Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner: Unterstrichene Wörter und Werbung

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.08.2014, 21:40   #1
Lischko
 
Trojaner: Unterstrichene Wörter und Werbung - Standard

Trojaner: Unterstrichene Wörter und Werbung



Hallo liebes Trojaner-Board Team!

Ich habe seit einiger Zeit einen Trojaner am PC, der sich jetzt immer mehr ausbreitet.
Der Trojaner äußert sich durch unterstrichene Wörter und Werbung.
Hab schon einen Eigenversuch gestartet, leider war dies nicht erfolgreich.
Bitte deshalb um Hilfe

Lg Lisa

Alt 17.08.2014, 22:02   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: Unterstrichene Wörter und Werbung - Standard

Trojaner: Unterstrichene Wörter und Werbung



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!




Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 17.08.2014, 23:34   #3
Lischko
 
Trojaner: Unterstrichene Wörter und Werbung - Standard

Trojaner: Unterstrichene Wörter und Werbung



Hab leider keine Logs und mein AntiVirus Programm ist leider abgelaufen. Wollte zwar ein neues installieren, wusste aber nicht welches.
Hier meine Logs:

FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by alli91 (administrator) on PETER on 18-08-2014 00:21:41
Running from C:\Users\alli91\Downloads
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TUMessages.exe
() C:\Users\alli91\AppData\Roaming\NetController\netcontrollerservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
() C:\Users\alli91\AppData\Roaming\NetController\netcontroller.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Users\alli91\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
() C:\Program Files (x86)\DrFoneAndroid_Temp\UnInstall.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17200_none_fa7026dd9b04586e\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-21] (IDT, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4101950777-2565436670-2892430230-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\alli91\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [232896 2014-08-06] (Client Connect LTD)
AppInit_DLLs:  C:\PROGRA~3\ASSIST~1\ASSIST~2.DLL => C:\ProgramData\Assistant\Assistant_x64.dll [4395520 2014-04-01] ()
AppInit_DLLs:  C:\PROGRA~2\GSSUPP~1\ASSIST~2.DLL => C:\Program Files (x86)\GS Supporter\Assistant_x64.dll [4210176 2014-04-01] ()
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [187328 2014-08-06] (Client Connect LTD)
AppInit_DLLs-x32:  c:\progra~3\assist~1\assist~1.dll => "c:\progra~3\assist~1\assist~1.dll" File Not Found
AppInit_DLLs-x32:  c:\progra~2\gssupp~1\assist~1.dll => c:\Program Files (x86)\GS Supporter\Assistant.dll [4296192 2014-06-01] ()
Startup: C:\Users\alli91\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=M270040F7-8233-4F33-A2E9-483066E6D1D6&SearchSource=55&CUI=&UM=5&UP=SP458D5A4F-8A2A-4D51-8979-44605C588666&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON13/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {36CF1861-B6A0-45C8-9E0A-2A8E90C5E8E4} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://at.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {36CF1861-B6A0-45C8-9E0A-2A8E90C5E8E4} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://at.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {212CA777-0762-4599-9617-8C6BEA5B3428} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=ae3e787300000000000012689df6fe5d&r=265
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=AE3E12689DF6FE5D&affID=128491&tsp=5172
SearchScopes: HKCU - {212CA777-0762-4599-9617-8C6BEA5B3428} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=ae3e787300000000000012689df6fe5d&r=265
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {36CF1861-B6A0-45C8-9E0A-2A8E90C5E8E4} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://at.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: SaveLots -> {4D3BB30B-0EA2-5214-7B83-343E261DA293} -> C:\ProgramData\SaveLots\L.x64.dll ()
BHO: MineimumPrice -> {768285D3-5E17-F336-A58E-AB140CBD4AA0} -> C:\ProgramData\MineimumPrice\80guV.x64.dll ()
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: FunDieAls -> {B837F797-CB5C-529C-B3AC-4D5B7E94B3F8} -> C:\ProgramData\FunDieAls\yIOZ.x64.dll ()
BHO: TaakETheCoupon -> {CD75ED02-A5AE-A752-9CBB-DCADF897A7C5} -> C:\ProgramData\TaakETheCoupon\3.x64.dll ()
BHO-x32: SaveLots -> {4D3BB30B-0EA2-5214-7B83-343E261DA293} -> C:\ProgramData\SaveLots\L.dll ()
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: MineimumPrice -> {768285D3-5E17-F336-A58E-AB140CBD4AA0} -> C:\ProgramData\MineimumPrice\80guV.dll ()
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: FunDieAls -> {B837F797-CB5C-529C-B3AC-4D5B7E94B3F8} -> C:\ProgramData\FunDieAls\yIOZ.dll ()
BHO-x32: TaakETheCoupon -> {CD75ED02-A5AE-A752-9CBB-DCADF897A7C5} -> C:\ProgramData\TaakETheCoupon\3.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\alli91\AppData\Roaming\Mozilla\Firefox\Profiles\smsmmpbs.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\alli91\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\alli91\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-06-10]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn [2014-07-19]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF [2014-02-09]

Chrome: 
=======
CHR HomePage: hxxp://search.conduit.com/?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=M270040F7-8233-4F33-A2E9-483066E6D1D6&SearchSource=55&CUI=&UM=5&UP=SP458D5A4F-8A2A-4D51-8979-44605C588666&SSPV=
CHR StartupUrls: "hxxp://search.conduit.com/?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=M270040F7-8233-4F33-A2E9-483066E6D1D6&SearchSource=55&CUI=&UM=5&UP=SP458D5A4F-8A2A-4D51-8979-44605C588666&SSPV="
CHR DefaultSearchKeyword: trovi.search
CHR DefaultSearchURL: hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=M270040F7-8233-4F33-A2E9-483066E6D1D6&SearchSource=58&CUI=&UM=5&UP=SP458D5A4F-8A2A-4D51-8979-44605C588666&q={searchTerms}&SSPV=
CHR DefaultSuggestURL: hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Extension: (Norton Identity Safe for Google Chrome™) - C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2014-05-19]
CHR Extension: (Tab Resize split screen layouts) - C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkpenclhmiealbebdopglffmfdiilejc [2014-07-12]
CHR Extension: (Minecraft 2) - C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbnfmnfimplhagfgeecjneakmfbepndm [2014-06-24]
CHR Extension: (save on) - C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmkdmbiljhclhlbbadnohbapcmnbjd [2014-06-01]
CHR Extension: (No Cyrus) - C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Extensions\iongpbleobggjpbababalgpaabhhggaf [2014-06-11]
CHR Extension: (Skype Click to Call) - C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-30]
CHR Extension: (Google Wallet) - C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (DiscountEXtenisoi) - C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojonbnkkmlnoienkidcnoleeiadpdgke [2014-06-16]
CHR Extension: (Listen on Repeat Youtube Video Repeater) - C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjcgpbffennccofdpganblbjiglnbip [2014-07-31]
CHR Extension: (Extutil) - C:\Users\alli91\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-05-19]
CHR Extension: (Managera) - C:\Users\alli91\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-05-19]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\Exts\Chrome.crx [2014-05-04]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2982336 2014-08-06] (Client Connect LTD)
R2 e9f32388; c:\Program Files (x86)\GS Supporter\AssistantSvc.dll [174928 2014-06-01] () [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-08-19] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-08-19] (Intel Corporation)
R2 NetControllerService; C:\Users\alli91\AppData\Roaming\NetController\netcontrollerservice.exe [182048 2014-07-08] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-21] (IDT, Inc.) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2138936 2014-03-20] (TuneUp Software)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-03-24] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
S2 699fd52f; "C:\WINDOWS\system32\rundll32.exe" "c:\progra~3\assist~1\AssistantSvc.dll",service

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2014-01-21] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-08] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-02-08] (Symantec Corporation) [File not signed]
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20140213.002\IDSvia64.sys [521944 2014-02-07] (Symantec Corporation)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-21] (Intel Corporation)
S3 iscFlash; C:\swsetup\sp60878\iscflashx64.sys [69216 2013-07-25] (Insyde Software)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20140214.001\ENG64.SYS [126040 2014-02-08] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20140214.001\EX64.SYS [2099288 2014-02-08] (Symantec Corporation)
R1 ncdevice; C:\Windows\system32\DRIVERS\ncdevice.sys [41248 2014-05-26] (NT Kernel Resources)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1405000.01C\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1405000.01C\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-02-10] (TuneUp Software)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
R3 SPPD; \??\C:\WINDOWS\system32\drivers\SPPD.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-18 00:21 - 2014-08-18 00:22 - 00026810 _____ () C:\Users\alli91\Downloads\FRST.txt
2014-08-18 00:21 - 2014-08-18 00:21 - 00000000 ____D () C:\FRST
2014-08-18 00:20 - 2014-08-18 00:20 - 02101760 _____ (Farbar) C:\Users\alli91\Downloads\FRST64.exe
2014-08-17 23:17 - 2014-08-17 23:17 - 00000000 __SHD () C:\DrFoneCache
2014-08-17 23:12 - 2014-08-17 23:12 - 01002728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinUSBCoInstaller2.dll
2014-08-17 23:10 - 2014-08-17 23:10 - 00000000 ____D () C:\Users\alli91\AppData\Local\Wondershare
2014-08-17 23:09 - 2014-08-18 00:04 - 00000000 ___HD () C:\Program Files (x86)\DrFoneAndroid_Temp
2014-08-17 23:09 - 2014-08-18 00:04 - 00000000 ____D () C:\Users\alli91\.android
2014-08-17 23:09 - 2014-08-18 00:04 - 00000000 ____D () C:\Program Files\Wondershare
2014-08-17 23:09 - 2014-08-17 23:09 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\Wondershare
2014-08-17 23:01 - 2014-08-17 23:09 - 00000000 ____D () C:\Users\Public\Documents\Wondershare
2014-08-17 23:00 - 2014-08-17 23:01 - 00831048 _____ (Wondershare) C:\Users\alli91\Downloads\drfone-for-android_setup_full1561.exe
2014-08-17 22:47 - 2014-08-17 22:48 - 01035152 _____ () C:\Users\alli91\Downloads\Recuva-lnstall.exe
2014-08-17 22:41 - 2014-08-17 22:42 - 03901296 _____ (Wondershare Software ) C:\Users\alli91\Downloads\photo-recovery_full729.exe
2014-08-17 22:31 - 2014-08-17 22:31 - 00001177 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-17 22:31 - 2014-08-17 22:31 - 00001165 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-17 22:31 - 2014-08-17 22:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-17 22:20 - 2014-08-17 22:21 - 00244408 _____ () C:\Users\alli91\Downloads\Firefox Setup Stub 31.0.exe
2014-08-11 23:40 - 2014-08-11 23:40 - 00611648 _____ () C:\Users\alli91\Downloads\misfits-episode-5-4-eng-5272123.exe
2014-08-04 23:51 - 2014-08-04 23:51 - 00000000 ____D () C:\Users\alli91\Desktop\WOODKID
2014-08-04 23:51 - 2014-08-04 23:51 - 00000000 ____D () C:\Users\alli91\Desktop\QUEENS OF THE STONE AGE
2014-08-04 23:51 - 2014-08-04 23:51 - 00000000 ____D () C:\Users\alli91\Desktop\PRINZ PI
2014-08-04 23:51 - 2014-08-04 23:51 - 00000000 ____D () C:\Users\alli91\Desktop\MATERIA
2014-08-04 23:51 - 2014-08-04 23:51 - 00000000 ____D () C:\Users\alli91\Desktop\BABYSHAMBLES
2014-08-02 11:54 - 2014-08-02 11:54 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\MusicBrainz
2014-08-02 11:54 - 2014-08-02 11:54 - 00000000 ____D () C:\Users\alli91\AppData\Local\cache
2014-08-02 11:31 - 2014-08-02 11:31 - 00001189 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBrainz Picard.lnk
2014-08-02 11:31 - 2014-08-02 11:31 - 00000000 ____D () C:\Program Files (x86)\MusicBrainz Picard
2014-08-02 11:28 - 2014-08-02 11:29 - 08790287 _____ (MusicBrainz) C:\Users\alli91\Downloads\picard-setup-1.2.exe
2014-08-02 11:27 - 2014-08-02 11:27 - 00000011 ____R () C:\WINDOWS\amunres.lsl
2014-08-02 11:25 - 2014-08-02 11:25 - 00000000 ____D () C:\Program Files (x86)\Company Name
2014-08-02 11:24 - 2014-08-17 15:35 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\NetController
2014-08-02 11:24 - 2014-08-02 11:24 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\Software
2014-08-02 11:24 - 2014-08-02 11:24 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\Company Name
2014-08-02 11:24 - 2014-08-02 11:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software
2014-08-02 11:23 - 2014-08-02 11:24 - 02207320 _____ (Company Name) C:\Users\alli91\Downloads\tunatic.exe
2014-08-02 10:53 - 2014-08-03 14:06 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\Mp3tag
2014-08-02 10:53 - 2014-08-02 10:53 - 00000997 _____ () C:\Users\Public\Desktop\Mp3tag.lnk
2014-08-02 10:53 - 2014-08-02 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2014-08-02 10:53 - 2014-08-02 10:53 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-08-02 10:52 - 2014-08-02 10:52 - 02672432 _____ () C:\Users\alli91\Downloads\mp3tagv261asetup.exe
2014-08-02 10:11 - 2014-08-02 10:53 - 00000000 ____D () C:\Program Files (x86)\The GodFather
2014-08-02 10:11 - 2014-08-02 10:11 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The GodFather
2014-08-01 22:53 - 2014-08-01 23:44 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\MediaMonkey
2014-08-01 22:53 - 2014-08-01 22:53 - 00000000 ____D () C:\Users\alli91\AppData\Local\MediaMonkey
2014-07-31 09:03 - 2014-07-31 09:03 - 00000000 ____D () C:\ProgramData\FunDieAls
2014-07-26 12:24 - 2014-07-26 12:24 - 00000000 ____D () C:\Users\alli91\Desktop\PLACEBO
2014-07-26 12:24 - 2014-07-26 12:24 - 00000000 ____D () C:\Users\alli91\Desktop\MACKLEMORE & RYAN LEWIS
2014-07-24 15:02 - 2014-07-24 15:05 - 00000000 ____D () C:\Users\alli91\Desktop\sadhjk
2014-07-23 21:09 - 2014-07-23 21:09 - 00002273 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-23 21:09 - 2014-07-23 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-23 20:47 - 2014-07-23 20:47 - 00000000 __SHD () C:\Users\alli91\AppData\Local\EmieUserList
2014-07-23 20:47 - 2014-07-23 20:47 - 00000000 __SHD () C:\Users\alli91\AppData\Local\EmieSiteList
2014-07-22 19:41 - 2014-07-23 21:38 - 00000000 ____D () C:\Users\alli91\Desktop\fq
2014-07-22 19:15 - 2014-07-22 19:15 - 00000000 ____D () C:\Users\alli91\Documents\OneNote-Notizbücher

