Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2013.11.09.04
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16721
ADRI96 :: ADRIAN-PC [Administrator]
Schutz: Aktiviert
09.11.2013 14:15:47
mbam-log-2013-11-09 (14-15-47).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 274715
Laufzeit: 7 Minute(n), 34 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 13
HKCR\AppID\{38495740-0035-4471-851E-F5BBB86AB085} (PUP.Optional.DefaultTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73} (PUP.Optional.DefaultTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60} (PUP.Optional.DefaultTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A} (PUP.Optional.DefaultTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Distromatic\Toolbars (PUP.Optional.AlexaTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\qone8Software (PUP.Optional.Qone8.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo (PUP.Optional.Elex.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Registrierungswerte: 1
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {C8A6F077-4C83-43EB-957B-90C78DFFEF40} -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Dateiobjekte der Registrierung: 5
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (Hijack.StartPage) -> Bösartig: (hxxp://start.qone8.com/?type=hp&ts=1383505000&from=amt&uid=_AXXXXUXXXrXXXUXuXX) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (PUP.Optional.Qone8) -> Bösartig: (C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://start.qone8.com/?type=sc&ts=1383505000&from=amt&uid=_AXXXXUXXXrXXXUXuXX) Gut: (iexplore.exe) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Page_URL (Hijack.StartPage) -> Bösartig: (hxxp://start.qone8.com/?type=hp&ts=1383505000&from=amt&uid=_AXXXXUXXXrXXXUXuXX) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://start.qone8.com/?type=hp&ts=1383505000&from=amt&uid=_AXXXXUXXXrXXXUXuXX) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Bösartig: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> Erfolgreich ersetzt und in Quarantäne gestellt.
Infizierte Verzeichnisse: 1
C:\ProgramData\ShoppingChip (PUP.Optional.MultiPlug.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Dateien: 3
C:\Users\ADRI96\AppData\Local\Temp\18be6784_.exe (PUP.Optional.Searchprotect) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\ADRI96\AppData\Local\Temp\294823_.exe (PUP.Optional.BundleLoader.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\ADRI96\AppData\Local\Temp\sctmp.exe (PUP.Optional.MultiPlug) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
AdwCleaner Logfile:
Code:
# AdwCleaner v3.011 - Bericht erstellt am 09/11/2013 um 14:36:11
# Updated 03/11/2013 von Xplode
# Betriebssystem : Windows 8 Pro (64 bits)
# Benutzername : ADRI96 - ADRIAN-PC
# Gestartet von : C:\Users\ADRI96\Downloads\adwcleaner.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\ADRI96\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_f.dealply.com_0.localstorage
Datei Gefunden : C:\Users\ADRI96\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_f.dealply.com_0.localstorage-journal
Datei Gefunden : C:\Users\ADRI96\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_sb.scorecardresearch.com_0.localstorage
Datei Gefunden : C:\Users\ADRI96\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_sb.scorecardresearch.com_0.localstorage-journal
Datei Gefunden : C:\Users\ADRI96\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage
Datei Gefunden : C:\Users\ADRI96\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal
Datei Gefunden : C:\Users\ADRI96\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
Datei Gefunden : C:\Users\ADRI96\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.softonic.de_0.localstorage
Datei Gefunden : C:\Users\ADRI96\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.softonic.de_0.localstorage-journal
Datei Gefunden : C:\WINDOWS\System32\Tasks\Funmoods
Datei Gefunden : C:\WINDOWS\System32\Tasks\GoforFilesUpdate
Datei Gefunden : C:\WINDOWS\System32\Tasks\LaunchApp
Ordner Gefunden : C:\Users\ADRI96\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
Ordner Gefunden : C:\Users\ADRI96\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Ordner Gefunden : C:\Users\ADRI96\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgojaaaiddhmiiakpejiklijbalpckih
Ordner Gefunden : C:\Users\ADRI96\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Ordner Gefunden : C:\Users\ADRI96\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof
Ordner Gefunden : C:\Users\ADRI96\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Ordner Gefunden C:\Program Files (x86)\openit
