Windows 7: Chrome öffnet sich von selbst und leitet Seiten auf Werbung um
 

Hallo.
Mein Chrome öffnet sich von selbst mit unterschiedlichen Werbeseiten und öffnet auch sonst immer wieder neue Tabs und Fenster, ohne mein zutun. Es kommt auch vor, dass ein Link oder eine neue geöffnete Seite auf Werbung umgeleitet wird. Beim zweiten Versuch öffnet sich die Seite oder der Link dann wieder ganz normal.
An und für sich nervt dies eher jedoch beunruhigt mich das ganze doch. Eine neue Installation von Chrome bringt nichts und auch Adblocker sind wirkungslos. Meine Sicherheitssoftware (Norton) findet allerdings keine Fehler.

Hier sind meine Logs:
_____________________________________________________________________________
Defogger

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:56 on 04/07/2014 (Simone)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
_____________________________________________________________________________

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:03-07-2014
Ran by Simone (administrator) on JAMIE on 04-07-2014 12:08:18
Running from C:\Users\Simone\Desktop
Platform: Microsoft Windows 7 Professional N Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
() C:\Program Files\EZ Software Updater\EZ Software Updater.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.3.0.12\NIS.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
() C:\Users\Simone\AppData\Local\fst_de_55\upfst_de_55.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.3.0.12\NIS.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Program Files\fst_de_55\fst_de_55.exe
() C:\Program Files\fst_de_56\fst_de_56.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
() C:\Users\Simone\AppData\Local\Genesis_06211741\Genesis_06211741.exe
() C:\Program Files\Boost\BoostUpdater.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-15] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe
HKLM\...\Run: [fst_de_55] => C:\Program Files\fst_de_55\fst_de_55.exe [3980784 2014-06-20] ()
HKLM\...\Run: [fst_de_56] => C:\Program Files\fst_de_56\fst_de_56.exe [3979760 2014-06-20] ()
HKLM\...\RunOnce: [upfst_de_55.exe] - C:\Users\Simone\AppData\Local\fst_de_55\upfst_de_55.exe -runonce [3355632 2014-06-20] ()
HKU\S-1-5-21-1871973915-1044618656-3300570338-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564016 2013-07-15] (Samsung)
HKU\S-1-5-21-1871973915-1044618656-3300570338-1000\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-1871973915-1044618656-3300570338-1000\...\Run: [genesis_06211741] => c:\users\simone\appdata\local\genesis_06211741\genesis_06211741.exe [3067904 2014-06-21] ()
HKU\S-1-5-21-1871973915-1044618656-3300570338-1000\...\MountPoints2: {3c3622e5-1c90-11e3-b8b5-806e6f6e6963} - E:\Start.exe
HKU\S-1-5-21-1871973915-1044618656-3300570338-1000\...\MountPoints2: {ff716f4a-1d28-11e3-862a-00235a569b0d} - G:\SETUP.EXE
AppInit_DLLs: C:\PROGRA~1\SupTab\SEARCH~1.DLL => C:\Program Files\SupTab\SearchProtect32.dll [91248 2014-05-08] (Skytech Co., Ltd.)
Startup: C:\Users\Simone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BoostUpdater.lnk
ShortcutTarget: BoostUpdater.lnk -> C:\Program Files\Boost\BoostUpdater.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaJRTF_CeucR4HuqXmFP92t7LXoE4BE6fWlRTO_2hnBTFdwEEcwA8xEAO6D24SsJFUbb_yC0MNW7LTuxsiODP6dhE076fMDjHz6LkhnFasrP9aNn7H_-k_JHA65jxFsB-1hH6FXU1jpP4JjHxHbD6xhv5m6XqcYPQIpRSQzEOZSg4B0,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=B8AA00242B9976EB&affID=119357&tsp=5004
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAA149BC4C0B0CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=B8AA00242B9976EB&affID=121565&tsp=5004
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaJRTF_CeucR4HuqXmFP92t7LXoE4BE6fWlRTO_2hnBTFdwEEcwA8xEAO6D24SsJFUbb_yC0MNW7LTuxsiODP6dhE076fMDjHz6LkhnFasrP9aNn7H_-k_JHA65jxFsB-1hH6FXU1jpP4JjHxHbD6xhv5m6XqcYPQIpRSQzEOZSg4B0,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1403372576&from=tugs&uid=WDCXWD1600BEVT-00ZCT0_WD-WXE208HT0437T0437
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1403372576&from=tugs&uid=WDCXWD1600BEVT-00ZCT0_WD-WXE208HT0437T0437
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1403372576&from=tugs&uid=WDCXWD1600BEVT-00ZCT0_WD-WXE208HT0437T0437&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1403372576&from=tugs&uid=WDCXWD1600BEVT-00ZCT0_WD-WXE208HT0437T0437
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1403372576&from=tugs&uid=WDCXWD1600BEVT-00ZCT0_WD-WXE208HT0437T0437&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1403372576&from=tugs&uid=WDCXWD1600BEVT-00ZCT0_WD-WXE208HT0437T0437
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1403372576&from=tugs&uid=WDCXWD1600BEVT-00ZCT0_WD-WXE208HT0437T0437&q={searchTerms}
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaJRTF_CeucR4HuqXmFP92t7LXoE4BE6fWlRTO_2hnBTFdwEEcwA8xEAO6D24SsJFUbb_yC0MNW7LTuxsiODP6dhE076fMDjHz6LkhnFasrP9aNn7H_-k_JHA65jxFsB-1hH6FXU1jpP4JjHxHbD6xhv5m6XqcYPQIpRSQzEOZSg4Bo,&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1403372576&from=tugs&uid=WDCXWD1600BEVT-00ZCT0_WD-WXE208HT0437T0437&q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1403372576&from=tugs&uid=WDCXWD1600BEVT-00ZCT0_WD-WXE208HT0437T0437&q={searchTerms}
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaJRTF_CeucR4HuqXmFP92t7LXoE4BE6fWlRTO_2hnBTFdwEEcwA8xEAO6D24SsJFUbb_yC0MNW7LTuxsiODP6dhE076fMDjHz6LkhnFasrP9aNn7H_-k_JHA65jxFsB-1hH6FXU1jpP4JjHxHbD6xhv5m6XqcYPQIpRSQzEOZSg4B0,&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1403372576&from=tugs&uid=WDCXWD1600BEVT-00ZCT0_WD-WXE208HT0437T0437&q={searchTerms}
BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Boost - {8DE6FC60-E023-4AD7-A3B7-591E1460E7F7} - C:\Program Files\Boost\Boost.dll (Jigsaw)
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\igi1igxm.default
FF Homepage: user_pref("browser.startup.homepage", );
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\igi1igxm.default\user.js
FF SearchPlugin: C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\igi1igxm.default\searchplugins\amazon.xml
FF Extension: Amazon Browser Bar - C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\igi1igxm.default\Extensions\abb@amazon.com [2013-09-14]
FF Extension: Boost - C:\Users\Simone\AppData\Roaming\Mozilla\Firefox\Profiles\igi1igxm.default\Extensions\boost@boost.net.xpi [2014-05-31]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn [2014-07-03]
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2013-09-13]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF [2014-06-07]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2013-09-13]

