63ce11f], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoreClass, In Quarantäne, [212c232eb7c477bfc9cc0953c63ce11f], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.CoreClass.1, In Quarantäne, [212c232eb7c477bfc9cc0953c63ce11f], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}, In Quarantäne, [82cbd97889f29d994dec8ecea1618a76], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, In Quarantäne, [82cbd97889f29d994dec8ecea1618a76], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, In Quarantäne, [82cbd97889f29d994dec8ecea1618a76], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc.1, In Quarantäne, [82cbd97889f29d994dec8ecea1618a76], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc, In Quarantäne, [82cbd97889f29d994dec8ecea1618a76], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc, In Quarantäne, [82cbd97889f29d994dec8ecea1618a76], 
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc.1, In Quarantäne, [82cbd97889f29d994dec8ecea1618a76], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725}, In Quarantäne, [dd705bf67cff1f17e7afde7e38ca41bf], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebSvc.1.0, In Quarantäne, [dd705bf67cff1f17e7afde7e38ca41bf], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebSvc, In Quarantäne, [dd705bf67cff1f17e7afde7e38ca41bf], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebSvc, In Quarantäne, [dd705bf67cff1f17e7afde7e38ca41bf], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebSvc.1.0, In Quarantäne, [dd705bf67cff1f17e7afde7e38ca41bf], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}, In Quarantäne, [2d20f859afcc330315829fbdb44e738d], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebMachine.1.0, In Quarantäne, [2d20f859afcc330315829fbdb44e738d], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\DealPlyLiveUpdate.Update3WebMachine, In Quarantäne, [2d20f859afcc330315829fbdb44e738d], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebMachine, In Quarantäne, [2d20f859afcc330315829fbdb44e738d], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DealPlyLiveUpdate.Update3WebMachine.1.0, In Quarantäne, [2d20f859afcc330315829fbdb44e738d], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{4599D05A-D545-4069-BB42-5895B4EAE05B}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1231839B-064E-4788-B865-465A1B5266FD}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{2DAC2231-CC35-482B-97C5-CED1D4185080}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{57C91446-8D81-4156-A70E-624551442DE9}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{97DD820D-2E20-40AD-B01E-6730B2FCE630}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B177446D-54A4-4869-BABC-8566110B4BE0}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F05B12E1-ADE8-4485-B45B-898748B53C37}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1231839B-064E-4788-B865-465A1B5266FD}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2DAC2231-CC35-482B-97C5-CED1D4185080}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{57C91446-8D81-4156-A70E-624551442DE9}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{97DD820D-2E20-40AD-B01E-6730B2FCE630}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B177446D-54A4-4869-BABC-8566110B4BE0}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F05B12E1-ADE8-4485-B45B-898748B53C37}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{4599D05A-D545-4069-BB42-5895B4EAE05B}, In Quarantäne, [9ab3b69b89f2ae8841ebe676659d8f71], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\delta.deltaHlpr, In Quarantäne, [ee5fe66b75066fc72efed08bd42e1de3], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\delta.deltaHlpr.1, In Quarantäne, [a6a762efbcbfd264979565f6df23936d], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\delta.deltaHlpr, In Quarantäne, [a6a762efbcbfd264979565f6df23936d], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\delta.deltaHlpr.1, In Quarantäne, [a6a762efbcbfd264979565f6df23936d], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\CLASSES\APPID\DealPlyLive.exe, In Quarantäne, [ce7f0150e09bbc7acac0b8f817ec8f71], 
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [7bd2a1b0b2c91e187f6e5d5db94a9a66], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\DealPlyLive, In Quarantäne, [133a133edf9caf87d2bacee222e15da3], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\DealPlyLive.exe, In Quarantäne, [82cb63eea5d6181e4c3e119f6a998878], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\DEALPLY, In Quarantäne, [2924ff525625c96d305b258bbc47fa06], 
PUP.Optional.Lyrics.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\epojlgbehpaeekopencdagbdamnkppci, In Quarantäne, [430ac48db4c7a78ff5d2e7a840c2ab55], 
PUP.Optional.QuickStart.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pelmeidfhdlhlbjimpabfcbnnojbboma, In Quarantäne, [0d4075dc443770c6e30a0d7ff40eff01], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@tools.dpliveupdate.com/DealPlyLive Update;version=3, In Quarantäne, [60ed60f10774d462dab4228e30d39d63], 
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@tools.dpliveupdate.com/DealPlyLive Update;version=9, In Quarantäne, [8ebf5cf55a21be788a04a50b857e10f0], 
PUP.Optional.DataMngr.A, HKU\S-1-5-21-3951798952-3253315376-1183451035-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, In Quarantäne, [58f5a7aa2b50e353d928cce302010af6], 
PUP.Optional.DealPly.A, HKU\S-1-5-21-3951798952-3253315376-1183451035-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DealPlyLive, In Quarantäne, [67e693be6c0f2313e8a80ca428dbb44c], 
PUP.Optional.DealPly.A, HKU\S-1-5-21-3951798952-3253315376-1183451035-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DEALPLY, In Quarantäne, [95b8cb86a4d76fc746495759748f03fd], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3951798952-3253315376-1183451035-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [ba934f0274070036ef1c7b1ecd3546ba], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3951798952-3253315376-1183451035-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [88c597ba12690531a583bff0e41f6d93], 
PUP.Optional.BProtector.A, HKU\S-1-5-21-3951798952-3253315376-1183451035-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, In Quarantäne, [3d10c68b9ae1bd79eb726c46c241956b], 

Registrierungswerte: 5
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\DEALPLY|ChromeCrxPath, C:\Program Files (x86)\DealPly\DealPly.crx, In Quarantäne, [2924ff525625c96d305b258bbc47fa06]
PUP.Optional.DealPly.A, HKU\S-1-5-21-3951798952-3253315376-1183451035-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DEALPLY|Partner, iron, In Quarantäne, [95b8cb86a4d76fc746495759748f03fd]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3951798952-3253315376-1183451035-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0A2O1C1R1H2Z1S1G1M1F, In Quarantäne, [88c597ba12690531a583bff0e41f6d93]
PUP.BProtector, HKU\S-1-5-21-3951798952-3253315376-1183451035-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|bProtector Start Page, hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=1A6FD43D7EDAFE80&affID=119357&tsp=4979, In Quarantäne, [9ab3d57c403b57df24dfc0ef7b88fd03]
PUP.BProtector, HKU\S-1-5-21-3951798952-3253315376-1183451035-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|bProtectorDefaultScope, {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, In Quarantäne, [371686cb631877bfd82c5c530102cb35]