Ordner Gefunden C:\Program Files (x86)\simplitec
Ordner Gefunden C:\Program Files (x86)\WinZipper
Ordner Gefunden C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simplitec
Ordner Gefunden C:\ProgramData\simplitec
Ordner Gefunden C:\ProgramData\StarApp
Ordner Gefunden C:\Users\ADRI96\AppData\Roaming\EZDownloader
Ordner Gefunden C:\Users\ADRI96\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch
Ordner Gefunden C:\Users\ADRI96\AppData\Roaming\simplitec
Ordner Gefunden C:\Users\ADRI96\AppData\Roaming\WinZipper
***** [ Verknüpfungen ] *****
Verknüpfung Gefunden : C:\Users\ADRI96\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://start.qone8.com/?type=sc&ts=1383505000&from=amt&uid=_AXXXXUXXXrXXXUXuXX )
Verknüpfung Gefunden : C:\Users\ADRI96\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk ( hxxp://start.qone8.com/?type=sc&ts=1383505000&from=amt&uid=_AXXXXUXXXrXXXUXuXX )
Verknüpfung Gefunden : C:\Users\ADRI96\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://start.qone8.com/?type=sc&ts=1383505000&from=amt&uid=_AXXXXUXXXrXXXUXuXX )
Verknüpfung Gefunden : C:\Users\ADRI96\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk ( hxxp://start.qone8.com/?type=sc&ts=1383505000&from=amt&uid=_AXXXXUXXXrXXXUXuXX )
Verknüpfung Gefunden : C:\Users\ADRI96\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk ( hxxp://start.qone8.com/?type=sc&ts=1383505000&from=amt&uid=_AXXXXUXXXrXXXUXuXX )
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\APN PIP
Schlüssel Gefunden : HKCU\Software\Blabbers
Schlüssel Gefunden : HKCU\Software\lollipop
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
Schlüssel Gefunden : [x64] HKCU\Software\APN PIP
Schlüssel Gefunden : [x64] HKCU\Software\Blabbers
Schlüssel Gefunden : [x64] HKCU\Software\lollipop
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\FTDownloader
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2856449
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT3214568
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{E1EF512D-604D-4776-AF11-410704DA1911}
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\hgojaaaiddhmiiakpejiklijbalpckih
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\FTDownloader_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\FTDownloader_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!
Schlüssel Gefunden : HKLM\Software\PIP
Schlüssel Gefunden : HKLM\Software\torch
Schlüssel Gefunden : HKLM\Software\Uniblue\DriverScanner
Schlüssel Gefunden : HKLM\Software\winzipersvc
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{7DDBC31B-22BD-4BBD-9F65-E8623814F3BB}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16537
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://start.qone8.com/web/?type=ds&ts=1383505000&from=amt&uid=_AXXXXUXXXrXXXUXuXX&q={searchTerms}
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://start.qone8.com/web/?type=ds&ts=1383505000&from=amt&uid=_AXXXXUXXXrXXXUXuXX&q={searchTerms}
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://start.qone8.com/web/?type=ds&ts=1383505000&from=amt&uid=_AXXXXUXXXrXXXUXuXX&q={searchTerms}
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://start.qone8.com/web/?type=ds&ts=1383505000&from=amt&uid=_AXXXXUXXXrXXXUXuXX&q={searchTerms}
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://start.qone8.com/web/?type=ds&ts=1383505000&from=amt&uid=_AXXXXUXXXrXXXUXuXX&q={searchTerms}
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://start.qone8.com/web/?type=ds&ts=1383505000&from=amt&uid=_AXXXXUXXXrXXXUXuXX&q={searchTerms}
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://start.qone8.com/?type=hp&ts=1383505000&from=amt&uid=_AXXXXUXXXrXXXUXuXX
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.qone8.com/?type=hp&ts=1383505000&from=amt&uid=_AXXXXUXXXrXXXUXuXX
-\\ Mozilla Firefox v
-\\ Google Chrome v
[ Datei : C:\Users\ADRI96\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [37606 octets] - [24/08/2013 14:00:59]
AdwCleaner[R1].txt - [12731 octets] - [09/11/2013 14:36:11]
AdwCleaner[S0].txt - [31835 octets] - [24/08/2013 14:02:19]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [12853 octets] ##########
--- --- ---
[CODE]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 8 Pro x64
Ran by ADRI96 on 09.11.2013 at 14:41:57,47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Failed to delete: [File] C:\WINDOWS\Tasks\registrybooster.job