Chrome:
=======
CHR StartupUrls: "https://www.google.com/"
CHR Extension: (Google Docs) - C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-01]
CHR Extension: (Google Drive) - C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-01]
CHR Extension: (YouTube) - C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-01]
CHR Extension: (Adblock Plus) - C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-07-01]
CHR Extension: (Google-Suche) - C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-01]
CHR Extension: (Block site) - C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2014-07-01]
CHR Extension: (JavaScript Popup Blocker) - C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiajdlfgbgnnjakkbnpdhmhfhklkbiol [2014-07-01]
CHR Extension: (Norton Identity Protection) - C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-07-01]
CHR Extension: (Google Wallet) - C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-01]
CHR Extension: (Google Mail) - C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-01]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.3.0.12\Exts\Chrome.crx [2014-06-04]
CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Simone\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-06-04]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-09-13]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 EZ Software Updater; C:\Program Files\EZ Software Updater\EZ Software Updater.exe [202752 2014-05-05] () [File not signed]
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [704112 2014-05-08] (Cherished Technololgy LIMITED)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.3.0.12\NIS.exe [276376 2014-05-11] (Symantec Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1723744 2012-11-29] (TuneUp Software)
S2 ZAPrivacyService; "C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe" [X]

==================== Drivers (Whitelisted) ====================

R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20140606.001\BHDrvx86.sys [1101616 2014-05-10] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1503000.00C\ccSetx86.sys [127064 2014-02-21] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-06-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [109872 2014-06-11] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20140703.001\IDSvix86.sys [395992 2014-06-06] (Symantec Corporation)
R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20140703.034\NAVENG.SYS [93272 2014-06-25] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20140703.034\NAVEX15.SYS [1612376 2014-06-25] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\NIS\1503000.00C\SRTSP.SYS [664280 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1503000.00C\SRTSPX.SYS [32344 2013-10-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1503000.00C\SYMDS.SYS [367704 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1503000.00C\SYMEFA.SYS [936152 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-06-04] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1503000.00C\Ironx86.SYS [206936 2013-10-30] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NIS\1503000.00C\SYMNETS.SYS [447704 2014-02-18] (Symantec Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-11-16] (TuneUp Software)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-04 12:07 - 2014-07-04 12:07 - 00016935 _____ () C:\Users\Simone\Desktop\Addition.txt
2014-07-04 12:06 - 2014-07-04 12:08 - 00016909 _____ () C:\Users\Simone\Desktop\FRST.txt
2014-07-04 12:06 - 2014-07-04 12:08 - 00000000 ____D () C:\FRST
2014-07-04 11:56 - 2014-07-04 11:56 - 00000474 _____ () C:\Users\Simone\Desktop\defogger_disable.log
2014-07-04 11:56 - 2014-07-04 11:56 - 00000000 _____ () C:\Users\Simone\defogger_reenable
2014-07-04 11:34 - 2014-07-04 11:35 - 00380416 _____ () C:\Users\Simone\Desktop\69qtyzo7.exe
2014-07-04 11:34 - 2014-07-04 11:34 - 01073664 _____ (Farbar) C:\Users\Simone\Desktop\FRST.exe
2014-07-04 11:33 - 2014-07-04 11:33 - 00050477 _____ () C:\Users\Simone\Desktop\Defogger.exe
2014-07-01 11:00 - 2014-07-04 11:30 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-01 11:00 - 2014-07-04 11:30 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-01 11:00 - 2014-07-01 11:00 - 00002197 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-01 11:00 - 2014-07-01 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-01 10:50 - 2014-07-01 10:50 - 00000000 __SHD () C:\Users\Simone\AppData\Local\EmieUserList
2014-07-01 10:50 - 2014-07-01 10:50 - 00000000 __SHD () C:\Users\Simone\AppData\Local\EmieSiteList
2014-07-01 10:45 - 2014-07-01 10:46 - 40514640 _____ (Google Inc.) C:\Users\Simone\Desktop\ChromeStandaloneSetup_35.0.1916.153.exe
2014-06-29 16:15 - 2014-06-29 16:15 - 01509720 _____ () C:\Windows\Minidump\062914-28938-01.dmp
2014-06-25 14:40 - 2014-06-25 14:40 - 00227104 _____ (Premium Installer ) C:\Users\Simone\Downloads\Player-Chrome.exe
2014-06-24 20:20 - 2014-06-24 20:20 - 00228216 _____ (Fusion Install ) C:\Users\Simone\Downloads\Drivers_Setup.exe
2014-06-22 20:32 - 2014-06-22 20:32 - 00000000 ____D () C:\Users\Simone\Documents\Jojos Fashion Show 2
2014-06-22 20:32 - 2014-06-22 20:32 - 00000000 ____D () C:\Users\Simone\AppData\Roaming\Gamelab
2014-06-22 20:31 - 2014-07-01 10:57 - 00000000 ____D () C:\Program Files\Jojo's Fashion Show 2
2014-06-22 20:30 - 2014-06-22 21:32 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-22 20:29 - 2014-07-01 10:54 - 00000000 ____D () C:\ProgramData\Big Fish
2014-06-22 20:28 - 2014-06-22 20:30 - 00000000 ____D () C:\Users\Simone\AppData\Local\Big Fish
2014-06-22 10:54 - 2014-06-22 10:54 - 00000000 ____D () C:\Program Files\SearchProtect
2014-06-21 20:25 - 2014-06-21 20:25 - 00000000 ____D () C:\ProgramData\2308189059
2014-06-21 20:10 - 2014-06-21 20:10 - 00000000 ____D () C:\Users\Simone\AppData\Local\fst_de_56
2014-06-21 20:10 - 2014-06-21 20:10 - 00000000 ____D () C:\Program Files\fst_de_56
2014-06-21 20:03 - 2014-06-21 20:03 - 00000000 ____D () C:\IePluginServices