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-18 00:22 - 2014-08-18 00:21 - 00026810 _____ () C:\Users\alli91\Downloads\FRST.txt
2014-08-18 00:21 - 2014-08-18 00:21 - 00000000 ____D () C:\FRST
2014-08-18 00:20 - 2014-08-18 00:20 - 02101760 _____ (Farbar) C:\Users\alli91\Downloads\FRST64.exe
2014-08-18 00:20 - 2014-03-24 12:45 - 01304789 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-18 00:09 - 2013-05-23 16:31 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4101950777-2565436670-2892430230-1001
2014-08-18 00:07 - 2014-04-23 22:22 - 00001122 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-18 00:04 - 2014-08-17 23:09 - 00000000 ___HD () C:\Program Files (x86)\DrFoneAndroid_Temp
2014-08-18 00:04 - 2014-08-17 23:09 - 00000000 ____D () C:\Users\alli91\.android
2014-08-18 00:04 - 2014-08-17 23:09 - 00000000 ____D () C:\Program Files\Wondershare
2014-08-17 23:53 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-08-17 23:47 - 2013-09-02 20:30 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-17 23:32 - 2014-05-22 08:53 - 00000580 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4101950777-2565436670-2892430230-1001.job
2014-08-17 23:19 - 2014-03-27 17:32 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FB5D5EC8-F036-4D33-8196-1BB09D104316}
2014-08-17 23:17 - 2014-08-17 23:17 - 00000000 __SHD () C:\DrFoneCache
2014-08-17 23:12 - 2014-08-17 23:12 - 01002728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinUSBCoInstaller2.dll
2014-08-17 23:12 - 2013-08-22 16:46 - 00303419 _____ () C:\WINDOWS\setupact.log
2014-08-17 23:10 - 2014-08-17 23:10 - 00000000 ____D () C:\Users\alli91\AppData\Local\Wondershare
2014-08-17 23:09 - 2014-08-17 23:09 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\Wondershare
2014-08-17 23:09 - 2014-08-17 23:01 - 00000000 ____D () C:\Users\Public\Documents\Wondershare
2014-08-17 23:09 - 2014-03-24 12:31 - 00000000 ____D () C:\Users\alli91
2014-08-17 23:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-17 23:01 - 2014-08-17 23:00 - 00831048 _____ (Wondershare) C:\Users\alli91\Downloads\drfone-for-android_setup_full1561.exe
2014-08-17 22:48 - 2014-08-17 22:47 - 01035152 _____ () C:\Users\alli91\Downloads\Recuva-lnstall.exe
2014-08-17 22:46 - 2013-06-04 21:18 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\vlc
2014-08-17 22:42 - 2014-08-17 22:41 - 03901296 _____ (Wondershare Software ) C:\Users\alli91\Downloads\photo-recovery_full729.exe
2014-08-17 22:31 - 2014-08-17 22:31 - 00001177 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-17 22:31 - 2014-08-17 22:31 - 00001165 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-17 22:31 - 2014-08-17 22:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-17 22:31 - 2014-06-10 19:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-17 22:31 - 2013-08-28 19:57 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\Mozilla
2014-08-17 22:21 - 2014-08-17 22:20 - 00244408 _____ () C:\Users\alli91\Downloads\Firefox Setup Stub 31.0.exe
2014-08-17 21:53 - 2013-11-14 09:27 - 01980934 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-17 21:53 - 2013-11-14 09:11 - 00842568 _____ () C:\WINDOWS\system32\perfh007.dat
2014-08-17 21:53 - 2013-11-14 09:11 - 00191764 _____ () C:\WINDOWS\system32\perfc007.dat
2014-08-17 21:07 - 2014-04-23 22:22 - 00001118 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-17 19:58 - 2013-08-12 22:09 - 00000000 ____D () C:\Users\alli91\.frostwire5
2014-08-17 16:18 - 2014-06-01 23:26 - 00000470 ____H () C:\WINDOWS\Tasks\SO.Booster-S-5078429478.job
2014-08-17 15:35 - 2014-08-02 11:24 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\NetController
2014-08-17 15:35 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-08-13 01:02 - 2013-10-03 14:31 - 00003164 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForalli91
2014-08-13 01:02 - 2013-10-03 14:31 - 00000348 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForalli91.job
2014-08-13 00:52 - 2014-05-22 08:53 - 00003576 _____ () C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-4101950777-2565436670-2892430230-1001
2014-08-12 13:27 - 2014-05-01 00:19 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-08-11 23:40 - 2014-08-11 23:40 - 00611648 _____ () C:\Users\alli91\Downloads\misfits-episode-5-4-eng-5272123.exe
2014-08-10 23:36 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-08-04 23:51 - 2014-08-04 23:51 - 00000000 ____D () C:\Users\alli91\Desktop\WOODKID
2014-08-04 23:51 - 2014-08-04 23:51 - 00000000 ____D () C:\Users\alli91\Desktop\QUEENS OF THE STONE AGE
2014-08-04 23:51 - 2014-08-04 23:51 - 00000000 ____D () C:\Users\alli91\Desktop\PRINZ PI
2014-08-04 23:51 - 2014-08-04 23:51 - 00000000 ____D () C:\Users\alli91\Desktop\MATERIA
2014-08-04 23:51 - 2014-08-04 23:51 - 00000000 ____D () C:\Users\alli91\Desktop\BABYSHAMBLES
2014-08-03 14:13 - 2013-12-12 23:33 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-08-03 14:06 - 2014-08-02 10:53 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\Mp3tag
2014-08-02 13:59 - 2014-03-23 19:46 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-02 11:54 - 2014-08-02 11:54 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\MusicBrainz
2014-08-02 11:54 - 2014-08-02 11:54 - 00000000 ____D () C:\Users\alli91\AppData\Local\cache
2014-08-02 11:31 - 2014-08-02 11:31 - 00001189 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBrainz Picard.lnk
2014-08-02 11:31 - 2014-08-02 11:31 - 00000000 ____D () C:\Program Files (x86)\MusicBrainz Picard
2014-08-02 11:29 - 2014-08-02 11:28 - 08790287 _____ (MusicBrainz) C:\Users\alli91\Downloads\picard-setup-1.2.exe
2014-08-02 11:27 - 2014-08-02 11:27 - 00000011 ____R () C:\WINDOWS\amunres.lsl
2014-08-02 11:25 - 2014-08-02 11:25 - 00000000 ____D () C:\Program Files (x86)\Company Name
2014-08-02 11:24 - 2014-08-02 11:24 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\Software
2014-08-02 11:24 - 2014-08-02 11:24 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\Company Name
2014-08-02 11:24 - 2014-08-02 11:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software
2014-08-02 11:24 - 2014-08-02 11:23 - 02207320 _____ (Company Name) C:\Users\alli91\Downloads\tunatic.exe
2014-08-02 10:53 - 2014-08-02 10:53 - 00000997 _____ () C:\Users\Public\Desktop\Mp3tag.lnk
2014-08-02 10:53 - 2014-08-02 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2014-08-02 10:53 - 2014-08-02 10:53 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-08-02 10:53 - 2014-08-02 10:11 - 00000000 ____D () C:\Program Files (x86)\The GodFather
2014-08-02 10:52 - 2014-08-02 10:52 - 02672432 _____ () C:\Users\alli91\Downloads\mp3tagv261asetup.exe
2014-08-02 10:11 - 2014-08-02 10:11 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The GodFather
2014-08-01 23:44 - 2014-08-01 22:53 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\MediaMonkey
2014-08-01 22:53 - 2014-08-01 22:53 - 00000000 ____D () C:\Users\alli91\AppData\Local\MediaMonkey
2014-07-31 09:04 - 2014-01-09 18:55 - 00000000 ____D () C:\ProgramData\f34f8b866376c5
2014-07-31 09:03 - 2014-07-31 09:03 - 00000000 ____D () C:\ProgramData\FunDieAls
2014-07-26 12:24 - 2014-07-26 12:24 - 00000000 ____D () C:\Users\alli91\Desktop\PLACEBO
2014-07-26 12:24 - 2014-07-26 12:24 - 00000000 ____D () C:\Users\alli91\Desktop\MACKLEMORE & RYAN LEWIS
2014-07-24 15:05 - 2014-07-24 15:02 - 00000000 ____D () C:\Users\alli91\Desktop\sadhjk
2014-07-23 21:38 - 2014-07-22 19:41 - 00000000 ____D () C:\Users\alli91\Desktop\fq
2014-07-23 21:09 - 2014-07-23 21:09 - 00002273 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-23 21:09 - 2014-07-23 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-23 21:08 - 2013-05-23 18:19 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-23 21:02 - 2014-04-23 22:22 - 00004094 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-07-23 21:02 - 2014-04-23 22:22 - 00003858 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-07-23 20:47 - 2014-07-23 20:47 - 00000000 __SHD () C:\Users\alli91\AppData\Local\EmieUserList
2014-07-23 20:47 - 2014-07-23 20:47 - 00000000 __SHD () C:\Users\alli91\AppData\Local\EmieSiteList
2014-07-22 19:15 - 2014-07-22 19:15 - 00000000 ____D () C:\Users\alli91\Documents\OneNote-Notizbücher
2014-07-19 20:41 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-19 19:30 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-19 19:27 - 2013-11-14 00:18 - 00082428 _____ () C:\WINDOWS\PFRO.log
2014-07-19 19:27 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-19 19:27 - 2013-08-22 16:44 - 00492520 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-19 19:27 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-19 19:26 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-19 19:26 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-19 19:26 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-19 19:26 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore

Some content of TEMP:
====================
C:\Users\alli91\AppData\Local\Temp\nsaEEF1.exe
C:\Users\alli91\AppData\Local\Temp\nsjB8B8.exe
C:\Users\alli91\AppData\Local\Temp\nsoEBF2.exe
C:\Users\alli91\AppData\Local\Temp\nsrF20F.exe
C:\Users\alli91\AppData\Local\Temp\nssB59A.exe
C:\Users\alli91\AppData\Local\Temp\nsvBC05.exe
C:\Users\alli91\AppData\Local\Temp\rcsetup151_slim.exe
C:\Users\alli91\AppData\Local\Temp\sdanircmdc.exe
C:\Users\alli91\AppData\Local\Temp\sdapskill.exe
C:\Users\alli91\AppData\Local\Temp\sdaspwn.exe
C:\Users\alli91\AppData\Local\Temp\sp-downloader.exe
C:\Users\alli91\AppData\Local\Temp\SPSetup.exe
C:\Users\alli91\AppData\Local\Temp\tmpA6C6.exe
C:\Users\alli91\AppData\Local\Temp\tmpB61F.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-17 16:10

==================== End Of Log ============================
         
--- --- ---



Addition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01
Ran by alli91 at 2014-08-18 00:22:57
Running from C:\Users\alli91\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.1.0.8 - Absolute Software)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Aiseesoft AVI Video Converter 6.2.52 (HKLM-x32\...\{5C7BDCF9-7095-4f66-9B3F-A294B780A951}_is1) (Version:  - )
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.1.1916 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink PhotoDirector (x32 Version: 2.0.1.3119 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1925 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.6.4319 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.4.5527 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Free YouTube to MP3 Converter version 3.12.33.424 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.33.424 - DVDVideoSoft Ltd.)
FrostWire 5.6.3 (HKLM-x32\...\FrostWire 5) (Version: 5.6.3.5 - FrostWire Team)
FunDieAls (HKLM-x32\...\{478472F9-9E09-492A-BDAB-42EE595EF1AD}) (Version:  - FunDeals) <==== ATTENTION
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
GnuCash 2.6.3 (HKLM-x32\...\GnuCash_is1) (Version:  - GnuCash Development Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 6.4.0.1558 (HKCU\...\GoToMeeting) (Version: 6.4.0.1558 - CitrixOnline)
GS Supporter 1.80 (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{e9f32388}) (Version:  - Certified Publisher) <==== ATTENTION
HP 3D DriveGuard (HKLM\...\{2DEDBE5B-D538-43F3-83A7-B037D6B51A89}) (Version: 4.2.8.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKCU\...\HPConnectedMusic) (Version: 1.1 (build 57) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{0E4AF773-9908-4F3B-8D57-E402FE198107}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Postscript Converter (Version: 3.1.3554 - Hewlett-Packard) Hidden
HP Recovery Manager (x32 Version: 7.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{94BB4B4F-BD6D-4166-A580-F868C8384CA6}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MineimumPrice (HKLM-x32\...\{CA1838EF-A497-194E-3850-37A62CEE398B}) (Version:  - MoinimumPrice)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mp3tag v2.61a (HKLM-x32\...\Mp3tag) (Version: v2.61a - Florian Heidenreich)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.2 - MusicBrainz)
NetController (web controller) (HKLM-x32\...\NetController) (Version: 3.0.0.4 - Inquiro SA)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.5.0.28 - Symantec Corporation)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
SaveLots (HKLM-x32\...\{35E13884-BAC3-5F4A-799B-05F882E0BD9F}) (Version:  - SSaVeLouts) <==== ATTENTION
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.16.20.192 - Client Connect LTD) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SO.Booster (HKLM-x32\...\S-5078429478) (Version: 1.0.0.1916 - PremiumSoft) <==== ATTENTION
Software (web controller) (HKLM-x32\...\Software) (Version: 3.0.0.4 - Inquiro SA)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
TaakETheCoupon (HKLM-x32\...\{53B21E29-3967-C332-57EB-C02631658584}) (Version:  - TaakeTheCooupOn) <==== ATTENTION
The GodFather (HKLM-x32\...\The GodFather) (Version:  - )
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.275 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4101950777-2565436670-2892430230-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\alli91\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points  =========================

02-08-2014 09:25:10 Installed Setup
11-08-2014 22:07:12 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {24626043-A79C-4730-905B-8A6A037F2B14} - System32\Tasks\G2MUpdateTask-S-1-5-21-4101950777-2565436670-2892430230-1001 => C:\Users\alli91\AppData\Local\Citrix\GoToMeeting\1558\g2mupdate.exe [2014-08-13] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2E2E814E-B085-47FE-AE17-00DC7F377805} - System32\Tasks\SO.Booster-S-5078429478 => c:\programdata\topapp soft\so.booster\SO.Booster.exe [2013-06-01] () <==== ATTENTION
Task: {2F618AD9-B1F9-4697-82CF-B7906D9B7B10} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {2FB34B65-8877-42D3-B040-4EE6E7CBC65D} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-07-20] (Intel)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {38C888A4-0301-4961-A130-093BF7BB00C9} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {42DD9399-9417-40B1-880D-E033CDCD8737} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {43DCA9D0-0896-4FE4-A06D-FFC31C3C54EC} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {539B1D3D-7BAB-44D0-9A08-9C8D5A1D5EF4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-13] (Adobe Systems Incorporated)
Task: {54A19C14-E177-4378-9E60-FFEF1CF39CFB} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\WSCStub.exe [2014-04-29] (Symantec Corporation)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {78740178-9778-45BD-B6E4-3193AED0747A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-15] (Microsoft Corporation)
Task: {832F2164-027C-49CB-A0EB-217DF92900C0} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8956B281-D94A-41FB-B99F-545D9DA374CC} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {949AB2DC-42DE-4E51-924B-972531C5B803} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-23] (Google Inc.)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A56A983A-94C7-41E1-862D-B318CEE35BDB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-23] (Google Inc.)
Task: {AAA5E7FE-A30A-4AFA-BB47-994DAB051D3B} - System32\Tasks\HPCeeScheduleForalli91 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {AF487D35-52FB-4279-87BD-E5C606D85F72} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {B7EB62B5-22B4-4683-87FD-D659F42AFC11} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D163F3AE-DA2F-44A7-B812-6EF112B19C10} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-03-20] (TuneUp Software)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DCFB8C99-F6A6-41C9-867E-83A4B28596B1} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {FAE18AC3-5DC6-427B-A36B-9652041D95CE} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4101950777-2565436670-2892430230-1001.job => C:\Users\alli91\AppData\Local\Citrix\GoToMeeting\1558\g2mupdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForalli91.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\SO.Booster-S-5078429478.job => c:\programdata\topapp soft\so.booster\SO.Booster.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2014-03-20 14:44 - 2014-03-20 14:44 - 00675640 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2014-07-08 17:26 - 2014-07-08 17:26 - 00182048 _____ () C:\Users\alli91\AppData\Roaming\NetController\netcontrollerservice.exe
2014-07-08 23:20 - 2014-07-08 23:20 - 00775968 _____ () C:\Users\alli91\AppData\Roaming\NetController\netcontroller.exe
2012-08-08 07:17 - 2012-08-08 07:17 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-05-22 20:50 - 2013-05-22 20:50 - 00400704 _____ () C:\Users\alli91\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2014-08-17 23:10 - 2014-08-13 22:05 - 01152400 _____ () C:\Program Files (x86)\DrFoneAndroid_Temp\UnInstall.exe
2014-06-01 23:25 - 2014-06-01 23:25 - 00174928 _____ () c:\Program Files (x86)\GS Supporter\AssistantSvc.dll
2014-06-01 23:25 - 2014-06-01 23:25 - 04296192 _____ () c:\Program Files (x86)\GS Supporter\Assistant.dll
2012-10-04 15:10 - 2013-08-19 22:49 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-03-20 14:41 - 2014-03-20 14:41 - 00611128 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUKernel.bpl
2014-03-20 14:41 - 2014-03-20 14:41 - 00152888 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUBasic.bpl
2014-03-20 14:41 - 2014-03-20 14:41 - 00820024 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\MainControls.bpl
2014-03-20 14:41 - 2014-03-20 14:41 - 00066360 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUTransl.bpl
2014-03-20 14:41 - 2014-03-20 14:41 - 00129336 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\SchedAgent_2007.bpl
2014-03-20 14:42 - 2014-03-20 14:42 - 00324408 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\AppInitialization.bpl
2014-03-20 14:41 - 2014-03-20 14:41 - 00493368 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\Html.bpl
2014-03-20 14:41 - 2014-03-20 14:41 - 00449848 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\GR32_D6.bpl
2014-03-20 14:41 - 2014-03-20 14:41 - 00335672 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUCompression.bpl
2014-03-20 14:41 - 2014-03-20 14:41 - 00307000 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\ntrtl60.bpl
2014-03-20 14:41 - 2014-03-20 14:41 - 00307000 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\DEC.bpl
2014-03-20 14:41 - 2014-03-20 14:41 - 00210744 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\XMLComponents.bpl
2014-03-20 14:41 - 2014-03-20 14:41 - 00469816 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\SysInfo.bpl
2014-03-20 14:42 - 2014-03-20 14:42 - 00961848 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TuningWizard.bpl
2014-03-20 14:42 - 2014-03-20 14:42 - 00631096 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUDiskCleanerClass.bpl
2014-03-20 14:41 - 2014-03-20 14:41 - 00213816 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\ProgramRating.bpl
2014-03-20 14:41 - 2014-03-20 14:41 - 00067896 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\SysControls.bpl
2014-03-20 14:42 - 2014-03-20 14:42 - 00456504 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\PowerManager.bpl
2014-03-20 14:41 - 2014-03-20 14:41 - 00425784 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\VisControls.bpl
2014-03-20 14:41 - 2014-03-20 14:41 - 00069944 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\dxGDIPlusD12.bpl
2014-03-20 14:41 - 2014-03-20 14:41 - 00044856 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\dxCoreD12.bpl
2014-03-20 14:42 - 2014-03-20 14:42 - 00140088 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\CommonForms.bpl
2014-03-20 14:41 - 2014-03-20 14:41 - 00154424 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\cefcomponent.bpl
2014-03-20 14:41 - 2014-03-20 14:41 - 00143672 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUIcoEngineerDirTree.bpl
2014-03-20 14:41 - 2014-03-20 14:41 - 00076600 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUShell.bpl
2014-03-20 14:41 - 2014-03-20 14:41 - 00161080 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\PerlRegEx.bpl
2014-03-20 14:41 - 2014-03-20 14:41 - 00033080 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUBase.bpl
2014-03-20 14:41 - 2014-03-20 14:41 - 00106808 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUShredder.bpl
2014-03-20 14:41 - 2014-03-20 14:41 - 00656184 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\MSI_D6.bpl
2014-03-20 14:42 - 2014-03-20 14:42 - 00091960 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUApps.bpl
2014-03-20 14:41 - 2014-03-20 14:41 - 00047928 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUApplications.bpl
2014-03-20 14:41 - 2014-03-20 14:41 - 00082744 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUOperaClass.bpl
2014-03-20 14:41 - 2014-03-20 14:41 - 00106296 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\Internet.bpl
2014-03-20 14:41 - 2014-03-20 14:41 - 00489272 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\Traces.bpl
2014-03-20 14:41 - 2014-03-20 14:41 - 00042808 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUSafariClass.bpl
2014-03-20 14:41 - 2014-03-20 14:41 - 00065848 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TUIECacheClass.bpl
2014-03-20 14:41 - 2014-03-20 14:41 - 01145144 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\dxBarD12.bpl
2014-03-20 14:41 - 2014-03-20 14:41 - 00852280 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\cxLibraryD12.bpl
2014-03-20 14:41 - 2014-03-20 14:41 - 00055608 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\dxThemeD12.bpl
2014-03-20 14:42 - 2014-03-20 14:42 - 00608568 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\VirtualTreesR.bpl
2014-03-20 14:41 - 2014-03-20 14:41 - 00042808 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\TURar.bpl
2014-03-20 14:41 - 2014-03-20 14:41 - 00016184 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\dxComnD12.bpl
2014-02-10 12:06 - 2014-02-10 12:06 - 13417496 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\libcef.dll
2014-05-04 22:36 - 2012-05-30 08:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.5.0.28\wincfi39.dll
2014-08-17 23:10 - 2014-04-01 14:37 - 00371712 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-08-17 23:10 - 2013-07-24 09:24 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2014-08-17 23:10 - 2014-07-18 10:25 - 03622400 _____ () C:\Program Files (x86)\DrFoneAndroid_Temp\InnoUI_DrFone.dll
2014-07-23 21:09 - 2014-07-15 11:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-23 21:09 - 2014-07-15 11:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-23 21:09 - 2014-07-15 11:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-23 21:09 - 2014-07-15 11:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-23 21:09 - 2014-07-15 11:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-07-23 21:09 - 2014-07-15 11:24 - 14664008 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/17/2014 11:46:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm DrFoneAndroid.exe, Version 4.8.0.135 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 12c4