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{03B30309-535E-419A-AB41-3509D4A31C2A}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{048F4B2C-0C25-41A2-9533-4DBBC4735954}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{05D64CA7-64F7-4CA8-B00A-0B87785F475F}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{07D9A378-A686-44ED-AA55-7D97F1FF5063}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{0C881746-FA9E-49EB-A9CA-C946D502CB80}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{0D60D5E8-118E-4484-9263-BA890D08845B}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{0DB1BBB8-3121-4F7D-AA62-A9C08A092ECE}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{0E894B3C-F387-4DC9-9E9D-FF500FA0EE36}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{0FD189D6-CABD-4FC3-9FC3-79FDA09AB0DC}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{123B10C8-0593-4DC7-B14E-587E5254DED0}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{13D7F1F1-B0D6-4CD9-862D-497BCAA801B1}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{1807C4EC-E33E-489F-96BE-CD0FEAF41AE5}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{18E9660F-BBCF-4358-A580-B8EFFE5CAD22}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{18ECD89B-8D40-422F-A031-0252A7FFBEDC}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{22D261A5-0229-4403-AD2D-720206333984}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{232054C8-3EB2-457E-ADFE-489487DBE08B}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{27EC1AB0-B1CD-4A8D-B590-199D62150651}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{28EFC15E-5B1E-4ADA-B779-861585692D36}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{2962DAC7-1E6F-46DC-8E46-1A5BA38F67F2}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{2A0DF440-4A4F-4584-A7CA-4522D243C7E5}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{2A5ABBF3-8F45-48EA-8A57-8933987B1B21}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{2AAF1580-B140-48C3-8640-C1CE0E41B022}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{2FA81355-189A-4290-BF84-85A1600AB5D7}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{33942429-0261-4105-8F19-0B00B24FC014}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{33DC494A-CBF9-4D31-9DF3-7A03E6665851}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{34F90A74-A764-4E4C-B468-1733D0494625}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{3528AE37-E5EA-4A2A-82BD-0EC797EE2AFB}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{398AC144-5411-4902-8A6D-6C76BD686BCE}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{3E4ABCCE-A173-413C-9F6E-E6EB739D08F7}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{42317282-6988-42B0-BF7C-6CD02C46869A}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{48144814-1A22-4836-BC02-043705BA16C4}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{500C22AD-7C00-47C7-9E4C-EA98F333A46B}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{53F2FC72-21D5-4477-B443-52E72372513E}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{5AD5413A-9A4F-4336-A93B-E85525672469}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{5B790B41-8B7F-42DD-BD4D-9960238380B0}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{5BAB3703-D1F0-497C-822E-DA213F5C0E5D}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{5CA3CB2C-C2C2-40B6-956B-D7DFD5F19B35}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{5DAA8A68-318C-4514-8250-79FBCAAE1BC9}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{606547B0-3020-4B7B-9A60-6435D3AC89B1}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{697C86AA-64F2-4EA3-A6E0-A29947D50622}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{6E094310-082B-4689-8969-56BCA9263B26}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{71DA4A3A-742D-46F6-93E6-BFC5B3C60658}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{72E4C4D7-3817-495F-9F25-CF6E269D99A5}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{7BAC601A-69A2-4FA8-BA45-8C8EF3C60F53}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{83FEED25-7B48-4FAE-BA1E-0EC214B1FFF5}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{866DD0C8-9A8F-4931-9B1B-B0B49A6978FE}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{870EE818-17E2-4D3C-A338-18F779F49E4B}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{8856F955-A6DA-443A-84FB-766D6AF94C80}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{899A8B06-504A-47B3-9C77-2A03E8D84C74}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{89B7264B-8E77-4EC6-BEF8-4E1FCDAB74A8}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{8E53F3E5-E2D5-41BF-B44F-23332AA274BA}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{92CD4895-52DC-459A-B276-C109E69067C1}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{95211ED4-1A6A-43