2014-06-21 20:01 - 2014-06-18 11:44 - 00608179 _____ (Click Me In Limited) C:\Users\Simone\AppData\Local\AnyProtectScannerSetup.exe
2014-06-21 20:00 - 2014-06-21 20:01 - 00000000 ____D () C:\Program Files\AnyProtectEx
2014-06-21 19:59 - 2014-06-21 19:59 - 00000000 ____D () C:\Users\Simone\AppData\Local\PennyBee
2014-06-21 19:58 - 2014-06-21 20:53 - 00000000 ____D () C:\Program Files\PC Speed Maximizer
2014-06-21 19:58 - 2014-06-21 20:13 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-06-21 19:58 - 2014-06-21 19:59 - 00000000 ____D () C:\ProgramData\WindowsProtectManger
2014-06-21 19:58 - 2014-06-21 19:58 - 00000000 ____D () C:\Users\Simone\AppData\Roaming\SupTab
2014-06-21 19:58 - 2014-06-21 19:58 - 00000000 ____D () C:\Program Files\SupTab
2014-06-21 19:49 - 2014-06-22 10:13 - 00000000 ____D () C:\Program Files\globalUpdate
2014-06-21 19:49 - 2014-06-21 19:49 - 00000000 ____D () C:\Users\Simone\AppData\Local\globalUpdate
2014-06-21 19:45 - 2014-06-21 19:45 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-06-21 19:42 - 2014-07-03 22:11 - 00000000 ____D () C:\Users\Simone\AppData\Local\fst_de_55
2014-06-21 19:42 - 2014-06-21 20:45 - 00000444 __RSH () C:\ProgramData\ntuser.pol
2014-06-21 19:42 - 2014-06-21 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FREE_SOFT_TODAY
2014-06-21 19:42 - 2014-06-21 19:42 - 00000000 ____D () C:\Program Files\fst_de_55
2014-06-21 19:41 - 2014-07-04 11:57 - 00000000 ____D () C:\Users\Simone\AppData\Local\Genesis_06211741
2014-06-21 19:40 - 2014-06-22 10:54 - 00000000 ____D () C:\Users\Simone\AppData\Local\SearchProtect
2014-06-21 19:38 - 2014-06-21 19:38 - 01392632 _____ () C:\Users\Simone\Downloads\Setup (1).exe
2014-06-21 19:37 - 2014-06-21 19:37 - 34516480 _____ (DVDVideoSoft Ltd. ) C:\Users\Simone\Downloads\FreeYouTubeToMP3Converter (2).exe
2014-06-21 19:37 - 2014-06-21 19:37 - 00000000 ____D () C:\Users\Simone\AppData\Local\cache
2014-06-21 19:37 - 2014-06-21 19:37 - 00000000 ____D () C:\Users\Simone\.android
2014-06-21 19:37 - 2014-06-21 19:37 - 00000000 _____ () C:\Users\Simone\daemonprocess.txt
2014-06-21 19:36 - 2014-06-21 20:55 - 00000000 ____D () C:\Users\Simone\AppData\Local\Mobogenie
2014-06-21 19:36 - 2014-06-21 19:37 - 34516480 _____ (DVDVideoSoft Ltd. ) C:\Users\Simone\Downloads\FreeYouTubeToMP3Converter (1).exe
2014-06-21 19:36 - 2014-06-21 19:36 - 00000000 ____D () C:\Users\Simone\Documents\Mobogenie
2014-06-21 19:32 - 2014-06-21 20:57 - 00000000 ____D () C:\Program Files\Boost
2014-06-21 19:30 - 2014-06-21 20:14 - 00000000 ____D () C:\Program Files\BooZaka
2014-06-21 19:28 - 2014-06-21 20:50 - 00002256 _____ () C:\Users\Simone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-06-21 19:27 - 2014-06-21 19:27 - 00000000 ____D () C:\Program Files\EZ Software Updater
2014-06-21 19:26 - 2014-06-21 19:26 - 00000000 _____ () C:\LIL4AA6.tmp
2014-06-21 19:26 - 2014-06-21 19:26 - 00000000 _____ () C:\LIL499D.tmp
2014-06-21 19:26 - 2014-06-21 19:26 - 00000000 _____ () C:\LIL498D.tmp
2014-06-21 19:26 - 2014-06-21 19:26 - 00000000 _____ () C:\LIL497E.tmp
2014-06-21 19:26 - 2014-06-21 19:26 - 00000000 _____ () C:\LIL4865.tmp
2014-06-21 19:26 - 2014-06-21 19:26 - 00000000 _____ () C:\LIL46CF.tmp
2014-06-21 19:26 - 2014-06-21 19:26 - 00000000 _____ () C:\LIL4614.tmp
2014-06-21 19:24 - 2014-06-21 19:24 - 34516480 _____ (DVDVideoSoft Ltd. ) C:\Users\Simone\Downloads\FreeYouTubeToMP3Converter.exe
2014-06-19 18:12 - 2014-06-19 18:12 - 01508320 _____ () C:\Windows\Minidump\061914-34351-01.dmp
2014-06-17 21:01 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-17 21:01 - 2014-05-30 11:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-17 21:01 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-17 21:01 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-17 21:01 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-17 21:01 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-17 21:01 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-17 21:01 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-17 21:01 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-17 21:01 - 2014-05-30 10:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-17 21:01 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-17 21:01 - 2014-05-30 10:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-17 21:01 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-17 21:01 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-17 21:01 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-17 21:01 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-17 21:01 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-17 21:01 - 2014-05-30 09:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-17 21:01 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-17 21:01 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-17 21:01 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-17 21:01 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-17 21:01 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-17 21:01 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-17 21:01 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-17 21:00 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-17 21:00 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-17 21:00 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-17 20:50 - 2014-06-08 10:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-17 20:50 - 2014-06-08 10:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-17 20:50 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-17 20:50 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-17 20:50 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-17 20:50 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-17 20:50 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-17 20:50 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-16 19:34 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 12:07 - 2014-07-04 11:30 - 00000000 ____D () C:\Users\Simone\AppData\Local\CrashDumps
2014-06-07 16:06 - 2014-06-07 16:06 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security