Registrierungsdaten: 10
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://start.mysearchdial.com/?f=1&a=dvd_14_14_ch&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0E0D0A0F0EzztDyB0A0F0DtN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StA0FyD0EzyyDyBtAtGzy0BtCtDtGtDyE0B0DtGtC0FyE0FtGyCyC0B0ByE0CzztCtCtByDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByBzz0DtD0A0ByEtG0Fzy0D0CtGtD0F0B0FtGtA0CtCzytGtDyC0A0DyCtDtAtByEtCtB0A2Q&cr=1665546957&ir=, Gut: (hxxp://www.google.com), Schlecht: (hxxp://start.mysearchdial.com/?f=1&a=dvd_14_14_ch&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0E0D0A0F0EzztDyB0A0F0DtN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StA0FyD0EzyyDyBtAtGzy0BtCtDtGtDyE0B0DtGtC0FyE0FtGyCyC0B0ByE0CzztCtCtByDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByBzz0DtD0A0ByEtG0Fzy0D0CtGtD0F0B0FtGtA0CtCzytGtDyC0A0DyCtDtAtByEtCtB0A2Q&cr=1665546957&ir=),Ersetzt,[91bc62ef215a3ef80046ef58768e619f]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[0b42a6ab78036ec8e0fb56f127dde917]
PUP.Optional.Awesomehp.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.awesomehp.com/web/?type=ds&ts=1394760088&from=adks&uid=SanDiskXSDSSDP128G_131061400976&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www.awesomehp.com/web/?type=ds&ts=1394760088&from=adks&uid=SanDiskXSDSSDP128G_131061400976&q={searchTerms}),Ersetzt,[4d009eb30774033360c0b7872ed67e82]
PUP.Optional.Awesomehp.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.awesomehp.com/?type=hp&ts=1394760088&from=adks&uid=SanDiskXSDSSDP128G_131061400976, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www.awesomehp.com/?type=hp&ts=1394760088&from=adks&uid=SanDiskXSDSSDP128G_131061400976),Ersetzt,[eb628bc60675f541f9222717ad576b95]
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://start.mysearchdial.com/?f=1&a=dvd_14_14_ch&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0E0D0A0F0EzztDyB0A0F0DtN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StA0FyD0EzyyDyBtAtGzy0BtCtDtGtDyE0B0DtGtC0FyE0FtGyCyC0B0ByE0CzztCtCtByDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByBzz0DtD0A0ByEtG0Fzy0D0CtGtD0F0B0FtGtA0CtCzytGtDyC0A0DyCtDtAtByEtCtB0A2Q&cr=1665546957&ir=, Gut: (hxxp://www.google.com), Schlecht: (hxxp://start.mysearchdial.com/?f=1&a=dvd_14_14_ch&cd=2XzuyEtN2Y1L1Qzu0DyEtA0DyB0E0D0A0F0EzztDyB0A0F0DtN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StA0FyD0EzyyDyBtAtGzy0BtCtDtGtDyE0B0DtGtC0FyE0FtGyCyC0B0ByE0CzztCtCtByDyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByBzz0DtD0A0ByEtG0Fzy0D0CtGtD0F0B0FtGtA0CtCzytGtDyC0A0DyCtDtAtByEtCtB0A2Q&cr=1665546957&ir=),Ersetzt,[3518aca584f71620361035121ce8ab55]
PUP.Optional.SnapDo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gLihpaVJ5a5JCURBTmcu51emVQtkyf9rLWvmT0GkmqAGRi87l67Vr7qWbXETh8fMl4-0GDWhqUibiPPr_5MRX4QoBjyAwRsEuzmNyuVslMVGD6fZ9p0cQgvoSrnex8g,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gLihpaVJ5a5JCURBTmcu51emVQtkyf9rLWvmT0GkmqAGRi87l67Vr7qWbXETh8fMl4-0GDWhqUibiPPr_5MRX4QoBjyAwRsEuzmNyuVslMVGD6fZ9p0cQgvoSrnex8g,&q={searchTerms}),Ersetzt,[aaa3bb96d0ab3ff716cf95a88183f20e]
PUP.Optional.Snapdo, HKU\S-1-5-21-3951798952-3253315376-1183451035-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gLihpaVJ5a5JCURBTmcu51emVQtkyf9rLWvmT0GkmqAGRi87l67Vr7qWbXETh8fMm71B1nyAua96knyc3JbMmLOhCPcpweg7BV49_72KbLbny3Yvm4GdNANiZSjp1K8,, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gLihpaVJ5a5JCURBTmcu51emVQtkyf9rLWvmT0GkmqAGRi87l67Vr7qWbXETh8fMm71B1nyAua96knyc3JbMmLOhCPcpweg7BV49_72KbLbny3Yvm4GdNANiZSjp1K8,),Ersetzt,[ed60420ff88368ce51fb1532b64e926e]
PUP.Optional.Snapdo, HKU\S-1-5-21-3951798952-3253315376-1183451035-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gLihpaVJ5a5JCURBTmcu51emVQtkyf9rLWvmT0GkmqAGRi87l67Vr7qWbXETh8fMl4-0GDWhqUibiPPr_5MRX4QoBjyAwRsEuzmNyuVslMVGD6fZ9p0cQgvoSrnex88,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gLihpaVJ5a5JCURBTmcu51emVQtkyf9rLWvmT0GkmqAGRi87l67Vr7qWbXETh8fMl4-0GDWhqUibiPPr_5MRX4QoBjyAwRsEuzmNyuVslMVGD6fZ9p0cQgvoSrnex88,&q={searchTerms}),Ersetzt,[82cbfc55601b96a08bc2a3a4a460e61a]
PUP.Optional.Snapdo, HKU\S-1-5-21-3951798952-3253315376-1183451035-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gLihpaVJ5a5JCURBTmcu51emVQtkyf9rLWvmT0GkmqAGRi87l67Vr7qWbXETh8fMl4-0GDWhqUibiPPr_5MRX4QoBjyAwRsEuzmNyuVslMVGD6fZ9p0cQgvoSrnex88,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gLihpaVJ5a5JCURBTmcu51emVQtkyf9rLWvmT0GkmqAGRi87l67Vr7qWbXETh8fMl4-0GDWhqUibiPPr_5MRX4QoBjyAwRsEuzmNyuVslMVGD6fZ9p0cQgvoSrnex88,&q={searchTerms}),Ersetzt,[2b2209486f0c8bab9cb21f28897be61a]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-3951798952-3253315376-1183451035-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gLihpaVJ5a5JCURBTmcu51emVQtkyf9rLWvmT0GkmqAGRi87l67Vr7qWbXETh8fMl4-0GDWhqUibiPPr_5MRX4QoBjyAwRsEuzmNyuVslMVGD6fZ9p0cQgvoSrnex88,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gLihpaVJ5a5JCURBTmcu51emVQtkyf9rLWvmT0GkmqAGRi87l67Vr7qWbXETh8fMl4-0GDWhqUibiPPr_5MRX4QoBjyAwRsEuzmNyuVslMVGD6fZ9p0cQgvoSrnex88,&q={searchTerms}),Ersetzt,[0647173a562592a421c51924778d6f91]

Ordner: 26
PUP.Optional.Updater, C:\Users\Montana\AppData\Roaming\DigitalSites\UpdateProc, In Quarantäne, [87c6460b9fdc79bdfc58a4f523dff808], 
PUP.OPtional.Dealply.A, C:\Users\Montana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly, In Quarantäne, [1d3075dcfe7d8ea803759915f90a7e82], 
PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive, In Quarantäne, [b59839184932a29405ecd49aa95919e7], 
PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive\Update, In Quarantäne, [b59839184932a29405ecd49aa95919e7], 
PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive\Update\Log, In Quarantäne, [b59839184932a29405ecd49aa95919e7], 
PUP.Optional.DealPly.A, C:\Users\Montana\AppData\Roaming\Dealply, In Quarantäne, [5af3c988097275c11fd33c3234cee51b], 
PUP.Optional.DealPly.A, C:\Users\Montana\AppData\Roaming\Dealply\UpdateProc, In Quarantäne, [5af3c988097275c11fd33c3234cee51b], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\CrashReports, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\Download, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\Install, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\Offline, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\Offline\{AEEC4BBE-6A51-486C-8A7C-D2C1D0B771DD}, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.Delta.A, C:\Program Files (x86)\Delta\delta\1.8.24.5, In Quarantäne, [92bb4110d8a3b97d7c7986e8ea1818e8], 
PUP.Optional.OpenCandy, C:\Users\Montana\AppData\Roaming\OpenCandy, In Quarantäne, [84c9c38ef784ff370f1aacc3837fdf21], 
PUP.Optional.OpenCandy, C:\Users\Montana\AppData\Roaming\OpenCandy\048312E388DC44E3BD161DFE59206FAE, In Quarantäne, [84c9c38ef784ff370f1aacc3837fdf21], 
PUP.Optional.OpenCandy, C:\Users\Montana\AppData\Roaming\OpenCandy\81118B5DB02B475BB29E060E132F8361, In Quarantäne, [84c9c38ef784ff370f1aacc3837fdf21], 
PUP.Optional.DealPly.A, C:\Users\Montana\AppData\Local\DealPlyLive, In Quarantäne, [d776de735f1c37ffb7903e3131d1a759], 
PUP.Optional.DealPly.A, C:\Users\Montana\AppData\Local\DealPlyLive\CrashReports, In Quarantäne, [d776de735f1c37ffb7903e3131d1a759], 
PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial, In Quarantäne, [004d5ef3007ba690631dd89824def10f], 
PUP.Optional.MySearchDial.A, C:\Program Files (x86)\Mysearchdial\1.8.29.0, In Quarantäne, [004d5ef3007ba690631dd89824def10f], 
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, In Quarantäne, [49042d24bac1171f23cab3be867cdf21], 
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update, In Quarantäne, [49042d24bac1171f23cab3be867cdf21], 
PUP.Optional.WeatherItUp.A, C:\Program Files (x86)\Weather It Up, In Quarantäne, [93babb969dde3303741b4231976bdc24], 