Startzeit: 01cfba5fbd453e27

Endzeit: 34

Anwendungspfad: C:\Program Files\Wondershare\Dr.Fone f¨¹r Android\DrFoneAndroid.exe

Berichts-ID: e3b6ed77-2657-11e4-be9b-84349784b8be

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (08/17/2014 09:39:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1109

Error: (08/17/2014 09:39:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1109

Error: (08/17/2014 09:37:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/17/2014 09:19:10 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "OS (C:)" wurde aufgrund eines Fehlers nicht optimiert: Das Element ist in der Tabelle bereits vorhanden. Alle Einträge in der Tabelle müssen eindeutig sein. (0x89000014)

Error: (08/17/2014 08:57:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 961250

Error: (08/17/2014 08:57:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 961250

Error: (08/17/2014 08:57:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/17/2014 04:10:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: delegate_execute.exe, Version: 36.0.1985.125, Zeitstempel: 0x53c4d7e2
Name des fehlerhaften Moduls: delegate_execute.exe, Version: 36.0.1985.125, Zeitstempel: 0x53c4d7e2
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004639f
ID des fehlerhaften Prozesses: 0x267c
Startzeit der fehlerhaften Anwendung: 0xdelegate_execute.exe0
Pfad der fehlerhaften Anwendung: delegate_execute.exe1
Pfad des fehlerhaften Moduls: delegate_execute.exe2
Berichtskennung: delegate_execute.exe3
Vollständiger Name des fehlerhaften Pakets: delegate_execute.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: delegate_execute.exe5

Error: (08/17/2014 03:35:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 397705687


System errors:
=============
Error: (08/17/2014 09:12:57 PM) (Source: DCOM) (EventID: 10010) (User: Peter)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (08/17/2014 09:12:27 PM) (Source: DCOM) (EventID: 10010) (User: Peter)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (08/17/2014 07:20:05 PM) (Source: DCOM) (EventID: 10010) (User: Peter)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (08/17/2014 07:19:35 PM) (Source: DCOM) (EventID: 10010) (User: Peter)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (08/17/2014 04:10:48 PM) (Source: DCOM) (EventID: 10010) (User: Peter)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (08/17/2014 04:10:18 PM) (Source: DCOM) (EventID: 10010) (User: Peter)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (08/12/2014 01:27:05 PM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR14 gefunden.

Error: (08/12/2014 00:17:20 AM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR14 gefunden.

Error: (08/12/2014 00:17:20 AM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR14 gefunden.

Error: (08/12/2014 00:17:20 AM) (Source: disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR14 gefunden.


Microsoft Office Sessions:
=========================
Error: (07/06/2014 11:00:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2368 seconds with 1440 seconds of active time.  This session ended with a crash.

Error: (04/15/2014 05:32:17 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 13149 seconds with 4260 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-08-18 00:21:15.215
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-18 00:21:10.133
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-18 00:19:57.016
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-18 00:18:01.458
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-18 00:18:00.521
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-18 00:17:58.486
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-18 00:04:59.677
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-18 00:04:54.557
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-17 23:59:55.758
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-17 23:59:52.324
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz
Percentage of memory in use: 66%
Total physical RAM: 3995.27 MB
Available physical RAM: 1326.8 MB
Total Pagefile: 5051.47 MB
Available Pagefile: 1830.48 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:280.65 GB) (Free:18.78 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:16.23 GB) (Free:2.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: B9B303B1)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: ED59CD89)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
__________________

Alt 17.08.2014, 23:59   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: Unterstrichene Wörter und Werbung - Standard

Trojaner: Unterstrichene Wörter und Werbung



Du hast nur Adware drauf. Schmeiß Norton bitte schonmal runter. Und halte dich bitte fern von Unsinns-Software wie TuneUp. Solch Zeug macht deine Windows-Installation kaputt. Danach:

Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.08.2014, 12:35   #5
Lischko
 
Trojaner: Unterstrichene Wörter und Werbung - Standard

Trojaner: Unterstrichene Wörter und Werbung



Hab jetzt Norton und TuneUp deinstalliert.

adwCleaner:
Code:
ATTFilter
# AdwCleaner v3.307 - Bericht erstellt am 18/08/2014 um 13:10:24
# Aktualisiert 17/08/2014 von Xplode
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : alli91 - PETER
# Gestartet von : C:\Users\alli91\Downloads\adwcleaner_3.307.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : CltMngSvc

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\Assistant
Ordner Gelöscht : C:\ProgramData\House Of Soft
Ordner Gelöscht : C:\ProgramData\SetApp
Ordner Gelöscht : C:\ProgramData\SoftWarehouse
Ordner Gelöscht : C:\ProgramData\StarApp
Ordner Gelöscht : C:\ProgramData\FunDieAls
Ordner Gelöscht : C:\ProgramData\ggrEatsaVEr
Ordner Gelöscht : C:\ProgramData\greeatsaavere
Ordner Gelöscht : C:\ProgramData\MineimumPrice
Ordner Gelöscht : C:\ProgramData\safeewweb
Ordner Gelöscht : C:\ProgramData\SaifEWeb
Ordner Gelöscht : C:\ProgramData\saveensHare
Ordner Gelöscht : C:\ProgramData\SaveLots
Ordner Gelöscht : C:\ProgramData\saVeneshharei
Ordner Gelöscht : C:\ProgramData\SavennShare
Ordner Gelöscht : C:\ProgramData\savenshaare
Ordner Gelöscht : C:\ProgramData\savenshare
Ordner Gelöscht : C:\ProgramData\savenshiaruee,
Ordner Gelöscht : C:\ProgramData\savEnsshAre
Ordner Gelöscht : C:\ProgramData\savenSShArrE
Ordner Gelöscht : C:\ProgramData\sAvoeoNshare,
Ordner Gelöscht : C:\ProgramData\savvenshare
Ordner Gelöscht : C:\ProgramData\seavEnshare
Ordner Gelöscht : C:\ProgramData\TaakETheCoupon
Ordner Gelöscht : C:\ProgramData\websave
[!] Ordner Gelöscht : C:\Program Files (x86)\GS Supporter
Ordner Gelöscht : C:\Program Files (x86)\SearchProtect
Ordner Gelöscht : C:\Program Files (x86)\Softonic
Ordner Gelöscht : C:\Program Files (x86)\ggrEatsaVEr
Ordner Gelöscht : C:\Program Files (x86)\greeatsaavere
Ordner Gelöscht : C:\Program Files (x86)\safeewweb
Ordner Gelöscht : C:\Program Files (x86)\SaifEWeb
Ordner Gelöscht : C:\Program Files (x86)\websave
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\torch
Ordner Gelöscht : C:\Users\alli91\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\alli91\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\alli91\AppData\Local\torch
Ordner Gelöscht : C:\Users\alli91\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\alli91\AppData\LocalLow\saveensHare
Ordner Gelöscht : C:\Users\alli91\AppData\LocalLow\saVeneshharei
Ordner Gelöscht : C:\Users\alli91\AppData\LocalLow\SavennShare
Ordner Gelöscht : C:\Users\alli91\AppData\LocalLow\savenshaare
Ordner Gelöscht : C:\Users\alli91\AppData\LocalLow\savenshare
Ordner Gelöscht : C:\Users\alli91\AppData\LocalLow\savenshiaruee,
Ordner Gelöscht : C:\Users\alli91\AppData\LocalLow\savEnsshAre
Ordner Gelöscht : C:\Users\alli91\AppData\LocalLow\savenSShArrE
Ordner Gelöscht : C:\Users\alli91\AppData\LocalLow\sAvoeoNshare,
Ordner Gelöscht : C:\Users\alli91\AppData\LocalLow\savvenshare
Ordner Gelöscht : C:\Users\alli91\AppData\LocalLow\seavEnshare
Ordner Gelöscht : C:\Users\alli91\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\alli91\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Gast\AppData\Local\torch
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\torch
Datei Gelöscht : C:\END
Datei Gelöscht : C:\WINDOWS\System32\GroupPolicy\Machine\Registry.pol
Datei Gelöscht : C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_continuetosave.info_0.localstorage-journal
Datei Gelöscht : C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
Datei Gelöscht : C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
Datei Gelöscht : C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.softonic.com_0.localstorage
Datei Gelöscht : C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.softonic.com_0.localstorage-journal
Datei Gelöscht : C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
Datei Gelöscht : C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
Datei Gelöscht : C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.buenosearch.com_0.localstorage
Datei Gelöscht : C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.buenosearch.com_0.localstorage-journal
Datei Gelöscht : C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-5078429478
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{e9f32388}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{67FCE87F-F3EF-4A3C-87C2-8BD46E68807B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5B6E533F-F78F-4525-B316-312BAF1295D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0BDDE35F-64F7-49C3-99B2-404E899C49F7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{24236608-609C-42C5-B13C-A8A3EC921850}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{28B1A706-4B97-4EB1-8B32-125042685AD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{33575A26-D9CF-40C6-8A3E-116F17201C7F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4BDFD19F-93D7-49CE-B554-5C215FDC0136}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7307CF0F-7173-4FBF-8649-B149916DD322}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{80A5E38C-5F6B-485F-BD97-0B5BE991FAD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9544D727-A26F-4D57-AF38-4496088640EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC4C30BF-7D5F-4EAB-9C2A-454178F079AA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BC6F9C26-93EA-4C6D-A4A7-C1FA333B4BBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E975527B-ABE7-40B3-B5C1-385016913E3B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA4B5B1-6C76-4B20-BCDB-D41A93E79053}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{708D0DD7-FBC0-4437-B525-C098F450A62C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0BDDE35F-64F7-49C3-99B2-404E899C49F7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{24236608-609C-42C5-B13C-A8A3EC921850}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{28B1A706-4B97-4EB1-8B32-125042685AD9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{33575A26-D9CF-40C6-8A3E-116F17201C7F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4BDFD19F-93D7-49CE-B554-5C215FDC0136}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7307CF0F-7173-4FBF-8649-B149916DD322}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{80A5E38C-5F6B-485F-BD97-0B5BE991FAD5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9544D727-A26F-4D57-AF38-4496088640EA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AC4C30BF-7D5F-4EAB-9C2A-454178F079AA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BC6F9C26-93EA-4C6D-A4A7-C1FA333B4BBE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E975527B-ABE7-40B3-B5C1-385016913E3B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA4B5B1-6C76-4B20-BCDB-D41A93E79053}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKCU\Software\RegisteredApplicationsEx
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Schlüssel Gelöscht : HKLM\SOFTWARE\GS.Enabler
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\assist~1\assist~1.dll
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\gssupp~1\assist~1.dll
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~3\ASSIST~1\ASSIST~2.DLL
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\GSSUPP~1\ASSIST~2.DLL
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17126

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\alli91\AppData\Roaming\Mozilla\Firefox\Profiles\smsmmpbs.default\prefs.js ]

Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=M270040F7-8233-4F33-A2E9-483066E6D1D6&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP458D5A4F-8A2[...]

-\\ Google Chrome v36.0.1985.125

[ Datei : C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Startup_urls] : hxxp://search.conduit.com/?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=M270040F7-8233-4F33-A2E9-483066E6D1D6&SearchSource=55&CUI=&UM=5&UP=SP458D5A4F-8A2A-4D51-8979-44605C588666&SSPV=
Gelöscht [Homepage] : hxxp://search.conduit.com/?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=M270040F7-8233-4F33-A2E9-483066E6D1D6&SearchSource=55&CUI=&UM=5&UP=SP458D5A4F-8A2A-4D51-8979-44605C588666&SSPV=
Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [17645 octets] - [18/08/2014 13:08:21]
AdwCleaner[S0].txt - [16680 octets] - [18/08/2014 13:10:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16741 octets] ##########
         
JRT Logdatei
Code:
ATTFilter
# AdwCleaner v3.307 - Bericht erstellt am 18/08/2014 um 13:10:24
# Aktualisiert 17/08/2014 von Xplode
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : alli91 - PETER
# Gestartet von : C:\Users\alli91\Downloads\adwcleaner_3.307.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : CltMngSvc