A9-8EEE-47D74788B8E1}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{A77C1FAF-E07A-4C7E-8652-9C3E7DBAA6DC}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{A866BA76-6559-46F6-8FC4-372198F46233}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{A8954A9C-253C-432D-97A4-0AE2A0180010}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{A8B403BB-464D-482E-8533-8FB735F5A601}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{B93B9B01-3DDA-4B7D-AB3A-0F78F42866DA}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{BAC5D9D1-CC69-4F29-B44F-171EF6624BF6}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{BAD0018D-7448-4AFA-A0D7-A2077095C924}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{BBA75A21-36C5-488C-8704-4AC1B51147B7}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{C0BE01C0-18EC-42F1-81EA-6C86C3EACF99}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{C1FC5424-256D-405F-B692-E2A5C6E0D6F5}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{CA1D0577-8F92-4EEF-8506-601BC796C90C}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{CE7CD786-55B9-46EF-9356-D7E1B0FD2737}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{D0EAD0A5-E4EE-4F4E-8A37-0DFFFD38CD0F}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{D88294FF-A16B-4F33-9C22-D68D050C7476}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{E4A2ECFF-2561-4503-B2B1-FA8ED412282F}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{E9D9E9E0-6AF7-4077-944C-1164C863D510}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{EB28E5BB-98C6-4DC9-94FF-9FD7FC7A590D}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{EC09C6F2-7B30-4596-B24B-5F56EC7546CD}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{ED9498E4-1DC6-4A92-8C25-034D95FA8912}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{F16E3385-7494-49C1-AEC0-AC7CDC5F02CB}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{F1ED56AF-9AE9-47F9-9586-8169B5527E57}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{F504B5E8-899A-4C3C-8F54-B1AEA7376294}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{F5E5FE56-E476-429C-B815-FC8F6134CC73}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{F912BB12-D75F-426C-AB92-54CF9388BAA7}
Successfully deleted: [Empty Folder] C:\Users\ADRI96\appdata\local\{FED468DF-2FE8-4662-8152-86D2127EAD09}
~~~ Chrome
Successfully deleted: [Folder] C:\Users\ADRI96\appdata\local\Google\Chrome\User Data\Default\Extensions\hgojaaaiddhmiiakpejiklijbalpckih
Successfully deleted: [Folder] C:\Users\ADRI96\appdata\local\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.11.2013 at 14:45:34,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by ADRI96 (administrator) on ADRIAN-PC on 09-11-2013 14:47:57
Running from C:\Users\ADRI96\Downloads
Windows 8 Pro (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(hxxp://SpottyFiles.com) C:\Program Files (x86)\SpottyFiles\SpottyFilesUpdater.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Users\ADRI96\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Google Inc.) C:\Users\ADRI96\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ADRI96\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ADRI96\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ADRI96\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\NOTEPAD.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8158240 2009-10-07] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_EptMon] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
HKLM\...\Run: [RunDLLEntry_THXCfg] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [SpywareTerminatorShield] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM\...\Run: [SpywareTerminatorUpdater] - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
HKCU\...\Run: [Google Update] - C:\Users\ADRI96\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-11] (Google Inc.)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\ADRI96\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1193176 2012-10-14] ()
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-07-13] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()
HKLM-x32\...\Run: [DellSupportCenter] - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [ROC_roc_dec12] - "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
HKLM-x32\...\Run: [UpdReg] - C:\Windows\Updreg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [TvApp] - "C:\Program Files (x86)\TvApp\TvApp.exe" nogui
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKU\Adrian\...\Run: [Google Update] - C:\Users\Adrian\AppData\Local\Google\Update\GoogleUpdate.exe [135664 2010-03-05] (Google Inc.)