Dateien: 89
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe, In Quarantäne, [df6e98b96b1049eded591a020af7827e], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\psmachine.dll, In Quarantäne, [ce7fd67bfe7de056ff92b5a79d65946c], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll, In Quarantäne, [014c62ef08730a2cff9368f4dc2636ca], 
PUP.Optional.Babylon.A, C:\Users\Montana\AppData\Roaming\OpenCandy\048312E388DC44E3BD161DFE59206FAE\DeltaTB.exe, In Quarantäne, [cd807bd6780377bf38f8a461e91846ba], 
PUP.Optional.Superfish.A, C:\Users\Montana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Löschen bei Neustart, [89c43c1595e66bcbc5e4106f7c86649c], 
PUP.Optional.Superfish.A, C:\Users\Montana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, In Quarantäne, [2528430ef784171fa702cfb0a062e11f], 
PUP.Optional.QuickStart.A, C:\Users\Montana\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx, In Quarantäne, [212cdf725724e45231d6f596e51d1ce4], 
PUP.Optional.Updater, C:\Users\Montana\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe, In Quarantäne, [87c6460b9fdc79bdfc58a4f523dff808], 
PUP.Optional.Updater, C:\Users\Montana\AppData\Roaming\DigitalSites\UpdateProc\config.dat, In Quarantäne, [87c6460b9fdc79bdfc58a4f523dff808], 
PUP.Optional.Updater, C:\Users\Montana\AppData\Roaming\DigitalSites\UpdateProc\info.dat, In Quarantäne, [87c6460b9fdc79bdfc58a4f523dff808], 
PUP.Optional.Updater, C:\Users\Montana\AppData\Roaming\DigitalSites\UpdateProc\STTL.DAT, In Quarantäne, [87c6460b9fdc79bdfc58a4f523dff808], 
PUP.Optional.Updater, C:\Users\Montana\AppData\Roaming\DigitalSites\UpdateProc\TTL.DAT, In Quarantäne, [87c6460b9fdc79bdfc58a4f523dff808], 
PUP.OPtional.Dealply.A, C:\Users\Montana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\Uninstall DealPly.lnk, In Quarantäne, [1d3075dcfe7d8ea803759915f90a7e82], 
PUP.OPtional.Dealply.A, C:\Users\Montana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly Help.url, In Quarantäne, [1d3075dcfe7d8ea803759915f90a7e82], 
PUP.OPtional.Dealply.A, C:\Users\Montana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly.url, In Quarantäne, [1d3075dcfe7d8ea803759915f90a7e82], 
PUP.Optional.DealPly.A, C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job, In Quarantäne, [a0ada5acd9a2053136b5a80cef14d927], 
PUP.Optional.DealPly.A, C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job, In Quarantäne, [84c9c78a176444f2faf164500cf7c43c], 
PUP.Optional.FunMoods.A, C:\Users\Montana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage, In Quarantäne, [e964b899daa1ab8bcb8c43759f6415eb], 
PUP.Optional.DealPly.A, C:\ProgramData\DealPlyLive\Update\Log\DealPlyLive.log, In Quarantäne, [b59839184932a29405ecd49aa95919e7], 
PUP.Optional.DealPly.A, C:\Users\Montana\AppData\Roaming\Dealply\UpdateProc\config.dat, In Quarantäne, [5af3c988097275c11fd33c3234cee51b], 
PUP.Optional.DealPly.A, C:\Users\Montana\AppData\Roaming\Dealply\UpdateProc\info.dat, In Quarantäne, [5af3c988097275c11fd33c3234cee51b], 
PUP.Optional.DealPly.A, C:\Users\Montana\AppData\Roaming\Dealply\UpdateProc\STTL.DAT, In Quarantäne, [5af3c988097275c11fd33c3234cee51b], 
PUP.Optional.DealPly.A, C:\Users\Montana\AppData\Roaming\Dealply\UpdateProc\TTL.DAT, In Quarantäne, [5af3c988097275c11fd33c3234cee51b], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLive.exe, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveBroker.exe, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveHandler.exe, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveHelper.msi, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveOnDemand.exe, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_bn.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ca.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_cs.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_da.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_de.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_el.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_en-GB.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_en.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_es-419.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_es.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_et.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fa.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fi.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fil.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fr.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_gu.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hr.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hu.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_id.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_is.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_it.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_iw.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ja.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_kn.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ko.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_lt.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_lv.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ml.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_mr.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ms.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_nl.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_no.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdate.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_am.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ar.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pt-BR.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pt-PT.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ro.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ru.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sk.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sl.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sr.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sv.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sw.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ta.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_te.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_th.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_tr.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_uk.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ur.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_vi.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_zh-CN.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_zh-TW.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\psuser.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_bg.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hi.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.DealPly.A, C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pl.dll, In Quarantäne, [351861f02f4cfa3c02f196d89e640ef2], 
PUP.Optional.OpenCandy, C:\Users\Montana\AppData\Roaming\OpenCandy\81118B5DB02B475BB29E060E132F8361\TuneUpUtilities2013-2200217_de-DE.exe, In Quarantäne, [84c9c38ef784ff370f1aacc3837fdf21], 
PUP.Optional.WeatherItUp.A, C:\Program Files (x86)\Weather It Up\Weather It Up-bho64.dll, In Quarantäne, [93babb969dde3303741b4231976bdc24], 
PUP.Optional.WeatherItUp.A, C:\Program Files (x86)\Weather It Up\Weather It Up-bho.dll, In Quarantäne, [93babb969dde3303741b4231976bdc24], 
PUP.Optional.Snapdo.A, C:\Users\Montana\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (   "homepage": "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gLihpaVJ5a5JCURBTmcu51emVQtkyf9rLWvmT0GkmqAGRi87l67Vr7qWbXETh8fMm71B1nyAua96knyc3JbMmLOhCPcpweg7BV49_72KbLbny3Yvm4GdNANiZSjp1Kg,",), Ersetzt,[c38a460b7803b77fdcce6f04b35158a8]

Physische Sektoren: 0
(No malicious items detected)