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\Assistant
Ordner Gelöscht : C:\ProgramData\House Of Soft
Ordner Gelöscht : C:\ProgramData\SetApp
Ordner Gelöscht : C:\ProgramData\SoftWarehouse
Ordner Gelöscht : C:\ProgramData\StarApp
Ordner Gelöscht : C:\ProgramData\FunDieAls
Ordner Gelöscht : C:\ProgramData\ggrEatsaVEr
Ordner Gelöscht : C:\ProgramData\greeatsaavere
Ordner Gelöscht : C:\ProgramData\MineimumPrice
Ordner Gelöscht : C:\ProgramData\safeewweb
Ordner Gelöscht : C:\ProgramData\SaifEWeb
Ordner Gelöscht : C:\ProgramData\saveensHare
Ordner Gelöscht : C:\ProgramData\SaveLots
Ordner Gelöscht : C:\ProgramData\saVeneshharei
Ordner Gelöscht : C:\ProgramData\SavennShare
Ordner Gelöscht : C:\ProgramData\savenshaare
Ordner Gelöscht : C:\ProgramData\savenshare
Ordner Gelöscht : C:\ProgramData\savenshiaruee,
Ordner Gelöscht : C:\ProgramData\savEnsshAre
Ordner Gelöscht : C:\ProgramData\savenSShArrE
Ordner Gelöscht : C:\ProgramData\sAvoeoNshare,
Ordner Gelöscht : C:\ProgramData\savvenshare
Ordner Gelöscht : C:\ProgramData\seavEnshare
Ordner Gelöscht : C:\ProgramData\TaakETheCoupon
Ordner Gelöscht : C:\ProgramData\websave
[!] Ordner Gelöscht : C:\Program Files (x86)\GS Supporter
Ordner Gelöscht : C:\Program Files (x86)\SearchProtect
Ordner Gelöscht : C:\Program Files (x86)\Softonic
Ordner Gelöscht : C:\Program Files (x86)\ggrEatsaVEr
Ordner Gelöscht : C:\Program Files (x86)\greeatsaavere
Ordner Gelöscht : C:\Program Files (x86)\safeewweb
Ordner Gelöscht : C:\Program Files (x86)\SaifEWeb
Ordner Gelöscht : C:\Program Files (x86)\websave
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\torch
Ordner Gelöscht : C:\Users\alli91\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\alli91\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\alli91\AppData\Local\torch
Ordner Gelöscht : C:\Users\alli91\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\alli91\AppData\LocalLow\saveensHare
Ordner Gelöscht : C:\Users\alli91\AppData\LocalLow\saVeneshharei
Ordner Gelöscht : C:\Users\alli91\AppData\LocalLow\SavennShare
Ordner Gelöscht : C:\Users\alli91\AppData\LocalLow\savenshaare
Ordner Gelöscht : C:\Users\alli91\AppData\LocalLow\savenshare
Ordner Gelöscht : C:\Users\alli91\AppData\LocalLow\savenshiaruee,
Ordner Gelöscht : C:\Users\alli91\AppData\LocalLow\savEnsshAre
Ordner Gelöscht : C:\Users\alli91\AppData\LocalLow\savenSShArrE
Ordner Gelöscht : C:\Users\alli91\AppData\LocalLow\sAvoeoNshare,
Ordner Gelöscht : C:\Users\alli91\AppData\LocalLow\savvenshare
Ordner Gelöscht : C:\Users\alli91\AppData\LocalLow\seavEnshare
Ordner Gelöscht : C:\Users\alli91\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\alli91\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Gast\AppData\Local\torch
Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\torch
Datei Gelöscht : C:\END
Datei Gelöscht : C:\WINDOWS\System32\GroupPolicy\Machine\Registry.pol
Datei Gelöscht : C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_continuetosave.info_0.localstorage-journal
Datei Gelöscht : C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
Datei Gelöscht : C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
Datei Gelöscht : C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.softonic.com_0.localstorage
Datei Gelöscht : C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.softonic.com_0.localstorage-journal
Datei Gelöscht : C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
Datei Gelöscht : C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
Datei Gelöscht : C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.buenosearch.com_0.localstorage
Datei Gelöscht : C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.buenosearch.com_0.localstorage-journal
Datei Gelöscht : C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-5078429478
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{e9f32388}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{67FCE87F-F3EF-4A3C-87C2-8BD46E68807B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5B6E533F-F78F-4525-B316-312BAF1295D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0BDDE35F-64F7-49C3-99B2-404E899C49F7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{24236608-609C-42C5-B13C-A8A3EC921850}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{28B1A706-4B97-4EB1-8B32-125042685AD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{33575A26-D9CF-40C6-8A3E-116F17201C7F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4BDFD19F-93D7-49CE-B554-5C215FDC0136}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7307CF0F-7173-4FBF-8649-B149916DD322}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{80A5E38C-5F6B-485F-BD97-0B5BE991FAD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9544D727-A26F-4D57-AF38-4496088640EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC4C30BF-7D5F-4EAB-9C2A-454178F079AA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BC6F9C26-93EA-4C6D-A4A7-C1FA333B4BBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E975527B-ABE7-40B3-B5C1-385016913E3B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA4B5B1-6C76-4B20-BCDB-D41A93E79053}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{708D0DD7-FBC0-4437-B525-C098F450A62C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0BDDE35F-64F7-49C3-99B2-404E899C49F7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{24236608-609C-42C5-B13C-A8A3EC921850}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{28B1A706-4B97-4EB1-8B32-125042685AD9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{33575A26-D9CF-40C6-8A3E-116F17201C7F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4BDFD19F-93D7-49CE-B554-5C215FDC0136}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7307CF0F-7173-4FBF-8649-B149916DD322}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{80A5E38C-5F6B-485F-BD97-0B5BE991FAD5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9544D727-A26F-4D57-AF38-4496088640EA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AC4C30BF-7D5F-4EAB-9C2A-454178F079AA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BC6F9C26-93EA-4C6D-A4A7-C1FA333B4BBE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E975527B-ABE7-40B3-B5C1-385016913E3B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA4B5B1-6C76-4B20-BCDB-D41A93E79053}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKCU\Software\RegisteredApplicationsEx
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Schlüssel Gelöscht : HKLM\SOFTWARE\GS.Enabler
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\assist~1\assist~1.dll
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\gssupp~1\assist~1.dll
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~3\ASSIST~1\ASSIST~2.DLL
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\GSSUPP~1\ASSIST~2.DLL
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17126

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\alli91\AppData\Roaming\Mozilla\Firefox\Profiles\smsmmpbs.default\prefs.js ]

Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=M270040F7-8233-4F33-A2E9-483066E6D1D6&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP458D5A4F-8A2[...]

-\\ Google Chrome v36.0.1985.125

[ Datei : C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Startup_urls] : hxxp://search.conduit.com/?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=M270040F7-8233-4F33-A2E9-483066E6D1D6&SearchSource=55&CUI=&UM=5&UP=SP458D5A4F-8A2A-4D51-8979-44605C588666&SSPV=
Gelöscht [Homepage] : hxxp://search.conduit.com/?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=M270040F7-8233-4F33-A2E9-483066E6D1D6&SearchSource=55&CUI=&UM=5&UP=SP458D5A4F-8A2A-4D51-8979-44605C588666&SSPV=
Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [17645 octets] - [18/08/2014 13:08:21]
AdwCleaner[S0].txt - [16680 octets] - [18/08/2014 13:10:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16741 octets] ##########
         
FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by alli91 (administrator) on PETER on 18-08-2014 13:32:31
Running from C:\Users\alli91\Downloads
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
() C:\ProgramData\TopApp soft\SO.Booster\SO.Booster.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Users\alli91\AppData\Roaming\NetController\netcontrollerservice.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Users\alli91\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Users\alli91\AppData\Roaming\NetController\netcontroller.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-21] (IDT, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4101950777-2565436670-2892430230-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\alli91\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
Startup: C:\Users\alli91\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON13/1
SearchScopes: HKLM - {36CF1861-B6A0-45C8-9E0A-2A8E90C5E8E4} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: SaveLots -> {4D3BB30B-0EA2-5214-7B83-343E261DA293} -> C:\ProgramData\SaveLots\L.x64.dll No File
BHO: MineimumPrice -> {768285D3-5E17-F336-A58E-AB140CBD4AA0} -> C:\ProgramData\MineimumPrice\80guV.x64.dll No File
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: FunDieAls -> {B837F797-CB5C-529C-B3AC-4D5B7E94B3F8} -> C:\ProgramData\FunDieAls\yIOZ.x64.dll No File
BHO: TaakETheCoupon -> {CD75ED02-A5AE-A752-9CBB-DCADF897A7C5} -> C:\ProgramData\TaakETheCoupon\3.x64.dll No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: FunDieAls -> {B837F797-CB5C-529C-B3AC-4D5B7E94B3F8} -> C:\ProgramData\FunDieAls\yIOZ.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\alli91\AppData\Roaming\Mozilla\Firefox\Profiles\smsmmpbs.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\alli91\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\alli91\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-06-10]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: trovi.search
CHR DefaultSearchURL: hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=M270040F7-8233-4F33-A2E9-483066E6D1D6&SearchSource=58&CUI=&UM=5&UP=SP458D5A4F-8A2A-4D51-8979-44605C588666&q={searchTerms}&SSPV=
CHR DefaultSuggestURL: hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Extension: (Tab Resize split screen layouts) - C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkpenclhmiealbebdopglffmfdiilejc [2014-07-12]
CHR Extension: (Minecraft 2) - C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbnfmnfimplhagfgeecjneakmfbepndm [2014-06-24]
CHR Extension: (save on) - C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmkdmbiljhclhlbbadnohbapcmnbjd [2014-06-01]
CHR Extension: (No Cyrus) - C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Extensions\iongpbleobggjpbababalgpaabhhggaf [2014-06-11]
CHR Extension: (Skype Click to Call) - C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-30]
CHR Extension: (Google Wallet) - C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (DiscountEXtenisoi) - C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojonbnkkmlnoienkidcnoleeiadpdgke [2014-06-16]
CHR Extension: (Listen on Repeat Youtube Video Repeater) - C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjcgpbffennccofdpganblbjiglnbip [2014-07-31]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-08-19] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-08-19] (Intel Corporation)
R2 NetControllerService; C:\Users\alli91\AppData\Roaming\NetController\netcontrollerservice.exe [182048 2014-07-08] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-21] (IDT, Inc.) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-03-24] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
S2 699fd52f; "C:\WINDOWS\system32\rundll32.exe" "c:\progra~3\assist~1\AssistantSvc.dll",service
S2 e9f32388; "C:\WINDOWS\system32\rundll32.exe" "c:\progra~2\gssupp~1\AssistantSvc.dll",service

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-21] (Intel Corporation)
S3 iscFlash; C:\swsetup\sp60878\iscflashx64.sys [69216 2013-07-25] (Insyde Software)
R1 ncdevice; C:\Windows\system32\DRIVERS\ncdevice.sys [41248 2014-05-26] (NT Kernel Resources)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-18 13:24 - 2014-08-18 13:24 - 00002512 _____ () C:\Users\alli91\Desktop\JRT.txt
2014-08-18 13:15 - 2014-08-18 13:15 - 01016261 _____ (Thisisu) C:\Users\alli91\Downloads\JRT.exe
2014-08-18 13:09 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-08-18 13:08 - 2014-08-18 13:11 - 00000000 ____D () C:\AdwCleaner
2014-08-18 13:07 - 2014-08-18 13:07 - 01361671 _____ () C:\Users\alli91\Downloads\adwcleaner_3.307.exe
2014-08-18 00:22 - 2014-08-18 00:23 - 00041574 _____ () C:\Users\alli91\Downloads\Addition.txt
2014-08-18 00:21 - 2014-08-18 13:32 - 00016767 _____ () C:\Users\alli91\Downloads\FRST.txt
2014-08-18 00:21 - 2014-08-18 13:32 - 00000000 ____D () C:\FRST
2014-08-18 00:20 - 2014-08-18 00:20 - 02101760 _____ (Farbar) C:\Users\alli91\Downloads\FRST64.exe
2014-08-17 23:17 - 2014-08-17 23:17 - 00000000 __SHD () C:\DrFoneCache
2014-08-17 23:12 - 2014-08-17 23:12 - 01002728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinUSBCoInstaller2.dll
2014-08-17 23:10 - 2014-08-17 23:10 - 00000000 ____D () C:\Users\alli91\AppData\Local\Wondershare
2014-08-17 23:09 - 2014-08-18 00:35 - 00000000 ___HD () C:\Program Files (x86)\DrFoneAndroid_Temp
2014-08-17 23:09 - 2014-08-18 00:04 - 00000000 ____D () C:\Users\alli91\.android
2014-08-17 23:09 - 2014-08-18 00:04 - 00000000 ____D () C:\Program Files\Wondershare
2014-08-17 23:09 - 2014-08-17 23:09 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\Wondershare
2014-08-17 23:01 - 2014-08-17 23:09 - 00000000 ____D () C:\Users\Public\Documents\Wondershare
2014-08-17 23:00 - 2014-08-17 23:01 - 00831048 _____ (Wondershare) C:\Users\alli91\Downloads\drfone-for-android_setup_full1561.exe
2014-08-17 22:47 - 2014-08-17 22:48 - 01035152 _____ () C:\Users\alli91\Downloads\Recuva-lnstall.exe
2014-08-17 22:41 - 2014-08-17 22:42 - 03901296 _____ (Wondershare Software ) C:\Users\alli91\Downloads\photo-recovery_full729.exe
2014-08-17 22:31 - 2014-08-17 22:31 - 00001177 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-17 22:31 - 2014-08-17 22:31 - 00001165 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-17 22:31 - 2014-08-17 22:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-17 22:20 - 2014-08-17 22:21 - 00244408 _____ () C:\Users\alli91\Downloads\Firefox Setup Stub 31.0.exe
2014-08-11 23:40 - 2014-08-11 23:40 - 00611648 _____ () C:\Users\alli91\Downloads\misfits-episode-5-4-eng-5272123.exe
2014-08-04 23:51 - 2014-08-04 23:51 - 00000000 ____D () C:\Users\alli91\Desktop\WOODKID
2014-08-04 23:51 - 2014-08-04 23:51 - 00000000 ____D () C:\Users\alli91\Desktop\QUEENS OF THE STONE AGE
2014-08-04 23:51 - 2014-08-04 23:51 - 00000000 ____D () C:\Users\alli91\Desktop\PRINZ PI
2014-08-04 23:51 - 2014-08-04 23:51 - 00000000 ____D () C:\Users\alli91\Desktop\MATERIA
2014-08-04 23:51 - 2014-08-04 23:51 - 00000000 ____D () C:\Users\alli91\Desktop\BABYSHAMBLES
2014-08-02 11:54 - 2014-08-02 11:54 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\MusicBrainz
2014-08-02 11:54 - 2014-08-02 11:54 - 00000000 ____D () C:\Users\alli91\AppData\Local\cache
2014-08-02 11:31 - 2014-08-02 11:31 - 00001189 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBrainz Picard.lnk
2014-08-02 11:31 - 2014-08-02 11:31 - 00000000 ____D () C:\Program Files (x86)\MusicBrainz Picard
2014-08-02 11:28 - 2014-08-02 11:29 - 08790287 _____ (MusicBrainz) C:\Users\alli91\Downloads\picard-setup-1.2.exe
2014-08-02 11:27 - 2014-08-02 11:27 - 00000011 ____R () C:\WINDOWS\amunres.lsl
2014-08-02 11:25 - 2014-08-02 11:25 - 00000000 ____D () C:\Program Files (x86)\Company Name
2014-08-02 11:24 - 2014-08-17 15:35 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\NetController
2014-08-02 11:24 - 2014-08-02 11:24 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\Company Name
2014-08-02 11:24 - 2014-08-02 11:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software
2014-08-02 11:23 - 2014-08-02 11:24 - 02207320 _____ (Company Name) C:\Users\alli91\Downloads\tunatic.exe
2014-08-02 10:53 - 2014-08-03 14:06 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\Mp3tag
2014-08-02 10:53 - 2014-08-02 10:53 - 00000997 _____ () C:\Users\Public\Desktop\Mp3tag.lnk
2014-08-02 10:53 - 2014-08-02 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2014-08-02 10:53 - 2014-08-02 10:53 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-08-02 10:52 - 2014-08-02 10:52 - 02672432 _____ () C:\Users\alli91\Downloads\mp3tagv261asetup.exe
2014-08-02 10:11 - 2014-08-02 10:53 - 00000000 ____D () C:\Program Files (x86)\The GodFather
2014-08-02 10:11 - 2014-08-02 10:11 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The GodFather
2014-08-01 22:53 - 2014-08-01 23:44 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\MediaMonkey
2014-08-01 22:53 - 2014-08-01 22:53 - 00000000 ____D () C:\Users\alli91\AppData\Local\MediaMonkey
2014-07-26 12:24 - 2014-07-26 12:24 - 00000000 ____D () C:\Users\alli91\Desktop\PLACEBO
2014-07-26 12:24 - 2014-07-26 12:24 - 00000000 ____D () C:\Users\alli91\Desktop\MACKLEMORE & RYAN LEWIS
2014-07-24 15:02 - 2014-07-24 15:05 - 00000000 ____D () C:\Users\alli91\Desktop\sadhjk
2014-07-23 21:09 - 2014-08-18 13:11 - 00002197 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-23 21:09 - 2014-07-23 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-23 20:47 - 2014-07-23 20:47 - 00000000 __SHD () C:\Users\alli91\AppData\Local\EmieUserList
2014-07-23 20:47 - 2014-07-23 20:47 - 00000000 __SHD () C:\Users\alli91\AppData\Local\EmieSiteList
2014-07-22 19:41 - 2014-07-23 21:38 - 00000000 ____D () C:\Users\alli91\Desktop\fq
2014-07-22 19:15 - 2014-07-22 19:15 - 00000000 ____D () C:\Users\alli91\Documents\OneNote-Notizbücher