HKU\Adrian\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516096 2012-07-26] (Microsoft Corporation)
HKU\Adrian\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Adrian\...\Policies\system: [LogonHoursAction] 2
HKU\Gast\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKU\Gast\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516096 2012-07-26] (Microsoft Corporation)
AppInit_DLLs: [0 ] ()
Startup: C:\Users\ADRI96\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
==================== Internet (Whitelisted) ====================
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
Toolbar: HKCU - No Name - {5B291E6C-9A74-4034-971B-A4B007A0B315} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\ADRI96\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\ADRI96\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Extension: ftdownloader3 - C:\Users\ADRI96\AppData\Roaming\Mozilla\Firefox\profiles\extensions\ftdownloader3@ftdownloader.com.xpi
FF Extension: gophoto - C:\Users\ADRI96\AppData\Roaming\Mozilla\Firefox\profiles\extensions\gophoto@gophoto.it.xpi
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\
Chrome:
=======
CHR HomePage: https://www.google.de/
CHR Plugin: (Shockwave Flash) - C:\Users\ADRI96\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\ADRI96\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\ADRI96\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Java Deployment Toolkit 6.0.140.8) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U14) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\ADRI96\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (Browse2save) - C:\Users\ADRI96\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjdccpmnodiocgnioelanlgapnipliao\1
CHR Extension: (KeyDownload) - C:\Users\ADRI96\AppData\Local\Google\Chrome\User Data\Default\Extensions\eodkncoddaagiibpdlfepebiggiijkbe\1.0_2
CHR Extension: (Browse2save) - C:\Users\ADRI96\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkichpcjlodlilglbpcpnoonomnbacpa\1
CHR Extension: (Eminem theme by toxic) - C:\Users\ADRI96\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnajjggmpaamnobamgdhimkmmhadcdap\1.2_0
CHR Extension: (Browse2save) - C:\Users\ADRI96\AppData\Local\Google\Chrome\User Data\Default\Extensions\lenlkpbdobgkpiacjcgedgipoeobcale\1
CHR Extension: (MagniPic) - C:\Users\ADRI96\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcjmhinekbhbhbnjkponkhdcnlakamc\1
CHR Extension: (Chrome In-App Payments service) - C:\Users\ADRI96\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [ccbgjfdieajmokelnlapbedknchgenne] - C:\Users\ADRI96\AppData\Local\CRE\ccbgjfdieajmokelnlapbedknchgenne.crx
CHR HKLM-x32\...\Chrome\Extension: [kgficikadnmmefckdecajlmffkbagomp] - C:\Users\ADRI96\AppData\Local\CRE\kgficikadnmmefckdecajlmffkbagomp.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
==================== Services (Whitelisted) =================
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [96768 2012-06-18] (Freemake)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [74880 2010-02-14] (Avira GmbH)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [104960 2012-07-07] (ASIX Electronics Corp.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
U3 idsvc;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-09 14:47 - 2013-11-09 14:47 - 01957098 _____ (Farbar) C:\Users\ADRI96\Downloads\FRST64.exe
2013-11-09 14:45 - 2013-11-09 14:45 - 00009326 _____ C:\Users\ADRI96\Desktop\JRT.txt
2013-11-09 14:41 - 2013-11-09 14:41 - 01034531 _____ (Thisisu) C:\Users\ADRI96\Downloads\JRT (1).exe
2013-11-09 14:35 - 2013-11-09 14:36 - 01073262 _____ C:\Users\ADRI96\Downloads\adwcleaner.exe
2013-11-09 14:18 - 2013-11-09 14:18 - 00000000 ____D C:\WINDOWS\ERUNT
2013-11-09 14:17 - 2013-11-09 14:17 - 01034531 _____ (Thisisu) C:\Users\ADRI96\Downloads\JRT.exe
2013-11-09 14:13 - 2013-11-09 14:13 - 00000000 ____D C:\Users\ADRI96\AppData\Roaming\Malwarebytes
2013-11-09 14:13 - 2013-11-09 14:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-09 14:13 - 2013-11-09 14:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-09 14:13 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-11-07 20:43 - 2013-11-07 20:43 - 00000000 _____ C:\autoexec.bat
2013-11-07 20:42 - 2013-11-07 20:42 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-11-07 20:41 - 2013-11-07 22:49 - 00000000 ____D C:\WINDOWS\72AAF4551E54475BB0AB5413C78D0E63.TMP
2013-11-07 20:31 - 2013-11-07 20:31 - 00034488 _____ C:\Users\ADRI96\Downloads\Addition.txt
2013-11-07 20:28 - 2013-11-07 20:28 - 00000000 ____D C:\FRST
2013-11-05 21:36 - 2013-11-05 21:47 - 00000000 ____D C:\Users\ADRI96\AppData\Roaming\PhotoScape
2013-11-05 21:36 - 2013-11-05 21:36 - 00000000 ____D C:\Program Files (x86)\PhotoScape
2013-11-05 21:29 - 2013-11-05 21:29 - 00000000 ____D C:\Users\ADRI96\Documents\MAGIX
2013-11-05 21:29 - 2013-11-05 21:29 - 00000000 ____D C:\Users\ADRI96\AppData\Roaming\MAGIX