(end)
Code:
ATTFilter
# AdwCleaner v3.208 - Bericht erstellt am 14/05/2014 um 15:58:01
# Aktualisiert 11/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Montana - MONTANA-PC
# Gestartet von : C:\Users\Montana\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BrowserDefender
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Program Files (x86)\Delta
Ordner Gelöscht : C:\Program Files (x86)\Web Protect
Ordner Gelöscht : C:\Users\Montana\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Ordner Gelöscht : C:\Users\Montana\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Montana\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\Montana\AppData\Roaming\DSite
Ordner Gelöscht : C:\Users\Montana\AppData\Roaming\SupTab
Datei Gelöscht : C:\Windows\System32\Tasks\BrowserDefendert
Datei Gelöscht : C:\Windows\System32\Tasks\Dealply
Datei Gelöscht : C:\Windows\System32\Tasks\DealPlyUpdate

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\webcakeupdater
Schlüssel Gelöscht : HKCU\Software\5a57d88fb36dba15
Schlüssel Gelöscht : HKLM\SOFTWARE\5a57d88fb36dba15
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9CF699CA-2174-4ED8-BEC1-BA82095EDCE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DE27CF30-9C47-4FF7-AE8A-2C3DF0ABDE90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CF699CA-2174-4ED8-BEC1-BA82095EDCE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\WebProtect
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\lyrixeeker
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\WebProtect

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Google Chrome v33.0.1750.154

[ Datei : C:\Users\Montana\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gLihpaVJ5a5JCURBTmcu51emVQtkyf9rLWvmT0GkmqAGRi87l67Vr7qWbXETh8fMl4-0GDWhqUibiPPr_5MRX4QoBjyAwRsEuzmNyuVslMVGD6fZ9p0cQgvoSrnex8g,&q={searchTerms}
Gelöscht [Homepage] : hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd5gLihpaVJ5a5JCURBTmcu51emVQtkyf9rLWvmT0GkmqAGRi87l67Vr7qWbXETh8fMm71B1nyAua96knyc3JbMmLOhCPcpweg7BV49_72KbLbny3Yvm4GdNANiZSjp1Kg,
Gelöscht [Extension] : fjoijdanhaiflhibkljeklcghcmmfffh
Gelöscht [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma

*************************

AdwCleaner[R0].txt - [6973 octets] - [14/05/2014 15:55:42]
AdwCleaner[S0].txt - [6442 octets] - [14/05/2014 15:58:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6502 octets] ##########
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Montana on 14.05.2014 at 16:03:33,51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3951798952-3253315376-1183451035-1000\Software\sweetim



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.05.2014 at 16:06:32,05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014
Ran by Montana (administrator) on MONTANA-PC on 14-05-2014 16:07:04
Running from C:\Users\Montana\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
() C:\monitor.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\DeviceDisplayObjectProvider.exe
(Microsoft Corporation) C:\Windows\System32\Dxpserver.exe
(Akamai Technologies, Inc.) C:\Users\Montana\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Akamai Technologies, Inc.) C:\Users\Montana\AppData\Local\Akamai\netsession_win.exe
(Aeria Games & Entertainment) C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2013-05-27] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\MBCfg64.dll [34432 2013-04-23] (Creative Technology Ltd.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8294680 2014-02-28] (Logitech Inc.)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2012-11-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-05-15] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-3951798952-3253315376-1183451035-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Montana\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3951798952-3253315376-1183451035-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-09-25]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-09-25]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-09-25]
FF HKCU\...\Firefox\Extensions: [{4340308e-3e37-4dd7-9192-8cf05ce9c9f2}] - C:\Program Files (x86)\LyriXeeker\130.xpi
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (Intel00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Extension: (Kaspersky Protection) - C:\Users\Montana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-03-31]
CHR Extension: (YouTube) - C:\Users\Montana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-17]
CHR Extension: (Google-Suche) - C:\Users\Montana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-17]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Montana\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-09-25]
CHR Extension: (Google Wallet) - C:\Users\Montana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-31]
CHR Extension: (Google Mail) - C:\Users\Montana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-17]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-04-05]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-04-05]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-08-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-02] (Kaspersky Lab ZAO)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [180200 2013-02-13] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-17] (Intel Corporation)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [29728 2013-05-28] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [278336 2011-09-19] (NVIDIA)
S2 ProtectMonitor; C:\monitorsvc.exe [34244 2014-02-13] ()
S3 PCProtect; C:\Program Files (x86)\Web Protect\PCProtect.exe [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21048 2013-02-13] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21048 2013-02-13] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-02-13] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-07] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-30] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-30] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-02] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-19] (Kaspersky Lab ZAO)
R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-05-14] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-14 16:06 - 2014-05-14 16:06 - 00001110 _____ () C:\Users\Montana\Desktop\JRT.txt
2014-05-14 16:03 - 2014-05-14 16:03 - 00000000 ____D () C:\Windows\ERUNT
2014-05-14 16:01 - 2014-05-14 16:01 - 01016261 _____ (Thisisu) C:\Users\Montana\Desktop\JRT.exe
2014-05-14 16:00 - 2014-05-14 16:00 - 00006602 _____ () C:\Users\Montana\Desktop\AdwCleaner[S0].txt
2014-05-14 15:55 - 2014-05-14 15:58 - 00000000 ____D () C:\AdwCleaner
2014-05-14 15:55 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-14 15:53 - 2014-05-14 15:53 - 01325827 _____ () C:\Users\Montana\Downloads\adwcleaner.exe
2014-05-14 15:52 - 2014-05-14 15:52 - 00047572 _____ () C:\Users\Montana\Desktop\mbam.txt
2014-05-14 15:44 - 2014-05-14 15:52 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-14 15:43 - 2014-05-14 15:43 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-14 15:43 - 2014-05-14 15:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-14 15:43 - 2014-05-14 15:43 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-14 15:43 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-14 15:43 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-14 15:43 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-14 15:40 - 2014-05-14 15:41 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Montana\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-13 12:06 - 2014-05-13 12:06 - 00015913 _____ () C:\Users\Montana\Desktop\ComboFix.txt
2014-05-13 12:02 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-13 12:02 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-13 12:02 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-13 12:02 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-13 12:02 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-13 12:02 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-13 12:02 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-13 12:02 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-13 12:00 - 2014-05-13 12:06 - 00000000 ____D () C:\Windows\erdnt
2014-05-13 12:00 - 2014-05-13 12:06 - 00000000 ____D () C:\Qoobox
2014-05-13 11:58 - 2014-05-13 11:58 - 05200050 ____R (Swearware) C:\Users\Montana\Downloads\ComboFix.exe
2014-05-13 11:46 - 2014-05-13 11:46 - 00001268 _____ () C:\Users\Montana\Desktop\Revo Uninstaller.lnk
2014-05-13 11:46 - 2014-05-13 11:46 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-13 11:44 - 2014-05-13 11:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Montana\Downloads\revosetup95.exe
2014-05-11 20:11 - 2014-05-11 20:11 - 00000476 _____ () C:\Users\Montana\Downloads\defogger_disable.log
2014-05-11 19:30 - 2014-05-11 19:30 - 00053447 _____ () C:\Users\Montana\Desktop\Gmer.txt
2014-05-11 19:14 - 2014-05-14 16:07 - 00016576 _____ () C:\Users\Montana\Desktop\FRST.txt
2014-05-11 19:12 - 2014-05-11 19:12 - 00000476 _____ () C:\Users\Montana\Desktop\defogger_disable.log
2014-05-06 22:31 - 2014-05-06 22:31 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-06 15:24 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-06 15:24 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-04 02:02 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-04 02:02 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-04 02:02 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-04 02:02 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-30 13:16 - 2014-04-30 13:16 - 00001083 _____ () C:\Users\Montana\Desktop\Minecraft.lnk
2014-04-30 13:15 - 2014-04-30 13:15 - 00675988 _____ () C:\Users\Montana\Downloads\Minecraft.exe
2014-04-28 10:45 - 2014-04-28 10:45 - 00034458 _____ () C:\Users\Montana\Desktop\Addition.txt
2014-04-28 10:44 - 2014-05-14 16:07 - 00000000 ____D () C:\FRST
2014-04-28 10:40 - 2014-04-28 10:40 - 00000000 _____ () C:\Users\Montana\defogger_reenable
2014-04-28 10:37 - 2014-04-28 10:37 - 00380416 _____ () C:\Users\Montana\Desktop\Gmer-19357.exe
2014-04-28 10:36 - 2014-05-11 19:13 - 02066432 _____ (Farbar) C:\Users\Montana\Desktop\FRST64.exe
2014-04-28 10:32 - 2014-04-28 10:32 - 00050477 _____ () C:\Users\Montana\Desktop\Defogger.exe
2014-04-15 02:51 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-15 02:51 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-15 02:51 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-15 02:51 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-15 02:51 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-15 02:51 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-15 02:51 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-15 02:51 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-15 02:51 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-15 02:51 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-15 02:51 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-15 02:51 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-15 02:51 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-15 02:51 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-15 02:51 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-15 02:51 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-15 02:51 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-15 02:51 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-15 02:51 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-15 02:51 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-15 02:51 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-15 02:51 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-15 02:51 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-15 02:51 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-15 02:51 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-15 02:51 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-15 02:51 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-15 02:51 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-15 02:51 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-15 02:51 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-15 02:51 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-15 02:51 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-15 02:51 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-15 02:51 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-15 02:51 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-15 02:51 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-15 02:51 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-15 02:51 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-15 02:51 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-15 02:51 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-15 02:51 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-15 02:51 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-15 02:51 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-15 02:51 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