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-18 13:32 - 2014-08-18 00:21 - 00016767 _____ () C:\Users\alli91\Downloads\FRST.txt
2014-08-18 13:32 - 2014-08-18 00:21 - 00000000 ____D () C:\FRST
2014-08-18 13:32 - 2014-05-22 08:53 - 00000580 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4101950777-2565436670-2892430230-1001.job
2014-08-18 13:24 - 2014-08-18 13:24 - 00002512 _____ () C:\Users\alli91\Desktop\JRT.txt
2014-08-18 13:24 - 2013-05-23 16:31 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4101950777-2565436670-2892430230-1001
2014-08-18 13:20 - 2013-11-14 09:27 - 01980934 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-18 13:20 - 2013-11-14 09:11 - 00842568 _____ () C:\WINDOWS\system32\perfh007.dat
2014-08-18 13:20 - 2013-11-14 09:11 - 00191764 _____ () C:\WINDOWS\system32\perfc007.dat
2014-08-18 13:15 - 2014-08-18 13:15 - 01016261 _____ (Thisisu) C:\Users\alli91\Downloads\JRT.exe
2014-08-18 13:11 - 2014-08-18 13:08 - 00000000 ____D () C:\AdwCleaner
2014-08-18 13:11 - 2014-07-23 21:09 - 00002197 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-18 13:11 - 2014-06-01 23:26 - 00000470 ____H () C:\WINDOWS\Tasks\SO.Booster-S-5078429478.job
2014-08-18 13:11 - 2014-04-23 22:22 - 00001118 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-18 13:11 - 2014-03-24 12:45 - 01454441 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-18 13:11 - 2013-11-14 00:18 - 00755824 _____ () C:\WINDOWS\PFRO.log
2014-08-18 13:11 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-18 13:11 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-18 13:07 - 2014-08-18 13:07 - 01361671 _____ () C:\Users\alli91\Downloads\adwcleaner_3.307.exe
2014-08-18 13:07 - 2014-04-23 22:22 - 00001122 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-18 13:02 - 2013-10-03 14:31 - 00003164 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForalli91
2014-08-18 13:02 - 2013-10-03 14:31 - 00000348 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForalli91.job
2014-08-18 13:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-18 13:00 - 2012-10-04 15:41 - 00000000 ____D () C:\ProgramData\Norton
2014-08-18 12:57 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-08-18 12:57 - 2012-07-26 10:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-08-18 10:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-08-18 10:04 - 2014-03-27 17:32 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FB5D5EC8-F036-4D33-8196-1BB09D104316}
2014-08-18 00:35 - 2014-08-17 23:09 - 00000000 ___HD () C:\Program Files (x86)\DrFoneAndroid_Temp
2014-08-18 00:23 - 2014-08-18 00:22 - 00041574 _____ () C:\Users\alli91\Downloads\Addition.txt
2014-08-18 00:20 - 2014-08-18 00:20 - 02101760 _____ (Farbar) C:\Users\alli91\Downloads\FRST64.exe
2014-08-18 00:04 - 2014-08-17 23:09 - 00000000 ____D () C:\Users\alli91\.android
2014-08-18 00:04 - 2014-08-17 23:09 - 00000000 ____D () C:\Program Files\Wondershare
2014-08-17 23:53 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-08-17 23:47 - 2013-09-02 20:30 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-17 23:17 - 2014-08-17 23:17 - 00000000 __SHD () C:\DrFoneCache
2014-08-17 23:12 - 2014-08-17 23:12 - 01002728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinUSBCoInstaller2.dll
2014-08-17 23:12 - 2013-08-22 16:46 - 00303419 _____ () C:\WINDOWS\setupact.log
2014-08-17 23:10 - 2014-08-17 23:10 - 00000000 ____D () C:\Users\alli91\AppData\Local\Wondershare
2014-08-17 23:09 - 2014-08-17 23:09 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\Wondershare
2014-08-17 23:09 - 2014-08-17 23:01 - 00000000 ____D () C:\Users\Public\Documents\Wondershare
2014-08-17 23:09 - 2014-03-24 12:31 - 00000000 ____D () C:\Users\alli91
2014-08-17 23:01 - 2014-08-17 23:00 - 00831048 _____ (Wondershare) C:\Users\alli91\Downloads\drfone-for-android_setup_full1561.exe
2014-08-17 22:48 - 2014-08-17 22:47 - 01035152 _____ () C:\Users\alli91\Downloads\Recuva-lnstall.exe
2014-08-17 22:46 - 2013-06-04 21:18 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\vlc
2014-08-17 22:42 - 2014-08-17 22:41 - 03901296 _____ (Wondershare Software ) C:\Users\alli91\Downloads\photo-recovery_full729.exe
2014-08-17 22:31 - 2014-08-17 22:31 - 00001177 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-17 22:31 - 2014-08-17 22:31 - 00001165 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-17 22:31 - 2014-08-17 22:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-17 22:31 - 2014-06-10 19:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-17 22:31 - 2013-08-28 19:57 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\Mozilla
2014-08-17 22:21 - 2014-08-17 22:20 - 00244408 _____ () C:\Users\alli91\Downloads\Firefox Setup Stub 31.0.exe
2014-08-17 19:58 - 2013-08-12 22:09 - 00000000 ____D () C:\Users\alli91\.frostwire5
2014-08-17 15:35 - 2014-08-02 11:24 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\NetController
2014-08-17 15:35 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-08-13 00:52 - 2014-05-22 08:53 - 00003576 _____ () C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-4101950777-2565436670-2892430230-1001
2014-08-11 23:40 - 2014-08-11 23:40 - 00611648 _____ () C:\Users\alli91\Downloads\misfits-episode-5-4-eng-5272123.exe
2014-08-04 23:51 - 2014-08-04 23:51 - 00000000 ____D () C:\Users\alli91\Desktop\WOODKID
2014-08-04 23:51 - 2014-08-04 23:51 - 00000000 ____D () C:\Users\alli91\Desktop\QUEENS OF THE STONE AGE
2014-08-04 23:51 - 2014-08-04 23:51 - 00000000 ____D () C:\Users\alli91\Desktop\PRINZ PI
2014-08-04 23:51 - 2014-08-04 23:51 - 00000000 ____D () C:\Users\alli91\Desktop\MATERIA
2014-08-04 23:51 - 2014-08-04 23:51 - 00000000 ____D () C:\Users\alli91\Desktop\BABYSHAMBLES
2014-08-03 14:13 - 2013-12-12 23:33 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-08-03 14:06 - 2014-08-02 10:53 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\Mp3tag
2014-08-02 13:59 - 2014-03-23 19:46 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-02 11:54 - 2014-08-02 11:54 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\MusicBrainz
2014-08-02 11:54 - 2014-08-02 11:54 - 00000000 ____D () C:\Users\alli91\AppData\Local\cache
2014-08-02 11:31 - 2014-08-02 11:31 - 00001189 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBrainz Picard.lnk
2014-08-02 11:31 - 2014-08-02 11:31 - 00000000 ____D () C:\Program Files (x86)\MusicBrainz Picard
2014-08-02 11:29 - 2014-08-02 11:28 - 08790287 _____ (MusicBrainz) C:\Users\alli91\Downloads\picard-setup-1.2.exe
2014-08-02 11:27 - 2014-08-02 11:27 - 00000011 ____R () C:\WINDOWS\amunres.lsl
2014-08-02 11:25 - 2014-08-02 11:25 - 00000000 ____D () C:\Program Files (x86)\Company Name
2014-08-02 11:24 - 2014-08-02 11:24 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\Company Name
2014-08-02 11:24 - 2014-08-02 11:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software
2014-08-02 11:24 - 2014-08-02 11:23 - 02207320 _____ (Company Name) C:\Users\alli91\Downloads\tunatic.exe
2014-08-02 10:53 - 2014-08-02 10:53 - 00000997 _____ () C:\Users\Public\Desktop\Mp3tag.lnk
2014-08-02 10:53 - 2014-08-02 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2014-08-02 10:53 - 2014-08-02 10:53 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-08-02 10:53 - 2014-08-02 10:11 - 00000000 ____D () C:\Program Files (x86)\The GodFather
2014-08-02 10:52 - 2014-08-02 10:52 - 02672432 _____ () C:\Users\alli91\Downloads\mp3tagv261asetup.exe
2014-08-02 10:11 - 2014-08-02 10:11 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The GodFather
2014-08-01 23:44 - 2014-08-01 22:53 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\MediaMonkey
2014-08-01 22:53 - 2014-08-01 22:53 - 00000000 ____D () C:\Users\alli91\AppData\Local\MediaMonkey
2014-07-31 09:04 - 2014-01-09 18:55 - 00000000 ____D () C:\ProgramData\f34f8b866376c5
2014-07-26 12:24 - 2014-07-26 12:24 - 00000000 ____D () C:\Users\alli91\Desktop\PLACEBO
2014-07-26 12:24 - 2014-07-26 12:24 - 00000000 ____D () C:\Users\alli91\Desktop\MACKLEMORE & RYAN LEWIS
2014-07-24 15:05 - 2014-07-24 15:02 - 00000000 ____D () C:\Users\alli91\Desktop\sadhjk
2014-07-23 21:38 - 2014-07-22 19:41 - 00000000 ____D () C:\Users\alli91\Desktop\fq
2014-07-23 21:09 - 2014-07-23 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-23 21:08 - 2013-05-23 18:19 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-23 21:02 - 2014-04-23 22:22 - 00004094 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-07-23 21:02 - 2014-04-23 22:22 - 00003858 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-07-23 20:47 - 2014-07-23 20:47 - 00000000 __SHD () C:\Users\alli91\AppData\Local\EmieUserList
2014-07-23 20:47 - 2014-07-23 20:47 - 00000000 __SHD () C:\Users\alli91\AppData\Local\EmieSiteList
2014-07-22 19:15 - 2014-07-22 19:15 - 00000000 ____D () C:\Users\alli91\Documents\OneNote-Notizbücher
2014-07-19 20:41 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-19 19:27 - 2013-08-22 16:44 - 00492520 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-19 19:26 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-19 19:26 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-19 19:26 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-19 19:26 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore

Some content of TEMP:
====================
C:\Users\alli91\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\alli91\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\alli91\AppData\Local\Temp\nsaEEF1.exe
C:\Users\alli91\AppData\Local\Temp\nsjB8B8.exe
C:\Users\alli91\AppData\Local\Temp\nsoEBF2.exe
C:\Users\alli91\AppData\Local\Temp\nsrF20F.exe
C:\Users\alli91\AppData\Local\Temp\nssB59A.exe
C:\Users\alli91\AppData\Local\Temp\nsvBC05.exe
C:\Users\alli91\AppData\Local\Temp\Quarantine.exe
C:\Users\alli91\AppData\Local\Temp\rcsetup151_slim.exe
C:\Users\alli91\AppData\Local\Temp\sdanircmdc.exe
C:\Users\alli91\AppData\Local\Temp\sdapskill.exe
C:\Users\alli91\AppData\Local\Temp\sdaspwn.exe
C:\Users\alli91\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\alli91\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\alli91\AppData\Local\Temp\sp-downloader.exe
C:\Users\alli91\AppData\Local\Temp\SPSetup.exe
C:\Users\alli91\AppData\Local\Temp\tmpA6C6.exe
C:\Users\alli91\AppData\Local\Temp\tmpB61F.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-17 16:10

==================== End Of Log ============================
         
--- --- ---


Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01
Ran by alli91 at 2014-08-18 13:33:28
Running from C:\Users\alli91\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.1.0.8 - Absolute Software)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Aiseesoft AVI Video Converter 6.2.52 (HKLM-x32\...\{5C7BDCF9-7095-4f66-9B3F-A294B780A951}_is1) (Version:  - )
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.1.1916 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink PhotoDirector (x32 Version: 2.0.1.3119 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1925 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.6.4319 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.4.5527 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Free YouTube to MP3 Converter version 3.12.33.424 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.33.424 - DVDVideoSoft Ltd.)
FrostWire 5.6.3 (HKLM-x32\...\FrostWire 5) (Version: 5.6.3.5 - FrostWire Team)
FunDieAls (HKLM-x32\...\{478472F9-9E09-492A-BDAB-42EE595EF1AD}) (Version:  - FunDeals) <==== ATTENTION
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
GnuCash 2.6.3 (HKLM-x32\...\GnuCash_is1) (Version:  - GnuCash Development Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 6.4.0.1558 (HKCU\...\GoToMeeting) (Version: 6.4.0.1558 - CitrixOnline)
HP 3D DriveGuard (HKLM\...\{2DEDBE5B-D538-43F3-83A7-B037D6B51A89}) (Version: 4.2.8.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKCU\...\HPConnectedMusic) (Version: 1.1 (build 57) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{0E4AF773-9908-4F3B-8D57-E402FE198107}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Postscript Converter (Version: 3.1.3554 - Hewlett-Packard) Hidden
HP Recovery Manager (x32 Version: 7.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{94BB4B4F-BD6D-4166-A580-F868C8384CA6}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MineimumPrice (HKLM-x32\...\{CA1838EF-A497-194E-3850-37A62CEE398B}) (Version:  - MoinimumPrice)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mp3tag v2.61a (HKLM-x32\...\Mp3tag) (Version: v2.61a - Florian Heidenreich)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.2 - MusicBrainz)
NetController (web controller) (HKLM-x32\...\NetController) (Version: 3.0.0.4 - Inquiro SA)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
SaveLots (HKLM-x32\...\{35E13884-BAC3-5F4A-799B-05F882E0BD9F}) (Version:  - SSaVeLouts) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Software (web controller) (HKLM-x32\...\Software) (Version: 3.0.0.4 - Inquiro SA)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
TaakETheCoupon (HKLM-x32\...\{53B21E29-3967-C332-57EB-C02631658584}) (Version:  - TaakeTheCooupOn) <==== ATTENTION
The GodFather (HKLM-x32\...\The GodFather) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4101950777-2565436670-2892430230-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\alli91\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points  =========================

02-08-2014 09:25:10 Installed Setup
11-08-2014 22:07:12 Geplanter Prüfpunkt
18-08-2014 11:02:47 TuneUp Utilities 2014 wird entfernt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {24626043-A79C-4730-905B-8A6A037F2B14} - System32\Tasks\G2MUpdateTask-S-1-5-21-4101950777-2565436670-2892430230-1001 => C:\Users\alli91\AppData\Local\Citrix\GoToMeeting\1558\g2mupdate.exe [2014-08-13] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2E2E814E-B085-47FE-AE17-00DC7F377805} - System32\Tasks\SO.Booster-S-5078429478 => c:\programdata\topapp soft\so.booster\SO.Booster.exe [2013-06-01] () <==== ATTENTION
Task: {2FB34B65-8877-42D3-B040-4EE6E7CBC65D} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-07-20] (Intel)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {38C888A4-0301-4961-A130-093BF7BB00C9} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {43DCA9D0-0896-4FE4-A06D-FFC31C3C54EC} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {539B1D3D-7BAB-44D0-9A08-9C8D5A1D5EF4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-13] (Adobe Systems Incorporated)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {78740178-9778-45BD-B6E4-3193AED0747A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-15] (Microsoft Corporation)
Task: {832F2164-027C-49CB-A0EB-217DF92900C0} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8956B281-D94A-41FB-B99F-545D9DA374CC} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {949AB2DC-42DE-4E51-924B-972531C5B803} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-23] (Google Inc.)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A56A983A-94C7-41E1-862D-B318CEE35BDB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-23] (Google Inc.)
Task: {AAA5E7FE-A30A-4AFA-BB47-994DAB051D3B} - System32\Tasks\HPCeeScheduleForalli91 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {AF487D35-52FB-4279-87BD-E5C606D85F72} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {B7EB62B5-22B4-4683-87FD-D659F42AFC11} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DCFB8C99-F6A6-41C9-867E-83A4B28596B1} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {FAE18AC3-5DC6-427B-A36B-9652041D95CE} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4101950777-2565436670-2892430230-1001.job => C:\Users\alli91\AppData\Local\Citrix\GoToMeeting\1558\g2mupdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForalli91.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\SO.Booster-S-5078429478.job => c:\programdata\topapp soft\so.booster\SO.Booster.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2013-06-01 23:26 - 2013-06-01 23:26 - 00729600 _____ () c:\programdata\topapp soft\so.booster\SO.Booster.exe
2014-07-08 17:26 - 2014-07-08 17:26 - 00182048 _____ () C:\Users\alli91\AppData\Roaming\NetController\netcontrollerservice.exe
2012-08-08 07:17 - 2012-08-08 07:17 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-05-22 20:50 - 2013-05-22 20:50 - 00400704 _____ () C:\Users\alli91\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2014-07-08 23:20 - 2014-07-08 23:20 - 00775968 _____ () C:\Users\alli91\AppData\Roaming\NetController\netcontroller.exe
2012-10-04 15:10 - 2013-08-19 22:49 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-07-23 21:09 - 2014-07-15 11:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-23 21:09 - 2014-07-15 11:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-23 21:09 - 2014-07-15 11:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-23 21:09 - 2014-07-15 11:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-23 21:09 - 2014-07-15 11:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
2014-07-23 21:09 - 2014-07-15 11:24 - 14664008 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (08/18/2014 01:33:40 PM) (Source: DCOM) (EventID: 10010) (User: Peter)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (08/18/2014 01:33:10 PM) (Source: DCOM) (EventID: 10010) (User: Peter)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (08/18/2014 01:32:40 PM) (Source: DCOM) (EventID: 10010) (User: Peter)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (08/18/2014 01:32:10 PM) (Source: DCOM) (EventID: 10010) (User: Peter)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (08/18/2014 01:31:40 PM) (Source: DCOM) (EventID: 10010) (User: Peter)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (08/18/2014 01:31:10 PM) (Source: DCOM) (EventID: 10010) (User: Peter)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}


Microsoft Office Sessions:
=========================
Error: (07/06/2014 11:00:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2368 seconds with 1440 seconds of active time.  This session ended with a crash.

Error: (04/15/2014 05:32:17 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 13149 seconds with 4260 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-08-18 13:32:38.408
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-18 13:32:27.781
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-18 13:32:19.171
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-18 13:30:20.620
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-18 13:19:00.567
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-18 13:16:52.974
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-18 13:16:38.936
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-18 13:16:00.155
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-18 13:11:49.000
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-18 13:10:23.750
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz
Percentage of memory in use: 40%
Total physical RAM: 3995.27 MB
Available physical RAM: 2373.66 MB
Total Pagefile: 4699.27 MB
Available Pagefile: 3038.07 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:280.65 GB) (Free:20.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:16.23 GB) (Free:2.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: B9B303B1)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: ED59CD89)

Partition: GPT Partition Type.