2013-11-05 21:29 - 2013-11-05 21:29 - 00000000 ____D C:\Users\ADRI96\AppData\Local\MAGIX
2013-11-05 21:29 - 2013-11-05 21:29 - 00000000 ____D C:\ProgramData\MAGIX
2013-11-05 21:29 - 2013-11-05 21:29 - 00000000 ____D C:\Program Files (x86)\MAGIX
2013-11-04 09:55 - 2013-11-08 18:32 - 00000000 ____D C:\Users\ADRI96\Downloads\Saturday.Night.Live.S39E05.Kerry.Washington-Eminem.HDTV.x264-2HD[rarbg]
2013-11-03 21:33 - 2013-11-03 21:33 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\stflt.sys
2013-11-03 20:40 - 2013-11-08 18:30 - 00000000 ____D C:\Users\ADRI96\Downloads\How.to.Make.Money.Selling.Drugs.2012.1080p.BluRay.x264-LOUNGE [PublicHD]
2013-11-03 19:56 - 2013-11-03 21:19 - 00000000 ____D C:\ProgramData\436e6ce759bac406
2013-11-03 19:56 - 2013-11-03 21:19 - 00000000 ____D C:\Program Files (x86)\ShoppingChip
2013-11-01 10:22 - 2013-11-01 10:22 - 00398224 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-25 13:52 - 2013-11-08 18:32 - 00000000 ____D C:\Users\ADRI96\Downloads\VA-Death Row Records-The Singles
2013-10-25 13:32 - 2013-10-25 13:32 - 00000000 ____D C:\Users\ADRI96\Downloads\Death Row Records
2013-10-22 20:48 - 2013-10-22 20:48 - 00000000 ____D C:\Users\ADRI96\Downloads\Jay-Z - The Blueprint² The Gift & the Curse (2002)
2013-10-20 17:53 - 2013-10-20 18:22 - 00000000 ____D C:\Users\ADRI96\AppData\Roaming\Fox Dgital Copy
2013-10-20 17:48 - 2013-10-20 17:48 - 00000000 ____D C:\Users\ADRI96\AppData\Roaming\WindSolutions
2013-10-20 17:48 - 2013-10-20 17:48 - 00000000 ____D C:\ProgramData\WindSolutions
2013-10-14 09:51 - 2013-10-20 20:38 - 00000000 ____D C:\Users\ADRI96\Downloads\Instrumental Pack
2013-10-13 16:43 - 2013-08-10 06:21 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2013-10-13 16:43 - 2013-08-10 06:21 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncInfo.dll
2013-10-13 16:43 - 2013-08-10 04:58 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2013-10-13 16:43 - 2013-08-03 07:40 - 01374208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2013-10-13 16:43 - 2013-08-03 07:40 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wvc.dll
2013-10-13 16:43 - 2013-08-03 07:40 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmon.ocx
2013-10-13 16:43 - 2013-08-03 06:14 - 00399360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sysmon.ocx
2013-10-13 16:43 - 2013-08-03 06:13 - 01245696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2013-10-13 16:43 - 2013-08-03 06:13 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wvc.dll
2013-10-13 16:43 - 2013-08-02 07:28 - 19758080 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2013-10-13 16:43 - 2013-08-02 07:28 - 10116608 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-10-13 16:43 - 2013-08-02 07:28 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2013-10-13 16:43 - 2013-08-02 07:26 - 02304512 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2013-10-13 16:43 - 2013-08-02 06:08 - 17561088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2013-10-13 16:43 - 2013-08-02 06:08 - 08858112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2013-10-13 16:43 - 2013-08-02 06:08 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2013-10-13 16:43 - 2013-08-02 06:06 - 02035712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2013-10-13 16:43 - 2013-08-01 11:41 - 02233688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2013-10-13 16:43 - 2013-07-31 00:30 - 00386923 _____ C:\WINDOWS\system32\ApnDatabase.xml
2013-10-13 16:43 - 2013-07-25 00:10 - 00158208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2013-10-13 16:43 - 2013-07-25 00:06 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2013-10-13 16:43 - 2013-07-13 07:15 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgr.dll
2013-10-13 16:43 - 2013-07-13 05:23 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgr.dll
2013-10-13 16:43 - 2013-04-10 00:17 - 01125888 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2013-10-13 16:43 - 2013-04-09 23:29 - 00893952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2013-10-11 13:40 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-10-11 13:40 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-10-11 13:40 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2013-10-11 13:40 - 2013-07-06 01:15 - 00652288 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2013-10-11 13:40 - 2013-07-04 03:13 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2013-10-11 13:40 - 2013-05-15 23:37 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2013-10-11 13:40 - 2013-05-15 23:35 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2013-10-11 13:40 - 2013-05-14 14:14 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2013-10-11 13:40 - 2013-05-14 10:23 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2013-10-11 13:40 - 2013-02-21 11:29 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2013-10-11 13:40 - 2013-02-21 11:29 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2013-10-11 13:40 - 2013-02-21 11:29 