==================== One Month Modified Files and Folders =======

2014-05-14 16:07 - 2014-05-11 19:14 - 00016576 _____ () C:\Users\Montana\Desktop\FRST.txt
2014-05-14 16:07 - 2014-04-28 10:44 - 00000000 ____D () C:\FRST
2014-05-14 16:06 - 2014-05-14 16:06 - 00001110 _____ () C:\Users\Montana\Desktop\JRT.txt
2014-05-14 16:06 - 2011-04-12 09:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-05-14 16:06 - 2011-04-12 09:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-05-14 16:06 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-14 16:06 - 2009-07-14 06:45 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-14 16:06 - 2009-07-14 06:45 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-14 16:03 - 2014-05-14 16:03 - 00000000 ____D () C:\Windows\ERUNT
2014-05-14 16:01 - 2014-05-14 16:01 - 01016261 _____ (Thisisu) C:\Users\Montana\Desktop\JRT.exe
2014-05-14 16:00 - 2014-05-14 16:00 - 00006602 _____ () C:\Users\Montana\Desktop\AdwCleaner[S0].txt
2014-05-14 15:59 - 2014-03-13 12:43 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-05-14 15:59 - 2013-09-25 12:08 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-05-14 15:59 - 2013-09-15 18:51 - 00000000 ____D () C:\Users\Montana\AppData\Local\LogMeIn Hamachi
2014-05-14 15:59 - 2013-08-17 18:55 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-14 15:59 - 2013-08-17 18:52 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-05-14 15:59 - 2013-08-17 18:49 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-14 15:59 - 2010-11-21 05:47 - 00474698 _____ () C:\Windows\PFRO.log
2014-05-14 15:59 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-14 15:59 - 2009-07-14 06:51 - 00061838 _____ () C:\Windows\setupact.log
2014-05-14 15:58 - 2014-05-14 15:55 - 00000000 ____D () C:\AdwCleaner
2014-05-14 15:58 - 2013-08-17 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-14 15:58 - 2013-08-17 18:40 - 02069383 _____ () C:\Windows\WindowsUpdate.log
2014-05-14 15:55 - 2013-08-17 18:49 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-14 15:53 - 2014-05-14 15:53 - 01325827 _____ () C:\Users\Montana\Downloads\adwcleaner.exe
2014-05-14 15:52 - 2014-05-14 15:52 - 00047572 _____ () C:\Users\Montana\Desktop\mbam.txt
2014-05-14 15:52 - 2014-05-14 15:44 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-14 15:43 - 2014-05-14 15:43 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-14 15:43 - 2014-05-14 15:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-14 15:43 - 2014-05-14 15:43 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-14 15:41 - 2014-05-14 15:40 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Montana\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-13 12:06 - 2014-05-13 12:06 - 00015913 _____ () C:\Users\Montana\Desktop\ComboFix.txt
2014-05-13 12:06 - 2014-05-13 12:00 - 00000000 ____D () C:\Windows\erdnt
2014-05-13 12:06 - 2014-05-13 12:00 - 00000000 ____D () C:\Qoobox
2014-05-13 12:06 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-05-13 12:05 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-13 11:58 - 2014-05-13 11:58 - 05200050 ____R (Swearware) C:\Users\Montana\Downloads\ComboFix.exe
2014-05-13 11:46 - 2014-05-13 11:46 - 00001268 _____ () C:\Users\Montana\Desktop\Revo Uninstaller.lnk
2014-05-13 11:46 - 2014-05-13 11:46 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-13 11:45 - 2014-05-13 11:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Montana\Downloads\revosetup95.exe
2014-05-13 00:38 - 2013-08-19 11:39 - 00000042 _____ () C:\Users\Montana\AppData\Roaming\WB.CFG
2014-05-12 23:36 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-11 20:11 - 2014-05-11 20:11 - 00000476 _____ () C:\Users\Montana\Downloads\defogger_disable.log
2014-05-11 19:30 - 2014-05-11 19:30 - 00053447 _____ () C:\Users\Montana\Desktop\Gmer.txt
2014-05-11 19:22 - 2013-08-21 16:23 - 00000000 ____D () C:\Users\Montana\AppData\Local\CrashDumps
2014-05-11 19:13 - 2014-04-28 10:36 - 02066432 _____ (Farbar) C:\Users\Montana\Desktop\FRST64.exe
2014-05-11 19:12 - 2014-05-11 19:12 - 00000476 _____ () C:\Users\Montana\Desktop\defogger_disable.log
2014-05-07 22:50 - 2013-08-17 18:49 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-07 22:50 - 2013-08-17 18:49 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 22:31 - 2014-05-06 22:31 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-03 20:30 - 2013-08-21 16:23 - 00000000 ____D () C:\Users\Montana\AppData\Roaming\vlc
2014-05-03 20:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-30 13:16 - 2014-04-30 13:16 - 00001083 _____ () C:\Users\Montana\Desktop\Minecraft.lnk
2014-04-30 13:15 - 2014-04-30 13:15 - 00675988 _____ () C:\Users\Montana\Downloads\Minecraft.exe
2014-04-30 13:15 - 2013-08-17 19:09 - 00000000 ____D () C:\Users\Montana\AppData\Roaming\.minecraft
2014-04-29 23:52 - 2014-03-18 02:45 - 00000000 ____D () C:\Users\Montana\AppData\Roaming\Skype
2014-04-29 16:01 - 2014-05-04 02:02 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 15:40 - 2014-05-04 02:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 14:48 - 2014-05-04 02:02 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 14:34 - 2014-05-04 02:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-28 10:45 - 2014-04-28 10:45 - 00034458 _____ () C:\Users\Montana\Desktop\Addition.txt
2014-04-28 10:40 - 2014-04-28 10:40 - 00000000 _____ () C:\Users\Montana\defogger_reenable
2014-04-28 10:40 - 2013-08-17 18:40 - 00000000 ____D () C:\Users\Montana
2014-04-28 10:37 - 2014-04-28 10:37 - 00380416 _____ () C:\Users\Montana\Desktop\Gmer-19357.exe
2014-04-28 10:32 - 2014-04-28 10:32 - 00050477 _____ () C:\Users\Montana\Desktop\Defogger.exe
2014-04-28 00:18 - 2014-04-05 21:06 - 00000000 ____D () C:\Users\Montana\AppData\Local\Battle.net
2014-04-24 14:07 - 2013-09-04 19:07 - 00000000 ____D () C:\Users\Montana\AppData\Local\Akamai
2014-04-16 20:38 - 2014-04-05 21:16 - 00000000 ____D () C:\Users\Montana\AppData\Roaming\TS3Client
2014-04-15 13:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-14 04:24 - 2014-05-06 15:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-05-06 15:24 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