==================== One Month Modified Files and Folders =======

2014-07-04 12:08 - 2014-07-04 12:06 - 00016909 _____ () C:\Users\Simone\Desktop\FRST.txt
2014-07-04 12:08 - 2014-07-04 12:06 - 00000000 ____D () C:\FRST
2014-07-04 12:07 - 2014-07-04 12:07 - 00016935 _____ () C:\Users\Simone\Desktop\Addition.txt
2014-07-04 11:57 - 2014-06-21 19:41 - 00000000 ____D () C:\Users\Simone\AppData\Local\Genesis_06211741
2014-07-04 11:56 - 2014-07-04 11:56 - 00000474 _____ () C:\Users\Simone\Desktop\defogger_disable.log
2014-07-04 11:56 - 2014-07-04 11:56 - 00000000 _____ () C:\Users\Simone\defogger_reenable
2014-07-04 11:56 - 2013-09-13 18:50 - 00000000 ____D () C:\Users\Simone
2014-07-04 11:35 - 2014-07-04 11:34 - 00380416 _____ () C:\Users\Simone\Desktop\69qtyzo7.exe
2014-07-04 11:34 - 2014-07-04 11:34 - 01073664 _____ (Farbar) C:\Users\Simone\Desktop\FRST.exe
2014-07-04 11:33 - 2014-07-04 11:33 - 00050477 _____ () C:\Users\Simone\Desktop\Defogger.exe
2014-07-04 11:30 - 2014-07-01 11:00 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-04 11:30 - 2014-07-01 11:00 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-04 11:30 - 2014-06-11 12:07 - 00000000 ____D () C:\Users\Simone\AppData\Local\CrashDumps
2014-07-04 11:30 - 2013-09-13 22:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-04 11:30 - 2013-09-13 18:23 - 01095458 _____ () C:\Windows\WindowsUpdate.log
2014-07-03 22:15 - 2009-07-14 06:02 - 00020144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-03 22:15 - 2009-07-14 06:02 - 00020144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-03 22:11 - 2014-06-21 19:42 - 00000000 ____D () C:\Users\Simone\AppData\Local\fst_de_55
2014-07-03 22:07 - 2009-07-14 06:17 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-03 22:07 - 2009-07-14 06:07 - 00036918 _____ () C:\Windows\setupact.log
2014-07-01 12:15 - 2010-11-20 23:49 - 00100240 _____ () C:\Windows\PFRO.log
2014-07-01 11:00 - 2014-07-01 11:00 - 00002197 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-01 11:00 - 2014-07-01 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-01 11:00 - 2014-02-08 10:31 - 00000000 ____D () C:\Program Files\Google
2014-07-01 10:57 - 2014-06-22 20:31 - 00000000 ____D () C:\Program Files\Jojo's Fashion Show 2
2014-07-01 10:57 - 2009-07-14 06:51 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-01 10:54 - 2014-06-22 20:29 - 00000000 ____D () C:\ProgramData\Big Fish
2014-07-01 10:50 - 2014-07-01 10:50 - 00000000 __SHD () C:\Users\Simone\AppData\Local\EmieUserList
2014-07-01 10:50 - 2014-07-01 10:50 - 00000000 __SHD () C:\Users\Simone\AppData\Local\EmieSiteList
2014-07-01 10:46 - 2014-07-01 10:45 - 40514640 _____ (Google Inc.) C:\Users\Simone\Desktop\ChromeStandaloneSetup_35.0.1916.153.exe
2014-06-29 16:15 - 2014-06-29 16:15 - 01509720 _____ () C:\Windows\Minidump\062914-28938-01.dmp
2014-06-29 16:15 - 2014-02-20 17:39 - 00000000 ____D () C:\Windows\Minidump
2014-06-29 16:14 - 2014-02-20 17:39 - 269455862 _____ () C:\Windows\MEMORY.DMP
2014-06-25 22:01 - 2013-09-14 11:31 - 00000000 ____D () C:\Users\Simone\AppData\Roaming\Spider Player
2014-06-25 14:40 - 2014-06-25 14:40 - 00227104 _____ (Premium Installer ) C:\Users\Simone\Downloads\Player-Chrome.exe
2014-06-24 20:20 - 2014-06-24 20:20 - 00228216 _____ (Fusion Install ) C:\Users\Simone\Downloads\Drivers_Setup.exe
2014-06-22 21:32 - 2014-06-22 20:30 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-22 20:32 - 2014-06-22 20:32 - 00000000 ____D () C:\Users\Simone\Documents\Jojos Fashion Show 2
2014-06-22 20:32 - 2014-06-22 20:32 - 00000000 ____D () C:\Users\Simone\AppData\Roaming\Gamelab
2014-06-22 20:30 - 2014-06-22 20:28 - 00000000 ____D () C:\Users\Simone\AppData\Local\Big Fish
2014-06-22 10:54 - 2014-06-22 10:54 - 00000000 ____D () C:\Program Files\SearchProtect
2014-06-22 10:54 - 2014-06-21 19:40 - 00000000 ____D () C:\Users\Simone\AppData\Local\SearchProtect
2014-06-22 10:13 - 2014-06-21 19:49 - 00000000 ____D () C:\Program Files\globalUpdate
2014-06-21 20:57 - 2014-06-21 19:32 - 00000000 ____D () C:\Program Files\Boost
2014-06-21 20:55 - 2014-06-21 19:36 - 00000000 ____D () C:\Users\Simone\AppData\Local\Mobogenie
2014-06-21 20:53 - 2014-06-21 19:58 - 00000000 ____D () C:\Program Files\PC Speed Maximizer
2014-06-21 20:50 - 2014-06-21 19:28 - 00002256 _____ () C:\Users\Simone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-06-21 20:50 - 2013-09-13 18:50 - 00001413 _____ () C:\Users\Simone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-21 20:45 - 2014-06-21 19:42 - 00000444 __RSH () C:\ProgramData\ntuser.pol
2014-06-21 20:25 - 2014-06-21 20:25 - 00000000 ____D () C:\ProgramData\2308189059
2014-06-21 20:22 - 2010-11-20 23:03 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-21 20:14 - 2014-06-21 19:30 - 00000000 ____D () C:\Program Files\BooZaka