==================== End Of Log ============================
         


Alt 18.08.2014, 12:53   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: Unterstrichene Wörter und Werbung - Standard

Trojaner: Unterstrichene Wörter und Werbung



JRT Log bitte posten, du hast 2x adwCleaner gepostet
__________________
--> Trojaner: Unterstrichene Wörter und Werbung

Alt 18.08.2014, 15:18   #7
Lischko
 
Trojaner: Unterstrichene Wörter und Werbung - Standard

Trojaner: Unterstrichene Wörter und Werbung



aaah, sorry ich dödel!
hier ist er:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by alli91 on 18.08.2014 at 16:12:30,73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.08.2014 at 16:17:20,16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Alt 18.08.2014, 15:44   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: Unterstrichene Wörter und Werbung - Standard

Trojaner: Unterstrichene Wörter und Werbung



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
BHO: SaveLots -> {4D3BB30B-0EA2-5214-7B83-343E261DA293} -> C:\ProgramData\SaveLots\L.x64.dll No File
BHO: MineimumPrice -> {768285D3-5E17-F336-A58E-AB140CBD4AA0} -> C:\ProgramData\MineimumPrice\80guV.x64.dll No File
BHO: FunDieAls -> {B837F797-CB5C-529C-B3AC-4D5B7E94B3F8} -> C:\ProgramData\FunDieAls\yIOZ.x64.dll No File
BHO: TaakETheCoupon -> {CD75ED02-A5AE-A752-9CBB-DCADF897A7C5} -> C:\ProgramData\TaakETheCoupon\3.x64.dll No File
BHO-x32: FunDieAls -> {B837F797-CB5C-529C-B3AC-4D5B7E94B3F8} -> C:\ProgramData\FunDieAls\yIOZ.dll No File
CHR DefaultSearchKeyword: trovi.search
CHR DefaultSearchURL: hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=M270040F7-8233-4F33-A2E9-483066E6D1D6&SearchSource=58&CUI=&UM=5&UP=SP458D5A4F-8A2A-4D51-8979-44605C588666&q={searchTerms}&SSPV=
CHR DefaultSuggestURL: hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Extension: (save on) - C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmkdmbiljhclhlbbadnohbapcmnbjd [2014-06-01]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 699fd52f; "C:\WINDOWS\system32\rundll32.exe" "c:\progra~3\assist~1\AssistantSvc.dll",service
S2 e9f32388; "C:\WINDOWS\system32\rundll32.exe" "c:\progra~2\gssupp~1\AssistantSvc.dll",service
Task: {2E2E814E-B085-47FE-AE17-00DC7F377805} - System32\Tasks\SO.Booster-S-5078429478 => c:\programdata\topapp soft\so.booster\SO.Booster.exe [2013-06-01] () <==== ATTENTION
Task: C:\WINDOWS\Tasks\SO.Booster-S-5078429478.job => c:\programdata\topapp soft\so.booster\SO.Booster.exe <==== ATTENTION
C:\ProgramData\MineimumPrice
C:\ProgramData\FunDieAls
C:\ProgramData\TaakETheCoupon
C:\ProgramData\SaveLots
c:\progra~3\assist~1
c:\progra~2\gssupp~1
c:\programdata\topapp soft
C:\Users\alli91\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\alli91\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\alli91\AppData\Local\Temp\nsaEEF1.exe
C:\Users\alli91\AppData\Local\Temp\nsjB8B8.exe
C:\Users\alli91\AppData\Local\Temp\nsoEBF2.exe
C:\Users\alli91\AppData\Local\Temp\nsrF20F.exe
C:\Users\alli91\AppData\Local\Temp\nssB59A.exe
C:\Users\alli91\AppData\Local\Temp\nsvBC05.exe
C:\Users\alli91\AppData\Local\Temp\Quarantine.exe
C:\Users\alli91\AppData\Local\Temp\rcsetup151_slim.exe
C:\Users\alli91\AppData\Local\Temp\sdanircmdc.exe
C:\Users\alli91\AppData\Local\Temp\sdapskill.exe
C:\Users\alli91\AppData\Local\Temp\sdaspwn.exe
C:\Users\alli91\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\alli91\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\alli91\AppData\Local\Temp\sp-downloader.exe
C:\Users\alli91\AppData\Local\Temp\SPSetup.exe
C:\Users\alli91\AppData\Local\Temp\tmpA6C6.exe
C:\Users\alli91\AppData\Local\Temp\tmpB61F.exe
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.08.2014, 16:05   #9
Lischko
 
Trojaner: Unterstrichene Wörter und Werbung - Standard

Trojaner: Unterstrichene Wörter und Werbung



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-08-2014 01
Ran by alli91 at 2014-08-18 17:04:44 Run:1
Running from C:\Users\alli91\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
BHO: SaveLots -> {4D3BB30B-0EA2-5214-7B83-343E261DA293} -> C:\ProgramData\SaveLots\L.x64.dll No File
BHO: MineimumPrice -> {768285D3-5E17-F336-A58E-AB140CBD4AA0} -> C:\ProgramData\MineimumPrice\80guV.x64.dll No File
BHO: FunDieAls -> {B837F797-CB5C-529C-B3AC-4D5B7E94B3F8} -> C:\ProgramData\FunDieAls\yIOZ.x64.dll No File
BHO: TaakETheCoupon -> {CD75ED02-A5AE-A752-9CBB-DCADF897A7C5} -> C:\ProgramData\TaakETheCoupon\3.x64.dll No File
BHO-x32: FunDieAls -> {B837F797-CB5C-529C-B3AC-4D5B7E94B3F8} -> C:\ProgramData\FunDieAls\yIOZ.dll No File
CHR DefaultSearchKeyword: trovi.search
CHR DefaultSearchURL: hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=M270040F7-8233-4F33-A2E9-483066E6D1D6&SearchSource=58&CUI=&UM=5&UP=SP458D5A4F-8A2A-4D51-8979-44605C588666&q={searchTerms}&SSPV=
CHR DefaultSuggestURL: hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Extension: (save on) - C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmkdmbiljhclhlbbadnohbapcmnbjd [2014-06-01]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 699fd52f; "C:\WINDOWS\system32\rundll32.exe" "c:\progra~3\assist~1\AssistantSvc.dll",service
S2 e9f32388; "C:\WINDOWS\system32\rundll32.exe" "c:\progra~2\gssupp~1\AssistantSvc.dll",service
Task: {2E2E814E-B085-47FE-AE17-00DC7F377805} - System32\Tasks\SO.Booster-S-5078429478 => c:\programdata\topapp soft\so.booster\SO.Booster.exe [2013-06-01] () <==== ATTENTION
Task: C:\WINDOWS\Tasks\SO.Booster-S-5078429478.job => c:\programdata\topapp soft\so.booster\SO.Booster.exe <==== ATTENTION
C:\ProgramData\MineimumPrice
C:\ProgramData\FunDieAls
C:\ProgramData\TaakETheCoupon
C:\ProgramData\SaveLots
c:\progra~3\assist~1
c:\progra~2\gssupp~1
c:\programdata\topapp soft
C:\Users\alli91\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\alli91\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\alli91\AppData\Local\Temp\nsaEEF1.exe
C:\Users\alli91\AppData\Local\Temp\nsjB8B8.exe
C:\Users\alli91\AppData\Local\Temp\nsoEBF2.exe
C:\Users\alli91\AppData\Local\Temp\nsrF20F.exe
C:\Users\alli91\AppData\Local\Temp\nssB59A.exe
C:\Users\alli91\AppData\Local\Temp\nsvBC05.exe
C:\Users\alli91\AppData\Local\Temp\Quarantine.exe
C:\Users\alli91\AppData\Local\Temp\rcsetup151_slim.exe
C:\Users\alli91\AppData\Local\Temp\sdanircmdc.exe
C:\Users\alli91\AppData\Local\Temp\sdapskill.exe
C:\Users\alli91\AppData\Local\Temp\sdaspwn.exe
C:\Users\alli91\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\alli91\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\alli91\AppData\Local\Temp\sp-downloader.exe
C:\Users\alli91\AppData\Local\Temp\SPSetup.exe
C:\Users\alli91\AppData\Local\Temp\tmpA6C6.exe
C:\Users\alli91\AppData\Local\Temp\tmpB61F.exe
*****************

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D3BB30B-0EA2-5214-7B83-343E261DA293}" => Key deleted successfully.
"HKCR\CLSID\{4D3BB30B-0EA2-5214-7B83-343E261DA293}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{768285D3-5E17-F336-A58E-AB140CBD4AA0}" => Key deleted successfully.
"HKCR\CLSID\{768285D3-5E17-F336-A58E-AB140CBD4AA0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B837F797-CB5C-529C-B3AC-4D5B7E94B3F8}" => Key deleted successfully.
"HKCR\CLSID\{B837F797-CB5C-529C-B3AC-4D5B7E94B3F8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CD75ED02-A5AE-A752-9CBB-DCADF897A7C5}" => Key deleted successfully.
"HKCR\CLSID\{CD75ED02-A5AE-A752-9CBB-DCADF897A7C5}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B837F797-CB5C-529C-B3AC-4D5B7E94B3F8}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{B837F797-CB5C-529C-B3AC-4D5B7E94B3F8}" => Key deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSearchURL deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmkdmbiljhclhlbbadnohbapcmnbjd => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
699fd52f => Service deleted successfully.
e9f32388 => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2E2E814E-B085-47FE-AE17-00DC7F377805}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E2E814E-B085-47FE-AE17-00DC7F377805}" => Key deleted successfully.
C:\Windows\System32\Tasks\SO.Booster-S-5078429478 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SO.Booster-S-5078429478" => Key deleted successfully.
C:\WINDOWS\Tasks\SO.Booster-S-5078429478.job => Moved successfully.
"C:\ProgramData\MineimumPrice" => File/Directory not found.
"C:\ProgramData\FunDieAls" => File/Directory not found.
"C:\ProgramData\TaakETheCoupon" => File/Directory not found.
"C:\ProgramData\SaveLots" => File/Directory not found.
"c:\progra~3\assist~1" => File/Directory not found.
"c:\progra~2\gssupp~1" => File/Directory not found.
c:\programdata\topapp soft => Moved successfully.
C:\Users\alli91\AppData\Local\Temp\DseShExt-x64.dll => Moved successfully.
C:\Users\alli91\AppData\Local\Temp\DseShExt-x86.dll => Moved successfully.
C:\Users\alli91\AppData\Local\Temp\nsaEEF1.exe => Moved successfully.
C:\Users\alli91\AppData\Local\Temp\nsjB8B8.exe => Moved successfully.
C:\Users\alli91\AppData\Local\Temp\nsoEBF2.exe => Moved successfully.
C:\Users\alli91\AppData\Local\Temp\nsrF20F.exe => Moved successfully.
C:\Users\alli91\AppData\Local\Temp\nssB59A.exe => Moved successfully.
C:\Users\alli91\AppData\Local\Temp\nsvBC05.exe => Moved successfully.
C:\Users\alli91\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\alli91\AppData\Local\Temp\rcsetup151_slim.exe => Moved successfully.
C:\Users\alli91\AppData\Local\Temp\sdanircmdc.exe => Moved successfully.
C:\Users\alli91\AppData\Local\Temp\sdapskill.exe => Moved successfully.
C:\Users\alli91\AppData\Local\Temp\sdaspwn.exe => Moved successfully.
C:\Users\alli91\AppData\Local\Temp\SDShelEx-win32.dll => Moved successfully.
C:\Users\alli91\AppData\Local\Temp\SDShelEx-x64.dll => Moved successfully.
C:\Users\alli91\AppData\Local\Temp\sp-downloader.exe => Moved successfully.
C:\Users\alli91\AppData\Local\Temp\SPSetup.exe => Moved successfully.
C:\Users\alli91\AppData\Local\Temp\tmpA6C6.exe => Moved successfully.
C:\Users\alli91\AppData\Local\Temp\tmpB61F.exe => Moved successfully.

==== End of Fixlog ====
         

Alt 18.08.2014, 17:21   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: Unterstrichene Wörter und Werbung - Standard

Trojaner: Unterstrichene Wörter und Werbung



Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.08.2014, 18:45   #11
Lischko
 
Trojaner: Unterstrichene Wörter und Werbung - Standard

Trojaner: Unterstrichene Wörter und Werbung



FRST
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-08-2014 01
Ran by alli91 at 2014-08-18 17:04:44 Run:1
Running from C:\Users\alli91\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
BHO: SaveLots -> {4D3BB30B-0EA2-5214-7B83-343E261DA293} -> C:\ProgramData\SaveLots\L.x64.dll No File
BHO: MineimumPrice -> {768285D3-5E17-F336-A58E-AB140CBD4AA0} -> C:\ProgramData\MineimumPrice\80guV.x64.dll No File
BHO: FunDieAls -> {B837F797-CB5C-529C-B3AC-4D5B7E94B3F8} -> C:\ProgramData\FunDieAls\yIOZ.x64.dll No File
BHO: TaakETheCoupon -> {CD75ED02-A5AE-A752-9CBB-DCADF897A7C5} -> C:\ProgramData\TaakETheCoupon\3.x64.dll No File
BHO-x32: FunDieAls -> {B837F797-CB5C-529C-B3AC-4D5B7E94B3F8} -> C:\ProgramData\FunDieAls\yIOZ.dll No File
CHR DefaultSearchKeyword: trovi.search
CHR DefaultSearchURL: hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=M270040F7-8233-4F33-A2E9-483066E6D1D6&SearchSource=58&CUI=&UM=5&UP=SP458D5A4F-8A2A-4D51-8979-44605C588666&q={searchTerms}&SSPV=
CHR DefaultSuggestURL: hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Extension: (save on) - C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmkdmbiljhclhlbbadnohbapcmnbjd [2014-06-01]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 699fd52f; "C:\WINDOWS\system32\rundll32.exe" "c:\progra~3\assist~1\AssistantSvc.dll",service
S2 e9f32388; "C:\WINDOWS\system32\rundll32.exe" "c:\progra~2\gssupp~1\AssistantSvc.dll",service
Task: {2E2E814E-B085-47FE-AE17-00DC7F377805} - System32\Tasks\SO.Booster-S-5078429478 => c:\programdata\topapp soft\so.booster\SO.Booster.exe [2013-06-01] () <==== ATTENTION
Task: C:\WINDOWS\Tasks\SO.Booster-S-5078429478.job => c:\programdata\topapp soft\so.booster\SO.Booster.exe <==== ATTENTION
C:\ProgramData\MineimumPrice
C:\ProgramData\FunDieAls
C:\ProgramData\TaakETheCoupon
C:\ProgramData\SaveLots
c:\progra~3\assist~1
c:\progra~2\gssupp~1
c:\programdata\topapp soft
C:\Users\alli91\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\alli91\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\alli91\AppData\Local\Temp\nsaEEF1.exe
C:\Users\alli91\AppData\Local\Temp\nsjB8B8.exe
C:\Users\alli91\AppData\Local\Temp\nsoEBF2.exe
C:\Users\alli91\AppData\Local\Temp\nsrF20F.exe
C:\Users\alli91\AppData\Local\Temp\nssB59A.exe
C:\Users\alli91\AppData\Local\Temp\nsvBC05.exe
C:\Users\alli91\AppData\Local\Temp\Quarantine.exe
C:\Users\alli91\AppData\Local\Temp\rcsetup151_slim.exe
C:\Users\alli91\AppData\Local\Temp\sdanircmdc.exe
C:\Users\alli91\AppData\Local\Temp\sdapskill.exe
C:\Users\alli91\AppData\Local\Temp\sdaspwn.exe
C:\Users\alli91\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\alli91\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\alli91\AppData\Local\Temp\sp-downloader.exe
C:\Users\alli91\AppData\Local\Temp\SPSetup.exe
C:\Users\alli91\AppData\Local\Temp\tmpA6C6.exe
C:\Users\alli91\AppData\Local\Temp\tmpB61F.exe
*****************

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D3BB30B-0EA2-5214-7B83-343E261DA293}" => Key deleted successfully.
"HKCR\CLSID\{4D3BB30B-0EA2-5214-7B83-343E261DA293}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{768285D3-5E17-F336-A58E-AB140CBD4AA0}" => Key deleted successfully.
"HKCR\CLSID\{768285D3-5E17-F336-A58E-AB140CBD4AA0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B837F797-CB5C-529C-B3AC-4D5B7E94B3F8}" => Key deleted successfully.
"HKCR\CLSID\{B837F797-CB5C-529C-B3AC-4D5B7E94B3F8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CD75ED02-A5AE-A752-9CBB-DCADF897A7C5}" => Key deleted successfully.
"HKCR\CLSID\{CD75ED02-A5AE-A752-9CBB-DCADF897A7C5}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B837F797-CB5C-529C-B3AC-4D5B7E94B3F8}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{B837F797-CB5C-529C-B3AC-4D5B7E94B3F8}" => Key deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSearchURL deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogmkdmbiljhclhlbbadnohbapcmnbjd => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
699fd52f => Service deleted successfully.
e9f32388 => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2E2E814E-B085-47FE-AE17-00DC7F377805}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E2E814E-B085-47FE-AE17-00DC7F377805}" => Key deleted successfully.
C:\Windows\System32\Tasks\SO.Booster-S-5078429478 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SO.Booster-S-5078429478" => Key deleted successfully.
C:\WINDOWS\Tasks\SO.Booster-S-5078429478.job => Moved successfully.
"C:\ProgramData\MineimumPrice" => File/Directory not found.
"C:\ProgramData\FunDieAls" => File/Directory not found.
"C:\ProgramData\TaakETheCoupon" => File/Directory not found.
"C:\ProgramData\SaveLots" => File/Directory not found.
"c:\progra~3\assist~1" => File/Directory not found.
"c:\progra~2\gssupp~1" => File/Directory not found.
c:\programdata\topapp soft => Moved successfully.
C:\Users\alli91\AppData\Local\Temp\DseShExt-x64.dll => Moved successfully.
C:\Users\alli91\AppData\Local\Temp\DseShExt-x86.dll => Moved successfully.
C:\Users\alli91\AppData\Local\Temp\nsaEEF1.exe => Moved successfully.
C:\Users\alli91\AppData\Local\Temp\nsjB8B8.exe => Moved successfully.
C:\Users\alli91\AppData\Local\Temp\nsoEBF2.exe => Moved successfully.
C:\Users\alli91\AppData\Local\Temp\nsrF20F.exe => Moved successfully.
C:\Users\alli91\AppData\Local\Temp\nssB59A.exe => Moved successfully.
C:\Users\alli91\AppData\Local\Temp\nsvBC05.exe => Moved successfully.
C:\Users\alli91\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\alli91\AppData\Local\Temp\rcsetup151_slim.exe => Moved successfully.
C:\Users\alli91\AppData\Local\Temp\sdanircmdc.exe => Moved successfully.
C:\Users\alli91\AppData\Local\Temp\sdapskill.exe => Moved successfully.
C:\Users\alli91\AppData\Local\Temp\sdaspwn.exe => Moved successfully.
C:\Users\alli91\AppData\Local\Temp\SDShelEx-win32.dll => Moved successfully.
C:\Users\alli91\AppData\Local\Temp\SDShelEx-x64.dll => Moved successfully.
C:\Users\alli91\AppData\Local\Temp\sp-downloader.exe => Moved successfully.
C:\Users\alli91\AppData\Local\Temp\SPSetup.exe => Moved successfully.
C:\Users\alli91\AppData\Local\Temp\tmpA6C6.exe => Moved successfully.
C:\Users\alli91\AppData\Local\Temp\tmpB61F.exe => Moved successfully.