Some content of TEMP:
====================
C:\Users\Montana\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-03 20:12

==================== End Of Log ============================
--- --- ---
Alt 15.05.2014, 10:07   #9
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7: Werbebanner und Videos auf Internetseiten; teilweise Weiterleitung auf andere Seiten - Standard

Windows 7: Werbebanner und Videos auf Internetseiten; teilweise Weiterleitung auf andere Seiten



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.05.2014, 12:18   #10
Montana_72
 
Windows 7: Werbebanner und Videos auf Internetseiten; teilweise Weiterleitung auf andere Seiten - Standard

Windows 7: Werbebanner und Videos auf Internetseiten; teilweise Weiterleitung auf andere Seiten


Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=326dad167b4aeb42b23c682afe7ccbdc
# engine=18285
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-16 10:37:09
# local_time=2014-05-16 12:37:09 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 160052 151866479 0 0
# scanned=184828
# found=0
# cleaned=0
# scan_time=1754
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.82  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Kaspersky Anti-Virus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 51  
 Java version out of Date! 
 Google Chrome 18.0.1025.142  
 Google Chrome 33.0.1750.154  
````````Process Check: objlist.exe by Laurent````````  
 Kaspersky Lab Kaspersky Internet Security 14.0.0 avpui.exe  
 Kaspersky Lab Kaspersky Internet Security 14.0.0 plugin-nm-server.exe  
 Kaspersky Lab Kaspersky Internet Security 14.0.0 klwtblfs.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014
Ran by Montana (administrator) on MONTANA-PC on 16-05-2014 13:03:02
Running from C:\Users\Montana\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
() C:\monitor.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Akamai Technologies, Inc.) C:\Users\Montana\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Aeria Games & Entertainment) C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
(Akamai Technologies, Inc.) C:\Users\Montana\AppData\Local\Akamai\netsession_win.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2013-05-27] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\MBCfg64.dll [34432 2013-04-23] (Creative Technology Ltd.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8294680 2014-02-28] (Logitech Inc.)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2012-11-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2255184 2013-05-15] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-3951798952-3253315376-1183451035-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Montana\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3951798952-3253315376-1183451035-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-09-25]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-09-25]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-09-25]
FF HKCU\...\Firefox\Extensions: [{4340308e-3e37-4dd7-9192-8cf05ce9c9f2}] - C:\Program Files (x86)\LyriXeeker\130.xpi
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (Intel00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Extension: (Kaspersky Protection) - C:\Users\Montana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-03-31]
CHR Extension: (YouTube) - C:\Users\Montana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-17]
CHR Extension: (Google-Suche) - C:\Users\Montana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-17]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Montana\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-09-25]
CHR Extension: (Google Wallet) - C:\Users\Montana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-31]
CHR Extension: (Google Mail) - C:\Users\Montana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-17]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-04-05]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-04-05]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-08-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-02] (Kaspersky Lab ZAO)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [180200 2013-02-13] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-17] (Intel Corporation)
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [29728 2013-05-28] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [278336 2011-09-19] (NVIDIA)
S2 ProtectMonitor; C:\monitorsvc.exe [34244 2014-02-13] ()
S3 PCProtect; C:\Program Files (x86)\Web Protect\PCProtect.exe [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21048 2013-02-13] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21048 2013-02-13] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-02-13] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-07] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-30] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-30] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-02] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-19] (Kaspersky Lab ZAO)
R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-05-16] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-16 13:02 - 2014-05-16 13:02 - 00000000 ____D () C:\Users\Montana\Desktop\FRST-OlderVersion
2014-05-16 12:06 - 2014-05-16 12:06 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-16 12:04 - 2014-05-16 12:04 - 00855379 _____ () C:\Users\Montana\Downloads\SecurityCheck.exe
2014-05-16 12:04 - 2014-05-16 12:04 - 00855379 _____ () C:\Users\Montana\Desktop\SecurityCheck.exe
2014-05-16 12:03 - 2014-05-16 12:03 - 02347384 _____ (ESET) C:\Users\Montana\Downloads\esetsmartinstaller_deu.exe
2014-05-16 12:03 - 2014-05-16 12:03 - 02347384 _____ (ESET) C:\Users\Montana\Desktop\esetsmartinstaller_deu.exe
2014-05-14 19:19 - 2014-05-16 11:49 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-05-14 16:51 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 16:51 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 16:51 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 16:51 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 16:51 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 16:51 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 16:11 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 16:11 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 16:11 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 16:11 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 16:11 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 16:11 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 16:11 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 16:11 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 16:11 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 16:11 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 16:11 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 16:11 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 16:11 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 16:11 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 16:11 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 16:11 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 16:11 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 16:11 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 16:11 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 16:11 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 16:11 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 16:11 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 16:11 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 16:11 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 16:11 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 16:11 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 16:11 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 16:11 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 16:11 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 16:11 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 16:11 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 16:11 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 16:11 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 16:11 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 16:11 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 16:11 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 16:11 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 16:11 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 16:11 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 16:11 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 16:11 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 16:11 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 16:11 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 16:11 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 16:11 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 16:06 - 2014-05-14 16:06 - 00001110 _____ () C:\Users\Montana\Desktop\JRT.txt