2014-06-21 20:13 - 2014-06-21 19:58 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-06-21 20:10 - 2014-06-21 20:10 - 00000000 ____D () C:\Users\Simone\AppData\Local\fst_de_56
2014-06-21 20:10 - 2014-06-21 20:10 - 00000000 ____D () C:\Program Files\fst_de_56
2014-06-21 20:10 - 2014-06-21 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FREE_SOFT_TODAY
2014-06-21 20:03 - 2014-06-21 20:03 - 00000000 ____D () C:\IePluginServices
2014-06-21 20:01 - 2014-06-21 20:00 - 00000000 ____D () C:\Program Files\AnyProtectEx
2014-06-21 19:59 - 2014-06-21 19:59 - 00000000 ____D () C:\Users\Simone\AppData\Local\PennyBee
2014-06-21 19:59 - 2014-06-21 19:58 - 00000000 ____D () C:\ProgramData\WindowsProtectManger
2014-06-21 19:58 - 2014-06-21 19:58 - 00000000 ____D () C:\Users\Simone\AppData\Roaming\SupTab
2014-06-21 19:58 - 2014-06-21 19:58 - 00000000 ____D () C:\Program Files\SupTab
2014-06-21 19:58 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-06-21 19:49 - 2014-06-21 19:49 - 00000000 ____D () C:\Users\Simone\AppData\Local\globalUpdate
2014-06-21 19:45 - 2014-06-21 19:45 - 00000000 ____D () C:\ProgramData\CheckPoint
2014-06-21 19:43 - 2013-09-13 23:02 - 00002276 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-06-21 19:43 - 2013-09-13 23:02 - 00000000 ____D () C:\Users\Simone\AppData\Roaming\DVDVideoSoft
2014-06-21 19:43 - 2013-09-13 23:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-06-21 19:43 - 2013-09-13 23:02 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-06-21 19:42 - 2014-06-21 19:42 - 00000000 ____D () C:\Program Files\fst_de_55
2014-06-21 19:42 - 2009-07-14 04:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-21 19:41 - 2013-09-13 23:02 - 00000000 ____D () C:\Users\Simone\AppData\Roaming\OpenCandy
2014-06-21 19:41 - 2013-09-13 23:02 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-06-21 19:40 - 2013-04-01 13:43 - 00000000 _____ () C:\END
2014-06-21 19:38 - 2014-06-21 19:38 - 01392632 _____ () C:\Users\Simone\Downloads\Setup (1).exe
2014-06-21 19:37 - 2014-06-21 19:37 - 34516480 _____ (DVDVideoSoft Ltd. ) C:\Users\Simone\Downloads\FreeYouTubeToMP3Converter (2).exe
2014-06-21 19:37 - 2014-06-21 19:37 - 00000000 ____D () C:\Users\Simone\AppData\Local\cache
2014-06-21 19:37 - 2014-06-21 19:37 - 00000000 ____D () C:\Users\Simone\.android
2014-06-21 19:37 - 2014-06-21 19:37 - 00000000 _____ () C:\Users\Simone\daemonprocess.txt
2014-06-21 19:37 - 2014-06-21 19:36 - 34516480 _____ (DVDVideoSoft Ltd. ) C:\Users\Simone\Downloads\FreeYouTubeToMP3Converter (1).exe
2014-06-21 19:36 - 2014-06-21 19:36 - 00000000 ____D () C:\Users\Simone\Documents\Mobogenie
2014-06-21 19:27 - 2014-06-21 19:27 - 00000000 ____D () C:\Program Files\EZ Software Updater
2014-06-21 19:26 - 2014-06-21 19:26 - 00000000 _____ () C:\LIL4AA6.tmp
2014-06-21 19:26 - 2014-06-21 19:26 - 00000000 _____ () C:\LIL499D.tmp
2014-06-21 19:26 - 2014-06-21 19:26 - 00000000 _____ () C:\LIL498D.tmp
2014-06-21 19:26 - 2014-06-21 19:26 - 00000000 _____ () C:\LIL497E.tmp
2014-06-21 19:26 - 2014-06-21 19:26 - 00000000 _____ () C:\LIL4865.tmp
2014-06-21 19:26 - 2014-06-21 19:26 - 00000000 _____ () C:\LIL46CF.tmp
2014-06-21 19:26 - 2014-06-21 19:26 - 00000000 _____ () C:\LIL4614.tmp
2014-06-21 19:24 - 2014-06-21 19:24 - 34516480 _____ (DVDVideoSoft Ltd. ) C:\Users\Simone\Downloads\FreeYouTubeToMP3Converter.exe
2014-06-19 21:36 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-06-19 18:12 - 2014-06-19 18:12 - 01508320 _____ () C:\Windows\Minidump\061914-34351-01.dmp
2014-06-18 11:44 - 2014-06-21 20:01 - 00608179 _____ (Click Me In Limited) C:\Users\Simone\AppData\Local\AnyProtectScannerSetup.exe
2014-06-18 09:38 - 2014-05-15 16:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-17 21:02 - 2013-09-13 22:58 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-08 15:08 - 2013-09-13 19:12 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-06-08 10:48 - 2014-06-17 20:50 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 10:43 - 2014-06-17 20:50 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-07 16:06 - 2014-06-07 16:06 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-06-07 16:06 - 2013-09-13 19:12 - 00002423 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-06-07 16:06 - 2013-09-13 19:11 - 00000000 ____D () C:\Windows\system32\Drivers\NIS
2014-06-07 15:44 - 2013-09-13 19:09 - 00000000 ____D () C:\ProgramData\Norton
2014-06-04 09:33 - 2013-09-13 19:12 - 00142936 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS
2014-06-04 09:33 - 2013-09-13 19:12 - 00008194 _____ () C:\Windows\system32\Drivers\SYMEVENT.CAT
2014-06-04 09:31 - 2013-09-13 19:10 - 00000000 ____D () C:\Program Files\Norton Internet Security
2014-06-04 09:27 - 2013-11-17 22:23 - 00000000 ____D () C:\Users\Public\Downloads\Norton