==== End of Fixlog ====
         
Addition

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2014 01
Ran by alli91 at 2014-08-18 19:44:16
Running from C:\Users\alli91\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.1.0.8 - Absolute Software)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
Aiseesoft AVI Video Converter 6.2.52 (HKLM-x32\...\{5C7BDCF9-7095-4f66-9B3F-A294B780A951}_is1) (Version:  - )
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.1.1916 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink PhotoDirector (x32 Version: 2.0.1.3119 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1925 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.6.4319 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.4.5527 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Free YouTube to MP3 Converter version 3.12.33.424 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.33.424 - DVDVideoSoft Ltd.)
FrostWire 5.6.3 (HKLM-x32\...\FrostWire 5) (Version: 5.6.3.5 - FrostWire Team)
FunDieAls (HKLM-x32\...\{478472F9-9E09-492A-BDAB-42EE595EF1AD}) (Version:  - FunDeals) <==== ATTENTION
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
GnuCash 2.6.3 (HKLM-x32\...\GnuCash_is1) (Version:  - GnuCash Development Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 6.4.0.1558 (HKCU\...\GoToMeeting) (Version: 6.4.0.1558 - CitrixOnline)
HP 3D DriveGuard (HKLM\...\{2DEDBE5B-D538-43F3-83A7-B037D6B51A89}) (Version: 4.2.8.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKCU\...\HPConnectedMusic) (Version: 1.1 (build 57) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{0E4AF773-9908-4F3B-8D57-E402FE198107}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Postscript Converter (Version: 3.1.3554 - Hewlett-Packard) Hidden
HP Recovery Manager (x32 Version: 7.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{94BB4B4F-BD6D-4166-A580-F868C8384CA6}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MineimumPrice (HKLM-x32\...\{CA1838EF-A497-194E-3850-37A62CEE398B}) (Version:  - MoinimumPrice)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mp3tag v2.61a (HKLM-x32\...\Mp3tag) (Version: v2.61a - Florian Heidenreich)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.2 - MusicBrainz)
NetController (web controller) (HKLM-x32\...\NetController) (Version: 3.0.0.4 - Inquiro SA)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
SaveLots (HKLM-x32\...\{35E13884-BAC3-5F4A-799B-05F882E0BD9F}) (Version:  - SSaVeLouts) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Software (web controller) (HKLM-x32\...\Software) (Version: 3.0.0.4 - Inquiro SA)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
TaakETheCoupon (HKLM-x32\...\{53B21E29-3967-C332-57EB-C02631658584}) (Version:  - TaakeTheCooupOn) <==== ATTENTION
The GodFather (HKLM-x32\...\The GodFather) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4101950777-2565436670-2892430230-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\alli91\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points  =========================

02-08-2014 09:25:10 Installed Setup
11-08-2014 22:07:12 Geplanter Prüfpunkt
18-08-2014 11:02:47 TuneUp Utilities 2014 wird entfernt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {24626043-A79C-4730-905B-8A6A037F2B14} - System32\Tasks\G2MUpdateTask-S-1-5-21-4101950777-2565436670-2892430230-1001 => C:\Users\alli91\AppData\Local\Citrix\GoToMeeting\1558\g2mupdate.exe [2014-08-13] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2FB34B65-8877-42D3-B040-4EE6E7CBC65D} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-07-20] (Intel)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {38C888A4-0301-4961-A130-093BF7BB00C9} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {43DCA9D0-0896-4FE4-A06D-FFC31C3C54EC} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {530BA0C0-047A-457A-8597-47C037EF31B5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-08-18] (Microsoft Corporation)
Task: {539B1D3D-7BAB-44D0-9A08-9C8D5A1D5EF4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-13] (Adobe Systems Incorporated)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {832F2164-027C-49CB-A0EB-217DF92900C0} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8956B281-D94A-41FB-B99F-545D9DA374CC} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {949AB2DC-42DE-4E51-924B-972531C5B803} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-23] (Google Inc.)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A56A983A-94C7-41E1-862D-B318CEE35BDB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-23] (Google Inc.)
Task: {AAA5E7FE-A30A-4AFA-BB47-994DAB051D3B} - System32\Tasks\HPCeeScheduleForalli91 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {AF487D35-52FB-4279-87BD-E5C606D85F72} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {B7EB62B5-22B4-4683-87FD-D659F42AFC11} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DCFB8C99-F6A6-41C9-867E-83A4B28596B1} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {FAE18AC3-5DC6-427B-A36B-9652041D95CE} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4101950777-2565436670-2892430230-1001.job => C:\Users\alli91\AppData\Local\Citrix\GoToMeeting\1558\g2mupdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForalli91.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2014-07-08 17:26 - 2014-07-08 17:26 - 00182048 _____ () C:\Users\alli91\AppData\Roaming\NetController\netcontrollerservice.exe
2012-08-08 07:17 - 2012-08-08 07:17 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-05-22 20:50 - 2013-05-22 20:50 - 00400704 _____ () C:\Users\alli91\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2014-07-08 23:20 - 2014-07-08 23:20 - 00775968 _____ () C:\Users\alli91\AppData\Roaming\NetController\netcontroller.exe
2012-10-04 15:10 - 2013-08-19 22:49 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-08-18 17:09 - 2014-08-07 05:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-18 17:09 - 2014-08-07 05:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-18 17:09 - 2014-08-07 05:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-18 17:09 - 2014-08-07 05:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-18 17:09 - 2014-08-07 05:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/18/2014 04:35:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 960172

Error: (08/18/2014 04:35:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 960172

Error: (08/18/2014 04:35:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (08/18/2014 07:42:12 PM) (Source: DCOM) (EventID: 10010) (User: Peter)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (08/18/2014 07:41:42 PM) (Source: DCOM) (EventID: 10010) (User: Peter)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (08/18/2014 05:06:56 PM) (Source: DCOM) (EventID: 10010) (User: Peter)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (08/18/2014 05:06:26 PM) (Source: DCOM) (EventID: 10010) (User: Peter)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (08/18/2014 05:05:56 PM) (Source: DCOM) (EventID: 10010) (User: Peter)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (08/18/2014 05:05:26 PM) (Source: DCOM) (EventID: 10010) (User: Peter)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (08/18/2014 05:04:56 PM) (Source: DCOM) (EventID: 10010) (User: Peter)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}


Microsoft Office Sessions:
=========================
Error: (07/06/2014 11:00:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2368 seconds with 1440 seconds of active time.  This session ended with a crash.

Error: (04/15/2014 05:32:17 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 13149 seconds with 4260 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-08-18 19:44:23.732
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-18 17:00:06.610
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-18 16:59:03.436
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-18 16:58:51.118
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-18 16:58:42.717
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-18 16:58:13.336
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-18 16:56:27.123
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-18 16:56:27.005
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-18 16:56:02.316
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-08-18 16:55:56.112
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz
Percentage of memory in use: 40%
Total physical RAM: 3995.27 MB
Available physical RAM: 2365.07 MB
Total Pagefile: 4699.27 MB
Available Pagefile: 2847.46 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:280.65 GB) (Free:19.24 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:16.23 GB) (Free:2.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: B9B303B1)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: ED59CD89)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

Alt 18.08.2014, 23:36   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: Unterstrichene Wörter und Werbung - Standard

Trojaner: Unterstrichene Wörter und Werbung



Neues FRST.txt Log posten, nicht nochmal das Fixlog
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.08.2014, 10:56   #13
Lischko
 
Trojaner: Unterstrichene Wörter und Werbung - Standard

Trojaner: Unterstrichene Wörter und Werbung



Hoffe das hier ist jetzt das richtige:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by alli91 (administrator) on PETER on 19-08-2014 11:55:06
Running from C:\Users\alli91\Desktop
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
() C:\ProgramData\TopApp soft\SO.Booster\SO.Booster.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Users\alli91\AppData\Roaming\NetController\netcontrollerservice.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Users\alli91\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Users\alli91\AppData\Roaming\NetController\netcontroller.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-21] (IDT, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4101950777-2565436670-2892430230-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\alli91\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
Startup: C:\Users\alli91\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON13/1
SearchScopes: HKLM - {36CF1861-B6A0-45C8-9E0A-2A8E90C5E8E4} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\alli91\AppData\Roaming\Mozilla\Firefox\Profiles\smsmmpbs.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\alli91\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\alli91\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-06-10]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchProvider: Trovi search
CHR Extension: (Tab Resize split screen layouts) - C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkpenclhmiealbebdopglffmfdiilejc [2014-07-12]
CHR Extension: (Minecraft 2) - C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbnfmnfimplhagfgeecjneakmfbepndm [2014-06-24]
CHR Extension: (No Cyrus) - C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Extensions\iongpbleobggjpbababalgpaabhhggaf [2014-06-11]
CHR Extension: (Skype Click to Call) - C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-03-30]
CHR Extension: (Google Wallet) - C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (DiscountEXtenisoi) - C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojonbnkkmlnoienkidcnoleeiadpdgke [2014-06-16]
CHR Extension: (Listen on Repeat Youtube Video Repeater) - C:\Users\alli91\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjcgpbffennccofdpganblbjiglnbip [2014-07-31]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-08-19] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-08-19] (Intel Corporation)
R2 NetControllerService; C:\Users\alli91\AppData\Roaming\NetController\netcontrollerservice.exe [182048 2014-07-08] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-21] (IDT, Inc.) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-03-24] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-21] (Intel Corporation)
S3 iscFlash; C:\swsetup\sp60878\iscflashx64.sys [69216 2013-07-25] (Insyde Software)
R1 ncdevice; C:\Windows\system32\DRIVERS\ncdevice.sys [41248 2014-05-26] (NT Kernel Resources)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-18 19:44 - 2014-08-18 19:44 - 00030514 _____ () C:\Users\alli91\Desktop\Addition.txt
2014-08-18 19:43 - 2014-08-19 11:55 - 00015336 _____ () C:\Users\alli91\Desktop\FRST.txt
2014-08-18 16:17 - 2014-08-18 16:17 - 00000615 _____ () C:\Users\alli91\Desktop\JRT.txt
2014-08-18 13:15 - 2014-08-18 13:15 - 01016261 _____ (Thisisu) C:\Users\alli91\Downloads\JRT.exe
2014-08-18 13:09 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-08-18 13:08 - 2014-08-18 13:11 - 00000000 ____D () C:\AdwCleaner
2014-08-18 13:07 - 2014-08-18 13:07 - 01361671 _____ () C:\Users\alli91\Downloads\adwcleaner_3.307.exe
2014-08-18 00:22 - 2014-08-18 13:33 - 00030474 _____ () C:\Users\alli91\Downloads\Addition.txt
2014-08-18 00:21 - 2014-08-19 11:55 - 00000000 ____D () C:\FRST
2014-08-18 00:21 - 2014-08-18 13:33 - 00034984 _____ () C:\Users\alli91\Downloads\FRST.txt
2014-08-18 00:20 - 2014-08-18 00:20 - 02101760 _____ (Farbar) C:\Users\alli91\Desktop\FRST64.exe
2014-08-17 23:57 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-08-17 23:57 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-08-17 23:53 - 2014-07-10 06:16 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-08-17 23:53 - 2014-07-10 06:03 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-08-17 23:53 - 2014-07-10 05:33 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-08-17 23:53 - 2014-05-13 06:26 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-08-17 23:53 - 2014-05-13 05:31 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-08-17 23:17 - 2014-08-17 23:17 - 00000000 __SHD () C:\DrFoneCache
2014-08-17 23:12 - 2014-08-17 23:12 - 01002728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinUSBCoInstaller2.dll
2014-08-17 23:10 - 2014-08-17 23:10 - 00000000 ____D () C:\Users\alli91\AppData\Local\Wondershare
2014-08-17 23:09 - 2014-08-18 00:35 - 00000000 ___HD () C:\Program Files (x86)\DrFoneAndroid_Temp
2014-08-17 23:09 - 2014-08-18 00:04 - 00000000 ____D () C:\Users\alli91\.android
2014-08-17 23:09 - 2014-08-18 00:04 - 00000000 ____D () C:\Program Files\Wondershare
2014-08-17 23:09 - 2014-08-17 23:09 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\Wondershare
2014-08-17 23:01 - 2014-08-17 23:09 - 00000000 ____D () C:\Users\Public\Documents\Wondershare
2014-08-17 23:00 - 2014-08-17 23:01 - 00831048 _____ (Wondershare) C:\Users\alli91\Downloads\drfone-for-android_setup_full1561.exe
2014-08-17 22:47 - 2014-08-17 22:48 - 01035152 _____ () C:\Users\alli91\Downloads\Recuva-lnstall.exe
2014-08-17 22:41 - 2014-08-17 22:42 - 03901296 _____ (Wondershare Software ) C:\Users\alli91\Downloads\photo-recovery_full729.exe
2014-08-17 22:31 - 2014-08-17 22:31 - 00001177 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-17 22:31 - 2014-08-17 22:31 - 00001165 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-17 22:31 - 2014-08-17 22:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-17 22:20 - 2014-08-17 22:21 - 00244408 _____ () C:\Users\alli91\Downloads\Firefox Setup Stub 31.0.exe
2014-08-17 19:22 - 2014-07-12 06:17 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-08-11 23:40 - 2014-08-11 23:40 - 00611648 _____ () C:\Users\alli91\Downloads\misfits-episode-5-4-eng-5272123.exe
2014-08-04 23:51 - 2014-08-04 23:51 - 00000000 ____D () C:\Users\alli91\Desktop\WOODKID
2014-08-04 23:51 - 2014-08-04 23:51 - 00000000 ____D () C:\Users\alli91\Desktop\QUEENS OF THE STONE AGE
2014-08-04 23:51 - 2014-08-04 23:51 - 00000000 ____D () C:\Users\alli91\Desktop\PRINZ PI
2014-08-04 23:51 - 2014-08-04 23:51 - 00000000 ____D () C:\Users\alli91\Desktop\MATERIA
2014-08-04 23:51 - 2014-08-04 23:51 - 00000000 ____D () C:\Users\alli91\Desktop\BABYSHAMBLES
2014-08-02 11:54 - 2014-08-02 11:54 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\MusicBrainz
2014-08-02 11:54 - 2014-08-02 11:54 - 00000000 ____D () C:\Users\alli91\AppData\Local\cache
2014-08-02 11:31 - 2014-08-02 11:31 - 00001189 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBrainz Picard.lnk
2014-08-02 11:31 - 2014-08-02 11:31 - 00000000 ____D () C:\Program Files (x86)\MusicBrainz Picard
2014-08-02 11:28 - 2014-08-02 11:29 - 08790287 _____ (MusicBrainz) C:\Users\alli91\Downloads\picard-setup-1.2.exe
2014-08-02 11:27 - 2014-08-02 11:27 - 00000011 ____R () C:\WINDOWS\amunres.lsl
2014-08-02 11:25 - 2014-08-02 11:25 - 00000000 ____D () C:\Program Files (x86)\Company Name
2014-08-02 11:24 - 2014-08-17 15:35 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\NetController
2014-08-02 11:24 - 2014-08-02 11:24 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\Company Name
2014-08-02 11:24 - 2014-08-02 11:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software
2014-08-02 11:23 - 2014-08-02 11:24 - 02207320 _____ (Company Name) C:\Users\alli91\Downloads\tunatic.exe
2014-08-02 10:53 - 2014-08-03 14:06 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\Mp3tag
2014-08-02 10:53 - 2014-08-02 10:53 - 00000997 _____ () C:\Users\Public\Desktop\Mp3tag.lnk
2014-08-02 10:53 - 2014-08-02 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2014-08-02 10:53 - 2014-08-02 10:53 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-08-02 10:52 - 2014-08-02 10:52 - 02672432 _____ () C:\Users\alli91\Downloads\mp3tagv261asetup.exe
2014-08-02 10:11 - 2014-08-02 10:53 - 00000000 ____D () C:\Program Files (x86)\The GodFather
2014-08-02 10:11 - 2014-08-02 10:11 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The GodFather
2014-08-01 22:53 - 2014-08-01 23:44 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\MediaMonkey
2014-08-01 22:53 - 2014-08-01 22:53 - 00000000 ____D () C:\Users\alli91\AppData\Local\MediaMonkey
2014-07-26 12:24 - 2014-07-26 12:24 - 00000000 ____D () C:\Users\alli91\Desktop\PLACEBO
2014-07-26 12:24 - 2014-07-26 12:24 - 00000000 ____D () C:\Users\alli91\Desktop\MACKLEMORE & RYAN LEWIS
2014-07-24 15:02 - 2014-07-24 15:05 - 00000000 ____D () C:\Users\alli91\Desktop\sadhjk
2014-07-23 21:09 - 2014-08-18 17:09 - 00002197 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-23 21:09 - 2014-07-23 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-23 20:47 - 2014-07-23 20:47 - 00000000 __SHD () C:\Users\alli91\AppData\Local\EmieUserList
2014-07-23 20:47 - 2014-07-23 20:47 - 00000000 __SHD () C:\Users\alli91\AppData\Local\EmieSiteList
2014-07-22 19:41 - 2014-07-23 21:38 - 00000000 ____D () C:\Users\alli91\Desktop\fq
2014-07-22 19:15 - 2014-07-22 19:15 - 00000000 ____D () C:\Users\alli91\Documents\OneNote-Notizbücher