2014-05-14 16:03 - 2014-05-14 16:03 - 00000000 ____D () C:\Windows\ERUNT
2014-05-14 16:01 - 2014-05-14 16:01 - 01016261 _____ (Thisisu) C:\Users\Montana\Desktop\JRT.exe
2014-05-14 16:00 - 2014-05-14 16:00 - 00006602 _____ () C:\Users\Montana\Desktop\AdwCleaner[S0].txt
2014-05-14 15:55 - 2014-05-14 15:58 - 00000000 ____D () C:\AdwCleaner
2014-05-14 15:55 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-14 15:53 - 2014-05-14 15:53 - 01325827 _____ () C:\Users\Montana\Downloads\adwcleaner.exe
2014-05-14 15:52 - 2014-05-14 15:52 - 00047572 _____ () C:\Users\Montana\Desktop\mbam.txt
2014-05-14 15:44 - 2014-05-14 15:52 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-14 15:43 - 2014-05-14 15:43 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-14 15:43 - 2014-05-14 15:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-14 15:43 - 2014-05-14 15:43 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-14 15:43 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-14 15:43 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-14 15:43 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-14 15:40 - 2014-05-14 15:41 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Montana\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-13 12:06 - 2014-05-13 12:06 - 00015913 _____ () C:\Users\Montana\Desktop\ComboFix.txt
2014-05-13 12:02 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-13 12:02 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-13 12:02 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-13 12:02 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-13 12:02 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-13 12:02 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-13 12:02 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-13 12:02 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-13 12:00 - 2014-05-13 12:06 - 00000000 ____D () C:\Windows\erdnt
2014-05-13 12:00 - 2014-05-13 12:06 - 00000000 ____D () C:\Qoobox
2014-05-13 11:58 - 2014-05-13 11:58 - 05200050 ____R (Swearware) C:\Users\Montana\Downloads\ComboFix.exe
2014-05-13 11:46 - 2014-05-13 11:46 - 00001268 _____ () C:\Users\Montana\Desktop\Revo Uninstaller.lnk
2014-05-13 11:46 - 2014-05-13 11:46 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-13 11:44 - 2014-05-13 11:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Montana\Downloads\revosetup95.exe
2014-05-11 20:11 - 2014-05-11 20:11 - 00000476 _____ () C:\Users\Montana\Downloads\defogger_disable.log
2014-05-11 19:30 - 2014-05-11 19:30 - 00053447 _____ () C:\Users\Montana\Desktop\Gmer.txt
2014-05-11 19:14 - 2014-05-16 13:03 - 00017381 _____ () C:\Users\Montana\Desktop\FRST.txt
2014-05-11 19:12 - 2014-05-11 19:12 - 00000476 _____ () C:\Users\Montana\Desktop\defogger_disable.log
2014-05-06 22:31 - 2014-05-14 19:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-30 13:16 - 2014-04-30 13:16 - 00001083 _____ () C:\Users\Montana\Desktop\Minecraft.lnk
2014-04-30 13:15 - 2014-04-30 13:15 - 00675988 _____ () C:\Users\Montana\Downloads\Minecraft.exe
2014-04-28 10:45 - 2014-04-28 10:45 - 00034458 _____ () C:\Users\Montana\Desktop\Addition.txt
2014-04-28 10:44 - 2014-05-16 13:03 - 00000000 ____D () C:\FRST
2014-04-28 10:40 - 2014-04-28 10:40 - 00000000 _____ () C:\Users\Montana\defogger_reenable
2014-04-28 10:37 - 2014-04-28 10:37 - 00380416 _____ () C:\Users\Montana\Desktop\Gmer-19357.exe
2014-04-28 10:36 - 2014-05-16 13:02 - 02067456 _____ (Farbar) C:\Users\Montana\Desktop\FRST64.exe
2014-04-28 10:32 - 2014-04-28 10:32 - 00050477 _____ () C:\Users\Montana\Desktop\Defogger.exe

==================== One Month Modified Files and Folders =======

2014-05-16 13:03 - 2014-05-11 19:14 - 00017381 _____ () C:\Users\Montana\Desktop\FRST.txt
2014-05-16 13:03 - 2014-04-28 10:44 - 00000000 ____D () C:\FRST
2014-05-16 13:02 - 2014-05-16 13:02 - 00000000 ____D () C:\Users\Montana\Desktop\FRST-OlderVersion
2014-05-16 13:02 - 2014-04-28 10:36 - 02067456 _____ (Farbar) C:\Users\Montana\Desktop\FRST64.exe
2014-05-16 12:55 - 2013-08-17 18:49 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-16 12:37 - 2013-08-17 18:40 - 01590484 _____ () C:\Windows\WindowsUpdate.log
2014-05-16 12:06 - 2014-05-16 12:06 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-16 12:05 - 2013-09-25 12:08 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-05-16 12:04 - 2014-05-16 12:04 - 00855379 _____ () C:\Users\Montana\Downloads\SecurityCheck.exe
2014-05-16 12:04 - 2014-05-16 12:04 - 00855379 _____ () C:\Users\Montana\Desktop\SecurityCheck.exe
2014-05-16 12:03 - 2014-05-16 12:03 - 02347384 _____ (ESET) C:\Users\Montana\Downloads\esetsmartinstaller_deu.exe
2014-05-16 12:03 - 2014-05-16 12:03 - 02347384 _____ (ESET) C:\Users\Montana\Desktop\esetsmartinstaller_deu.exe
2014-05-16 12:02 - 2011-04-12 09:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-05-16 12:02 - 2011-04-12 09:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-05-16 12:02 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-16 12:01 - 2009-07-14 06:51 - 00062857 _____ () C:\Windows\setupact.log
2014-05-16 11:56 - 2009-07-14 06:45 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-16 11:56 - 2009-07-14 06:45 - 00021856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-16 11:49 - 2014-05-14 19:19 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2014-05-16 11:49 - 2013-09-15 18:51 - 00000000 ____D () C:\Users\Montana\AppData\Local\LogMeIn Hamachi
2014-05-16 11:49 - 2013-08-17 18:55 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-16 11:49 - 2013-08-17 18:52 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys
2014-05-16 11:49 - 2013-08-17 18:49 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-16 11:49 - 2010-11-21 05:47 - 00476026 _____ () C:\Windows\PFRO.log
2014-05-16 11:49 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-15 21:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-14 19:19 - 2013-08-17 18:41 - 00000000 ___RD () C:\Users\Montana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-14 19:19 - 2013-08-17 18:41 - 00000000 ___RD () C:\Users\Montana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 19:18 - 2014-05-06 22:31 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 16:51 - 2013-08-24 15:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 16:50 - 2013-08-17 19:41 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 16:50 - 2013-08-17 19:41 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 16:06 - 2014-05-14 16:06 - 00001110 _____ () C:\Users\Montana\Desktop\JRT.txt
2014-05-14 16:03 - 2014-05-14 16:03 - 00000000 ____D () C:\Windows\ERUNT
2014-05-14 16:01 - 2014-05-14 16:01 - 01016261 _____ (Thisisu) C:\Users\Montana\Desktop\JRT.exe
2014-05-14 16:00 - 2014-05-14 16:00 - 00006602 _____ () C:\Users\Montana\Desktop\AdwCleaner[S0].txt
2014-05-14 15:58 - 2014-05-14 15:55 - 00000000 ____D () C:\AdwCleaner
2014-05-14 15:58 - 2013-08-17 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-14 15:53 - 2014-05-14 15:53 - 01325827 _____ () C:\Users\Montana\Downloads\adwcleaner.exe
2014-05-14 15:52 - 2014-05-14 15:52 - 00047572 _____ () C:\Users\Montana\Desktop\mbam.txt
2014-05-14 15:52 - 2014-05-14 15:44 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-14 15:43 - 2014-05-14 15:43 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-14 15:43 - 2014-05-14 15:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-14 15:43 - 2014-05-14 15:43 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-14 15:41 - 2014-05-14 15:40 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Montana\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-13 12:06 - 2014-05-13 12:06 - 00015913 _____ () C:\Users\Montana\Desktop\ComboFix.txt