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.2552.dll


Some content of TEMP:
====================
C:\Users\Simone\AppData\Local\Temp\BackupSetup.exe
C:\Users\Simone\AppData\Local\Temp\dlLogic.exe
C:\Users\Simone\AppData\Local\Temp\dltr.exe
C:\Users\Simone\AppData\Local\Temp\GCVerifier.dll
C:\Users\Simone\AppData\Local\Temp\nsa4889.exe
C:\Users\Simone\AppData\Local\Temp\nsaB1F9.exe
C:\Users\Simone\AppData\Local\Temp\nslAAE7.exe
C:\Users\Simone\AppData\Local\Temp\nsq42CE.exe
C:\Users\Simone\AppData\Local\Temp\ose00000.exe
C:\Users\Simone\AppData\Local\Temp\pennybee.exe
C:\Users\Simone\AppData\Local\Temp\setup_72.exe
C:\Users\Simone\AppData\Local\Temp\uninst1.exe
C:\Users\Simone\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Simone\AppData\Local\Temp\verifier.exe
C:\Users\Simone\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_6745.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-19 21:28

==================== End Of Log ============================
_____________________________________________________________________________
Addition

Additional scan result of Farbar Recovery Scan Tool (x86) Version:03-07-2014
Ran by Simone at 2014-07-04 12:08:47
Running from C:\Users\Simone\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
BitGuard (HKLM\...\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}) (Version: - MediaTechSoft Inc.) <==== ATTENTION
EZ Software Updater version 1.0.0.0 (HKLM\...\EZ Software Updater_is1) (Version: 1.0.0.0 - )
foobar2000 v1.2.9 (HKLM\...\foobar2000) (Version: 1.2.9 - Peter Pawlowski)
Free YouTube to MP3 Converter version 3.12.39.604 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.39.604 - DVDVideoSoft Ltd.)
fst_de_55 (HKLM\...\fst_de_55_is1) (Version: - FREE_SOFT_TODAY) <==== ATTENTION
fst_de_56 (HKLM\...\fst_de_56_is1) (Version: - FREE_SOFT_TODAY) <==== ATTENTION
Genesis (HKCU\...\genesis_06211741) (Version: - ) <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
Norton Internet Security (HKLM\...\NIS) (Version: 21.3.0.12 - Symantec Corporation)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Search Protect (HKLM\...\SearchProtect) (Version: 2.13.3.38 - Client Connect LTD) <==== ATTENTION
Spider Player 2.5.3 (HKLM\...\Spider Player_is1) (Version: 2.5.3.0 - VIT Software, LLC)
TuneUp Utilities 2013 (HKLM\...\TuneUp Utilities 2013) (Version: 13.0.3000.132 - TuneUp Software)
TuneUp Utilities 2013 (Version: 13.0.3000.132 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (Version: 13.0.3000.132 - TuneUp Software) Hidden
ZoneAlarm Security (Version: 13.1.211.000 - Check Point Software Technologies Ltd.) Hidden

==================== Restore Points =========================

21-06-2014 17:41:55 Uniblue SpeedUpMyPC installation
01-07-2014 08:55:34 TuneUp Utilities 2013 wird entfernt