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-19 11:55 - 2014-08-18 19:43 - 00015336 _____ () C:\Users\alli91\Desktop\FRST.txt
2014-08-19 11:55 - 2014-08-18 00:21 - 00000000 ____D () C:\FRST
2014-08-19 11:54 - 2014-03-24 12:45 - 01862149 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-19 11:52 - 2014-03-27 17:32 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FB5D5EC8-F036-4D33-8196-1BB09D104316}
2014-08-18 23:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-18 19:51 - 2013-05-23 16:31 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4101950777-2565436670-2892430230-1001
2014-08-18 19:47 - 2013-09-02 20:30 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-18 19:46 - 2013-08-28 21:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-18 19:46 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-08-18 19:45 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-08-18 19:44 - 2014-08-18 19:44 - 00030514 _____ () C:\Users\alli91\Desktop\Addition.txt
2014-08-18 19:44 - 2013-07-22 21:03 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-08-18 19:42 - 2013-05-29 18:58 - 99218768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-08-18 17:09 - 2014-07-23 21:09 - 00002197 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-18 17:09 - 2014-04-23 22:22 - 00001122 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-18 16:17 - 2014-08-18 16:17 - 00000615 _____ () C:\Users\alli91\Desktop\JRT.txt
2014-08-18 13:33 - 2014-08-18 00:22 - 00030474 _____ () C:\Users\alli91\Downloads\Addition.txt
2014-08-18 13:33 - 2014-08-18 00:21 - 00034984 _____ () C:\Users\alli91\Downloads\FRST.txt
2014-08-18 13:32 - 2014-05-22 08:53 - 00000580 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4101950777-2565436670-2892430230-1001.job
2014-08-18 13:20 - 2013-11-14 09:27 - 01980934 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-08-18 13:20 - 2013-11-14 09:11 - 00842568 _____ () C:\WINDOWS\system32\perfh007.dat
2014-08-18 13:20 - 2013-11-14 09:11 - 00191764 _____ () C:\WINDOWS\system32\perfc007.dat
2014-08-18 13:15 - 2014-08-18 13:15 - 01016261 _____ (Thisisu) C:\Users\alli91\Downloads\JRT.exe
2014-08-18 13:11 - 2014-08-18 13:08 - 00000000 ____D () C:\AdwCleaner
2014-08-18 13:11 - 2014-04-23 22:22 - 00001118 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-18 13:11 - 2013-11-14 00:18 - 00755824 _____ () C:\WINDOWS\PFRO.log
2014-08-18 13:11 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-18 13:11 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-18 13:07 - 2014-08-18 13:07 - 01361671 _____ () C:\Users\alli91\Downloads\adwcleaner_3.307.exe
2014-08-18 13:02 - 2013-10-03 14:31 - 00003164 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForalli91
2014-08-18 13:02 - 2013-10-03 14:31 - 00000348 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForalli91.job
2014-08-18 13:00 - 2012-10-04 15:41 - 00000000 ____D () C:\ProgramData\Norton
2014-08-18 12:57 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-08-18 12:57 - 2012-07-26 10:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-08-18 10:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-08-18 00:35 - 2014-08-17 23:09 - 00000000 ___HD () C:\Program Files (x86)\DrFoneAndroid_Temp
2014-08-18 00:20 - 2014-08-18 00:20 - 02101760 _____ (Farbar) C:\Users\alli91\Desktop\FRST64.exe
2014-08-18 00:04 - 2014-08-17 23:09 - 00000000 ____D () C:\Users\alli91\.android
2014-08-18 00:04 - 2014-08-17 23:09 - 00000000 ____D () C:\Program Files\Wondershare
2014-08-17 23:17 - 2014-08-17 23:17 - 00000000 __SHD () C:\DrFoneCache
2014-08-17 23:12 - 2014-08-17 23:12 - 01002728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinUSBCoInstaller2.dll
2014-08-17 23:12 - 2013-08-22 16:46 - 00303419 _____ () C:\WINDOWS\setupact.log
2014-08-17 23:10 - 2014-08-17 23:10 - 00000000 ____D () C:\Users\alli91\AppData\Local\Wondershare
2014-08-17 23:09 - 2014-08-17 23:09 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\Wondershare
2014-08-17 23:09 - 2014-08-17 23:01 - 00000000 ____D () C:\Users\Public\Documents\Wondershare
2014-08-17 23:09 - 2014-03-24 12:31 - 00000000 ____D () C:\Users\alli91
2014-08-17 23:01 - 2014-08-17 23:00 - 00831048 _____ (Wondershare) C:\Users\alli91\Downloads\drfone-for-android_setup_full1561.exe
2014-08-17 22:48 - 2014-08-17 22:47 - 01035152 _____ () C:\Users\alli91\Downloads\Recuva-lnstall.exe
2014-08-17 22:46 - 2013-06-04 21:18 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\vlc
2014-08-17 22:42 - 2014-08-17 22:41 - 03901296 _____ (Wondershare Software ) C:\Users\alli91\Downloads\photo-recovery_full729.exe
2014-08-17 22:31 - 2014-08-17 22:31 - 00001177 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-17 22:31 - 2014-08-17 22:31 - 00001165 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-17 22:31 - 2014-08-17 22:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-17 22:31 - 2014-06-10 19:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-17 22:31 - 2013-08-28 19:57 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\Mozilla
2014-08-17 22:21 - 2014-08-17 22:20 - 00244408 _____ () C:\Users\alli91\Downloads\Firefox Setup Stub 31.0.exe
2014-08-17 19:58 - 2013-08-12 22:09 - 00000000 ____D () C:\Users\alli91\.frostwire5
2014-08-17 15:35 - 2014-08-02 11:24 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\NetController
2014-08-13 00:52 - 2014-05-22 08:53 - 00003576 _____ () C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-4101950777-2565436670-2892430230-1001
2014-08-11 23:40 - 2014-08-11 23:40 - 00611648 _____ () C:\Users\alli91\Downloads\misfits-episode-5-4-eng-5272123.exe
2014-08-04 23:51 - 2014-08-04 23:51 - 00000000 ____D () C:\Users\alli91\Desktop\WOODKID
2014-08-04 23:51 - 2014-08-04 23:51 - 00000000 ____D () C:\Users\alli91\Desktop\QUEENS OF THE STONE AGE
2014-08-04 23:51 - 2014-08-04 23:51 - 00000000 ____D () C:\Users\alli91\Desktop\PRINZ PI
2014-08-04 23:51 - 2014-08-04 23:51 - 00000000 ____D () C:\Users\alli91\Desktop\MATERIA
2014-08-04 23:51 - 2014-08-04 23:51 - 00000000 ____D () C:\Users\alli91\Desktop\BABYSHAMBLES
2014-08-03 14:13 - 2013-12-12 23:33 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-08-03 14:06 - 2014-08-02 10:53 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\Mp3tag
2014-08-02 13:59 - 2014-03-23 19:46 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-02 11:54 - 2014-08-02 11:54 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\MusicBrainz
2014-08-02 11:54 - 2014-08-02 11:54 - 00000000 ____D () C:\Users\alli91\AppData\Local\cache
2014-08-02 11:31 - 2014-08-02 11:31 - 00001189 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBrainz Picard.lnk
2014-08-02 11:31 - 2014-08-02 11:31 - 00000000 ____D () C:\Program Files (x86)\MusicBrainz Picard
2014-08-02 11:29 - 2014-08-02 11:28 - 08790287 _____ (MusicBrainz) C:\Users\alli91\Downloads\picard-setup-1.2.exe
2014-08-02 11:27 - 2014-08-02 11:27 - 00000011 ____R () C:\WINDOWS\amunres.lsl
2014-08-02 11:25 - 2014-08-02 11:25 - 00000000 ____D () C:\Program Files (x86)\Company Name
2014-08-02 11:24 - 2014-08-02 11:24 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\Company Name
2014-08-02 11:24 - 2014-08-02 11:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software
2014-08-02 11:24 - 2014-08-02 11:23 - 02207320 _____ (Company Name) C:\Users\alli91\Downloads\tunatic.exe
2014-08-02 10:53 - 2014-08-02 10:53 - 00000997 _____ () C:\Users\Public\Desktop\Mp3tag.lnk
2014-08-02 10:53 - 2014-08-02 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2014-08-02 10:53 - 2014-08-02 10:53 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-08-02 10:53 - 2014-08-02 10:11 - 00000000 ____D () C:\Program Files (x86)\The GodFather
2014-08-02 10:52 - 2014-08-02 10:52 - 02672432 _____ () C:\Users\alli91\Downloads\mp3tagv261asetup.exe
2014-08-02 10:11 - 2014-08-02 10:11 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The GodFather
2014-08-02 02:17 - 2013-08-22 17:38 - 00704480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-08-02 02:17 - 2013-08-22 17:38 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-01 23:44 - 2014-08-01 22:53 - 00000000 ____D () C:\Users\alli91\AppData\Roaming\MediaMonkey
2014-08-01 22:53 - 2014-08-01 22:53 - 00000000 ____D () C:\Users\alli91\AppData\Local\MediaMonkey
2014-07-31 09:04 - 2014-01-09 18:55 - 00000000 ____D () C:\ProgramData\f34f8b866376c5
2014-07-26 12:24 - 2014-07-26 12:24 - 00000000 ____D () C:\Users\alli91\Desktop\PLACEBO
2014-07-26 12:24 - 2014-07-26 12:24 - 00000000 ____D () C:\Users\alli91\Desktop\MACKLEMORE & RYAN LEWIS
2014-07-24 15:05 - 2014-07-24 15:02 - 00000000 ____D () C:\Users\alli91\Desktop\sadhjk
2014-07-23 21:38 - 2014-07-22 19:41 - 00000000 ____D () C:\Users\alli91\Desktop\fq
2014-07-23 21:09 - 2014-07-23 21:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-23 21:08 - 2013-05-23 18:19 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-23 21:02 - 2014-04-23 22:22 - 00004094 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-07-23 21:02 - 2014-04-23 22:22 - 00003858 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-07-23 20:47 - 2014-07-23 20:47 - 00000000 __SHD () C:\Users\alli91\AppData\Local\EmieUserList
2014-07-23 20:47 - 2014-07-23 20:47 - 00000000 __SHD () C:\Users\alli91\AppData\Local\EmieSiteList
2014-07-22 19:15 - 2014-07-22 19:15 - 00000000 ____D () C:\Users\alli91\Documents\OneNote-Notizbücher

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-18 13:39

==================== End Of Log ============================
         
--- --- ---

Alt 19.08.2014, 11:07   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner: Unterstrichene Wörter und Werbung - Standard

Trojaner: Unterstrichene Wörter und Werbung



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\ProgramData\TopApp soft
CHR DefaultSearchProvider: Trovi search
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.08.2014, 14:40   #15
Lischko
 
Trojaner: Unterstrichene Wörter und Werbung - Standard

Trojaner: Unterstrichene Wörter und Werbung



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-08-2014 01
Ran by alli91 at 2014-08-19 15:38:56 Run:2
Running from C:\Users\alli91\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\ProgramData\TopApp soft
CHR DefaultSearchProvider: Trovi search
*****************

"C:\ProgramData\TopApp soft" => File/Directory not found.
CHR DefaultSearchProvider: Trovi search ==> The Chrome "Settings" can be used to fix the entry.

==== End of Fixlog ====
         

Antwort

Themen zu Trojaner: Unterstrichene Wörter und Werbung
einiger, pup.optional.conduit.a, pup.optional.continuetosave.a, pup.optional.extutil.a, pup.optional.managera.a, pup.optional.searchprotect.a, trojaner-board, unterstrichene wörter, win32/adware.multiplug.ag, win32/adware.multiplug.bn, win32/adware.multiplug.r, win32/adware.multiplug.t, win32/adware.multiplug.y, win32/clientconnect.a, win32/conduit.searchprotect.h, win32/conduit.searchprotect.i, win32/installerex.m, win32/sprotector.d, win32/toolbar.babylon.i, win32/toolbar.conduit.r, win32/trojandownloader.agent.afd, win64/adware.multiplug.c, win64/adware.multiplug.d, win64/sprotector.a, win64/sprotector.b



Ähnliche Themen: Trojaner: Unterstrichene Wörter und Werbung


  1. Blau unterstrichene Wörter mit grünem Pfeil, die Werbung auslösen
    Plagegeister aller Art und deren Bekämpfung - 20.08.2015 (8)
  2. Blau unterstrichene Wörter mit Werbung erscheinen bei Firefox
    Log-Analyse und Auswertung - 09.01.2015 (15)
  3. Google Chrome, Mozilla, Virus oder Trojaner Fehlermeldung: Java Update erforderlich, Werbung, doppelt unterstrichene Wörter
    Plagegeister aller Art und deren Bekämpfung - 11.11.2014 (3)
  4. Blaue doppelt unterstrichene Wörter, Werbung (Firefox)
    Log-Analyse und Auswertung - 12.09.2014 (19)
  5. grüne unterstrichene wörter mit werbung bei firefox
    Log-Analyse und Auswertung - 05.07.2014 (3)
  6. blau unterstrichene wörter und werbung am rand des bildschirms
    Log-Analyse und Auswertung - 26.06.2014 (7)
  7. grün unterstrichene Wörter + Werbung trotz Adblocker
    Plagegeister aller Art und deren Bekämpfung - 26.05.2014 (17)
  8. Unterstrichene Wörter und nervige Werbung überall beim IE
    Plagegeister aller Art und deren Bekämpfung - 13.05.2014 (11)
  9. Windows 7-Chrome-blau unterstrichene Wörter WERBUNG!
    Plagegeister aller Art und deren Bekämpfung - 10.04.2014 (9)
  10. Doppelt unterstrichene Wörter mit Werbung bei Google Chrome
    Plagegeister aller Art und deren Bekämpfung - 17.03.2014 (22)
  11. Werbung im Browser; Unterstrichene Wörter mit Werbung; Taskleiste zeigt kurz ein Symbol
    Plagegeister aller Art und deren Bekämpfung - 17.03.2014 (4)
  12. Firefox Werbung am Rand und doppelt grün unterstrichene Wörter
    Log-Analyse und Auswertung - 03.03.2014 (3)
  13. Seit kurzem im Browser plötzlich Werbung und grün unterstrichene Wörter, die mit Popup-Werbung hinterlegt sind
    Log-Analyse und Auswertung - 13.12.2013 (7)
  14. unterstrichene Wörter leiten zu Werbung und PC sehr langsam
    Plagegeister aller Art und deren Bekämpfung - 04.12.2013 (7)
  15. Plötzlich vermehrt aufgetretene Werbung im Browser und unterstrichene Wörter
    Log-Analyse und Auswertung - 04.11.2013 (5)
  16. Internet Werbung und Unterstrichene Wörter
    Plagegeister aller Art und deren Bekämpfung - 12.09.2013 (12)
  17. Unterstrichene Wörter mit Werbung - Coupon
    Plagegeister aller Art und deren Bekämpfung - 31.07.2013 (13)

Zum Thema Trojaner: Unterstrichene Wörter und Werbung - Hallo liebes Trojaner-Board Team! Ich habe seit einiger Zeit einen Trojaner am PC, der sich jetzt immer mehr ausbreitet. Der Trojaner äußert sich durch unterstrichene Wörter und Werbung. Hab schon - Trojaner: Unterstrichene Wörter und Werbung...
Archiv
Du betrachtest: Trojaner: Unterstrichene Wörter und Werbung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.