2014-05-13 12:06 - 2014-05-13 12:00 - 00000000 ____D () C:\Windows\erdnt
2014-05-13 12:06 - 2014-05-13 12:00 - 00000000 ____D () C:\Qoobox
2014-05-13 12:06 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-05-13 12:05 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-13 11:58 - 2014-05-13 11:58 - 05200050 ____R (Swearware) C:\Users\Montana\Downloads\ComboFix.exe
2014-05-13 11:46 - 2014-05-13 11:46 - 00001268 _____ () C:\Users\Montana\Desktop\Revo Uninstaller.lnk
2014-05-13 11:46 - 2014-05-13 11:46 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-13 11:45 - 2014-05-13 11:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Montana\Downloads\revosetup95.exe
2014-05-13 00:38 - 2013-08-19 11:39 - 00000042 _____ () C:\Users\Montana\AppData\Roaming\WB.CFG
2014-05-12 23:36 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-11 20:11 - 2014-05-11 20:11 - 00000476 _____ () C:\Users\Montana\Downloads\defogger_disable.log
2014-05-11 19:30 - 2014-05-11 19:30 - 00053447 _____ () C:\Users\Montana\Desktop\Gmer.txt
2014-05-11 19:22 - 2013-08-21 16:23 - 00000000 ____D () C:\Users\Montana\AppData\Local\CrashDumps
2014-05-11 19:12 - 2014-05-11 19:12 - 00000476 _____ () C:\Users\Montana\Desktop\defogger_disable.log
2014-05-09 08:14 - 2014-05-14 16:11 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 16:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 22:50 - 2013-08-17 18:49 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-07 22:50 - 2013-08-17 18:49 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 06:40 - 2014-05-14 16:51 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-14 16:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-14 16:51 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-14 16:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-14 16:51 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-14 16:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-03 20:30 - 2013-08-21 16:23 - 00000000 ____D () C:\Users\Montana\AppData\Roaming\vlc
2014-04-30 13:16 - 2014-04-30 13:16 - 00001083 _____ () C:\Users\Montana\Desktop\Minecraft.lnk
2014-04-30 13:15 - 2014-04-30 13:15 - 00675988 _____ () C:\Users\Montana\Downloads\Minecraft.exe
2014-04-30 13:15 - 2013-08-17 19:09 - 00000000 ____D () C:\Users\Montana\AppData\Roaming\.minecraft
2014-04-29 23:52 - 2014-03-18 02:45 - 00000000 ____D () C:\Users\Montana\AppData\Roaming\Skype
2014-04-28 10:45 - 2014-04-28 10:45 - 00034458 _____ () C:\Users\Montana\Desktop\Addition.txt
2014-04-28 10:40 - 2014-04-28 10:40 - 00000000 _____ () C:\Users\Montana\defogger_reenable
2014-04-28 10:40 - 2013-08-17 18:40 - 00000000 ____D () C:\Users\Montana
2014-04-28 10:37 - 2014-04-28 10:37 - 00380416 _____ () C:\Users\Montana\Desktop\Gmer-19357.exe
2014-04-28 10:32 - 2014-04-28 10:32 - 00050477 _____ () C:\Users\Montana\Desktop\Defogger.exe
2014-04-28 00:18 - 2014-04-05 21:06 - 00000000 ____D () C:\Users\Montana\AppData\Local\Battle.net
2014-04-24 14:07 - 2013-09-04 19:07 - 00000000 ____D () C:\Users\Montana\AppData\Local\Akamai
2014-04-16 20:38 - 2014-04-05 21:16 - 00000000 ____D () C:\Users\Montana\AppData\Roaming\TS3Client

Some content of TEMP:
====================
C:\Users\Montana\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-14 16:11] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-14 20:39

==================== End Of Log ============================
--- --- ---


Also ich kann keine Probleme mehr erkennen. Alles wieder wie neu. Vielen Dank nochmal für deine Hilfe. Bin dir was schuldig =)

Alt 17.05.2014, 13:13   #11
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7: Werbebanner und Videos auf Internetseiten; teilweise Weiterleitung auf andere Seiten - Standard

Windows 7: Werbebanner und Videos auf Internetseiten; teilweise Weiterleitung auf andere Seiten


Java updaten.

Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.05.2014, 14:56   #12
Montana_72
 
Windows 7: Werbebanner und Videos auf Internetseiten; teilweise Weiterleitung auf andere Seiten - Standard

Windows 7: Werbebanner und Videos auf Internetseiten; teilweise Weiterleitung auf andere Seiten


Alles erledigt. Der Rechner läuft wie neu. Kann dir nicht genug danken!!!

Alt 18.05.2014, 12:25   #13
schrauber
/// the machine
/// TB-Ausbilder
 
Windows 7: Werbebanner und Videos auf Internetseiten; teilweise Weiterleitung auf andere Seiten - Standard

Windows 7: Werbebanner und Videos auf Internetseiten; teilweise Weiterleitung auf andere Seiten


Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows 7: Werbebanner und Videos auf Internetseiten; teilweise Weiterleitung auf andere Seiten
awesomehp, awesomehp entfernen, java plugin, pup.bprotector, pup.optional.awesomehp.a, pup.optional.babylon.a, pup.optional.bprotector.a, pup.optional.datamngr.a, pup.optional.dealply.a, pup.optional.delta.a, pup.optional.funmoods.a, pup.optional.iepluginservice.a, pup.optional.installcore.a, pup.optional.lyrics.a, pup.optional.mysearchdial.a, pup.optional.opencandy, pup.optional.qone8, pup.optional.quickstart.a, pup.optional.snapdo, pup.optional.snapdo.a, pup.optional.superfish.a, pup.optional.updater, pup.optional.wajam.a, pup.optional.weatheritup.a, windows 7


« Helfer für ESET Online Scanner Logfile | Maleware Sammlung bei Kontrolle der installierten Software unter Windows/Programme entdeckt! »


Ähnliche Themen: Windows 7: Werbebanner und Videos auf Internetseiten; teilweise Weiterleitung auf andere Seiten


  1. Internetseiten laden teilweise unvollständig und andere Probleme
    Netzwerk und Hardware - 06.11.2014 (34)
  2. Windows 7: Weiterleitung auf nicht gewünschte Internetseiten
    Log-Analyse und Auswertung - 05.05.2014 (15)
  3. Ständig Popups und automatische Weiterleitung auf Internetseiten (Windows 7 professional, firefox und ie)
    Plagegeister aller Art und deren Bekämpfung - 22.04.2014 (9)
  4. Google Weiterleitung auf unerwünschte Seiten, Microsoft Security Essentials und Windows Defender funktionieren nicht
    Plagegeister aller Art und deren Bekämpfung - 11.05.2013 (10)
  5. Trojaner und andere Malware gefunden // permanente Werbebanner
    Plagegeister aller Art und deren Bekämpfung - 11.02.2013 (41)
  6. Weiterleitung auf andere Seiten
    Log-Analyse und Auswertung - 24.01.2013 (14)
  7. Ihavenet.com Browser Hijacker- bei Googlesuche öffnen sich andere Seiten (Weiterleitung über Ihavenet.com)
    Log-Analyse und Auswertung - 21.11.2012 (13)
  8. Weiterleitung Rocketnews und andere Seiten
    Plagegeister aller Art und deren Bekämpfung - 21.05.2012 (1)
  9. Suchmaschine: Weiterleitung auf falsche/andere als gewünschte Seiten "rocketnews" (Fehlleitung)
    Log-Analyse und Auswertung - 26.04.2012 (17)
  10. BKA Virus & Weiterleitung auf andere Seiten
    Plagegeister aller Art und deren Bekämpfung - 28.07.2011 (19)
  11. virus infected meldung programme internetseiten gehen nur teilweise bitte hilfe
    Log-Analyse und Auswertung - 10.07.2009 (1)
  12. Internetseiten funktionieren teilweise nicht und viele Viren...
    Log-Analyse und Auswertung - 08.05.2009 (1)
  13. Dringend Hilfe-Weiterleitung auf andere Seiten
    Log-Analyse und Auswertung - 18.04.2009 (3)
  14. Googlesuche - Weiterleitung auf andere Seiten
    Mülltonne - 01.07.2008 (0)
  15. Internetseiten teilweise nur nach mehrfachem Ausruf anzeigbar.
    Alles rund um Windows - 03.03.2008 (9)
  16. Teilweise Weiterleitung Auf Komische Seiten
    Log-Analyse und Auswertung - 07.09.2007 (12)
  17. Internetseiten funktionieren teilweise nicht...
    Log-Analyse und Auswertung - 25.08.2007 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows 7: Werbebanner und Videos auf Internetseiten; teilweise Weiterleitung auf andere Seiten - Hallo, mein Problem ist folgendes: Seit Kurzem (ca.1-2 Wochen) finden sich auf allen Internetseiten, die ich besuche, Werbebanner und Videos, die sich nicht dauerhaft entfernen lassen. Ich kann sie zwar - Windows 7: Werbebanner und Videos auf Internetseiten; teilweise Weiterleitung auf andere Seiten...
Archiv
Du betrachtest: Windows 7: Werbebanner und Videos auf Internetseiten; teilweise Weiterleitung auf andere Seiten auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131