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {2EF67B92-1337-46FF-B2DC-3C8D2E2924B5} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {349FD80F-09E7-4571-8894-73FA57E0823B} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2013\OneClick.exe [2012-11-29] (TuneUp Software)
Task: {3C21495A-14A4-40F5-B678-8C417B76061B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {60334A51-1E0C-4568-B105-FEF1D26B93AF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-01] (Google Inc.)
Task: {8D9435EF-2EB0-4478-9213-45B58CD7B2A2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-01] (Google Inc.)
Task: {B1D4B710-3CCE-4E62-9C39-28E28DABBEEB} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\21.3.0.12\WSCStub.exe [2014-05-11] (Symantec Corporation)
Task: {F6B4177D-04E5-48B7-8EA5-2AB60D107D1E} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-06-21 19:27 - 2014-05-05 11:25 - 00202752 _____ () C:\Program Files\EZ Software Updater\EZ Software Updater.exe
2014-06-21 19:42 - 2014-06-20 16:32 - 03355632 _____ () C:\Users\Simone\AppData\Local\fst_de_55\upfst_de_55.exe
2014-06-21 19:42 - 2014-06-20 16:32 - 03980784 _____ () C:\Program Files\fst_de_55\fst_de_55.exe
2014-06-21 20:10 - 2014-06-20 16:32 - 03979760 _____ () C:\Program Files\fst_de_56\fst_de_56.exe
2013-07-12 14:52 - 2013-07-12 14:52 - 00036352 _____ () C:\Program Files\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll
2013-07-12 14:53 - 2013-07-12 14:53 - 17223680 _____ () C:\Program Files\Samsung\Kies\Theme\Kies.Theme.dll
2013-07-12 14:52 - 2013-07-12 14:52 - 00564736 _____ () C:\Program Files\Samsung\Kies\Common\Kies.UI.dll
2013-06-18 16:36 - 2013-06-18 16:36 - 00023040 _____ () C:\Program Files\Samsung\Kies\MVVM\Kies.MVVM.dll
2013-06-14 19:57 - 2013-06-14 19:57 - 00057856 _____ () C:\Program Files\Samsung\Kies\External\MediaModules\ASF_cSharpAPI.dll
2014-06-21 19:41 - 2014-06-21 19:41 - 03067904 _____ () C:\Users\Simone\AppData\Local\Genesis_06211741\Genesis_06211741.exe
2014-04-21 21:24 - 2014-04-21 21:24 - 00392704 _____ () C:\Program Files\Boost\BoostUpdater.exe
2014-07-01 11:00 - 2014-06-05 15:58 - 00716616 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-07-01 11:00 - 2014-06-05 15:58 - 00126280 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-07-01 11:00 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-07-01 11:00 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-07-01 11:00 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-07-01 11:00 - 2014-06-05 15:58 - 14612296 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:01690B01

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/04/2014 11:30:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OneClick.exe, Version: 13.0.3000.132, Zeitstempel: 0x50b7788d
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea91c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00052ca9
ID des fehlerhaften Prozesses: 0x113c
Startzeit der fehlerhaften Anwendung: 0xOneClick.exe0
Pfad der fehlerhaften Anwendung: OneClick.exe1
Pfad des fehlerhaften Moduls: OneClick.exe2
Berichtskennung: OneClick.exe3

Error: (07/03/2014 10:09:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2014 00:31:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2014 00:17:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2014 04:56:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: rundll32.exe_EZ Software Updater.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc637
Name des fehlerhaften Moduls: EZ Software Updater.dll, Version: 1.0.0.0, Zeitstempel: 0x53674af5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001c9e5
ID des fehlerhaften Prozesses: 0xf14
Startzeit der fehlerhaften Anwendung: 0xrundll32.exe_EZ Software Updater.dll0
Pfad der fehlerhaften Anwendung: rundll32.exe_EZ Software Updater.dll1
Pfad des fehlerhaften Moduls: rundll32.exe_EZ Software Updater.dll2
Berichtskennung: rundll32.exe_EZ Software Updater.dll3

Error: (06/29/2014 04:16:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2014 05:43:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: rundll32.exe_EZ Software Updater.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc637
Name des fehlerhaften Moduls: EZ Software Updater.dll, Version: 1.0.0.0, Zeitstempel: 0x53674af5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001c9e5
ID des fehlerhaften Prozesses: 0x17a0
Startzeit der fehlerhaften Anwendung: 0xrundll32.exe_EZ Software Updater.dll0
Pfad der fehlerhaften Anwendung: rundll32.exe_EZ Software Updater.dll1
Pfad des fehlerhaften Moduls: rundll32.exe_EZ Software Updater.dll2
Berichtskennung: rundll32.exe_EZ Software Updater.dll3

Error: (06/26/2014 10:56:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/25/2014 10:04:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/25/2014 02:27:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: rundll32.exe_EZ Software Updater.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc637
Name des fehlerhaften Moduls: EZ Software Updater.dll, Version: 1.0.0.0, Zeitstempel: 0x53674af5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001c9e5
ID des fehlerhaften Prozesses: 0x8f8
Startzeit der fehlerhaften Anwendung: 0xrundll32.exe_EZ Software Updater.dll0
Pfad der fehlerhaften Anwendung: rundll32.exe_EZ Software Updater.dll1
Pfad des fehlerhaften Moduls: rundll32.exe_EZ Software Updater.dll2
Berichtskennung: rundll32.exe_EZ Software Updater.dll3


System errors:
=============
Error: (07/04/2014 11:30:15 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst SysMain erreicht.

Error: (07/04/2014 09:48:19 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht.

Error: (07/03/2014 10:07:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ZoneAlarm Privacy Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (07/02/2014 06:36:16 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (07/02/2014 00:29:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ZoneAlarm Privacy Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (07/01/2014 00:15:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ZoneAlarm Privacy Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (07/01/2014 10:40:47 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.

Error: (07/01/2014 02:45:52 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst TuneUp.UtilitiesSvc erreicht.

Error: (06/30/2014 08:41:49 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht.

Error: (06/29/2014 04:15:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ZoneAlarm Privacy Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 42%
Total physical RAM: 3002.02 MB
Available physical RAM: 1714.61 MB
Total Pagefile: 6002.34 MB
Available Pagefile: 4576.87 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.48 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:68.36 GB) (Free:39.88 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:80.68 GB) (Free:70.27 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 9BA91AAD)
Partition 1: (Active) - (Size=68 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=81 GB) - (Type=OF Extended)

==================== End Of Log ============================
_____________________________________________________________________________
GMER:

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-04 12:32:19
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600BEVT-00ZCT0 rev.11.01A11 149,05GB
Running: 69qtyzo7.exe; Driver: C:\Users\Simone\AppData\Local\Temp\uxldypod.sys


---- System - GMER 2.1 ----

SSDT 862899B0 ZwAlertResumeThread
SSDT 86289A48 ZwAlertThread
SSDT 8626A398 ZwAllocateVirtualMemory
SSDT 86157E10 ZwAlpcConnectPort
SSDT 86289428 ZwAssignProcessToJobObject
SSDT 862897D8 ZwCreateMutant
SSDT 86289220 ZwCreateSymbolicLinkObject
SSDT 86285188 ZwCreateThread
SSDT 862892C8 ZwCreateThreadEx
SSDT 862894C0 ZwDebugActiveProcess
SSDT 8626A4B8 ZwDuplicateObject
SSDT 86289F38 ZwFreeVirtualMemory
SSDT 86289880 ZwImpersonateAnonymousToken
SSDT 86289918 ZwImpersonateThread
SSDT 861B1E90 ZwLoadDriver
SSDT 86289E80 ZwMapViewOfSection
SSDT 86289740 ZwOpenEvent
SSDT 86285100 ZwOpenProcess
SSDT 8626A440 ZwOpenProcessToken
SSDT 86289610 ZwOpenSection
SSDT 86285078 ZwOpenThread
SSDT 86289380 ZwProtectVirtualMemory
SSDT 86289AE0 ZwResumeThread
SSDT 86289CA8 ZwSetContextThread
SSDT 86289D40 ZwSetInformationProcess
SSDT 86289558 ZwSetSystemInformation
SSDT 862896A8 ZwSuspendProcess
SSDT 86289B78 ZwSuspendThread
SSDT 862655A0 ZwTerminateProcess
SSDT 86289C10 ZwTerminateThread
SSDT 86289DE8 ZwUnmapViewOfSection
SSDT 86289FC0 ZwWriteVirtualMemory

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82A85A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82ABF212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10DB 82AC6470 8 Bytes [B0, 99, 28, 86, 48, 9A, 28, ...] {MOV AL, 0x99; SUB [ESI-0x79d765b8], AL}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82AC6488 4 Bytes [98, A3, 26, 86]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 82AC6494 4 Bytes [10, 7E, 15, 86]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82AC64E8 4 Bytes [28, 94, 28, 86]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 82AC6564 4 Bytes [D8, 97, 28, 86]
.text ...

---- User code sections - GMER 2.1 ----

.text C:\Users\Simone\Desktop\69qtyzo7.exe[1680] ntdll.dll!NtTerminateThread 77676918 5 Bytes JMP 00020050
.text C:\Users\Simone\Desktop\69qtyzo7.exe[1680] USER32.dll!ChangeWindowMessageFilterEx + F 762124D7 7 Bytes JMP 00210A12
.text C:\Users\Simone\Desktop\69qtyzo7.exe[1680] USER32.dll!RecordShutdownReason + 372 762506C2 7 Bytes JMP 00210930
.text C:\Users\Simone\AppData\Local\Genesis_06211741\Genesis_06211741.exe[3604] ntdll.dll!NtTerminateThread 77676918 5 Bytes JMP 00020050
.text C:\Users\Simone\AppData\Local\Genesis_06211741\Genesis_06211741.exe[3604] USER32.dll!ChangeWindowMessageFilterEx + F 762124D7 7 Bytes JMP 0021012A
.text C:\Users\Simone\AppData\Local\Genesis_06211741\Genesis_06211741.exe[3604] USER32.dll!RecordShutdownReason + 372 762506C2 7 Bytes JMP 00210048

---- EOF - GMER 2.1 ----

hi,






Adware & Co. deinstallieren

• Lade Dir bitte von hier http://deeprybka.trojaner-board.de/b...ninstaller.pngRevo Uninstaller herunter.
• Installiere und starte das Programm.
• Suche im Uninstallerfeld nach den Programmen, die unter:
  http://deeprybka.trojaner-board.de/b.../revo/add1.png
  diesen Zusatz haben:
  http://deeprybka.trojaner-board.de/b...e/revo/att.PNG
• Wähle die Programme nacheinander aus und klicke jedesmal auf Uninstall.
• Wähle anschließend den Modus "Moderat" aus.
  http://deeprybka.trojaner-board.de/b.../uninstall.PNGhttp://deeprybka.trojaner-board.de/b...o/moderat2.PNG
• Reste löschen:
  Klicke auf http://deeprybka.trojaner-board.de/b.../selectall.PNG dann auf http://deeprybka.trojaner-board.de/b...evo/delete.PNG und dann auf http://deeprybka.trojaner-board.de/b...evo/weiter.PNG.

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:




Downloade Dir bitte Malwarebytes Anti-Malware

• Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
• Starte Malwarebytes' Anti-Malware (MBAM).
• Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
• Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
• Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
• Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
• Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
• Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

• Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
• Drücke eine beliebige Taste, um das Tool zu starten.
• Je nach System kann der Scan eine Weile dauern.
• Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
• Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Wow vielen Dank für die schnelle Antwort.
Hab alles erledigt, wie du es gesagt hast. Bis jetzt siehts schon viel besser aus.
Die Logs waren leider so groß, dass ich sie packen musste.

Vielen Dank

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

Ist gebongt. Entschuldige die zusätzliche Arbeit.

MBAM

JRT

AdwCleaner

Und das frische FRST


FRST Logfile:
--- --- ---

ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte SecurityCheck und:

• Speichere es auf dem Desktop.
• Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
• Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Deine schnelle Hilfe ist echt super. Jetzt habe ich keine der Probleme mehr mit meinem Browser.

Hier die Logs:

FRST Logfile:
--- --- ---



Du bist echt super.

Öffne mal bitte FRST, setz nen Haken bei Addition und scanne, poste bitte beide Logfiles.