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2013-10-11 13:40 - 2013-02-19 10:53 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2013-10-11 13:39 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-10-11 13:39 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-10-11 13:39 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-10-11 13:39 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-10-11 13:39 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2013-10-11 13:39 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-10-11 13:39 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-10-11 13:39 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-10-11 13:39 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-10-11 13:39 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-10-11 13:39 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-10-11 13:39 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-10-11 13:39 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2013-10-11 13:39 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-10-11 13:39 - 2013-04-28 23:28 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2013-10-11 13:39 - 2013-02-21 11:29 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2013-10-11 13:39 - 2013-02-21 11:14 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2013-10-11 13:39 - 2013-02-21 11:14 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2013-10-11 13:39 - 2012-11-08 05:20 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2013-10-11 13:39 - 2012-11-08 05:20 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2013-10-11 13:38 - 2013-08-23 06:11 - 04040192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-10-11 13:38 - 2013-07-19 23:13 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 13:38 - 2013-07-19 23:13 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 13:38 - 2013-07-05 23:02 - 00121984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBAUDIO.sys
2013-10-11 13:38 - 2013-07-05 23:02 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbcir.sys
2013-10-11 13:38 - 2013-07-02 02:41 - 00447320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2013-10-11 13:38 - 2013-07-02 02:41 - 00337752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2013-10-11 13:38 - 2013-07-02 02:41 - 00213336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS
2013-10-11 13:38 - 2013-07-01 23:14 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbprint.sys
2013-10-11 13:38 - 2013-07-01 02:42 - 00623448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2013-10-11 13:38 - 2013-07-01 02:42 - 00498008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2013-10-11 13:38 - 2013-07-01 02:42 - 00079192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2013-10-11 13:38 - 2013-07-01 02:42 - 00021848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2013-10-11 13:38 - 2013-06-29 04:08 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2013-10-11 13:38 - 2013-06-29 04:07 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2013-10-11 13:38 - 2013-06-29 04:07 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2013-10-11 13:38 - 2013-06-29 04:06 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2013-10-11 13:38 - 2013-06-22 06:45 - 00785624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys
2013-10-11 13:38 - 2013-06-22 06:45 - 00054488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfLdr.sys
2013-10-11 13:38 - 2013-05-27 00:17 - 00035328 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2013-10-11 13:38 - 2013-05-26 23:59 - 00046080 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2013-10-11 13:38 - 2013-05-25 04:15 - 00362496 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2013-10-11 13:38 - 2013-05-25 03:32 - 00300032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2013-10-10 22:01 - 2013-10-12 13:25 - 00000000 ____D C:\Users\ADRI96\Downloads\LINKIN PARK FULL DISCOGRAPHY INC [THE CATALYST 2010 SINGLE]
2013-10-10 21:00 - 2012-08-21 12:01 - 00033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2013-10-10 20:59 - 2013-10-10 21:00 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-10 20:59 - 2013-10-10 21:00 - 00000000 ____D C:\Program Files\iTunes
2013-10-10 20:59 - 2013-10-10 20:59 - 00000000 ____D C:\Program Files\iPod
2013-10-10 20:58 - 2013-10-10 20:58 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-10-10 20:57 - 2013-10-10 20:57 - 00000000 ____D C:\Program Files\Bonjour
2013-10-10 20:57 - 2013-10-10 20:57 - 00000000 ____D C:\Program Files (x86)\Bonjour
==================== One Month Modified Files and Folders =======
2013-11-09 14:47 - 2013-11-09 14:47 - 01957098 _____ (Farbar) C:\Users\ADRI96\Downloads\FRST64.exe
2013-11-09 14:47 - 2012-11-03 22:16 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1417303628-3328293042-299085541-1006
2013-11-09 14:47 - 2011-12-11 15:03 - 00001124 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1417303628-3328293042-299085541-1006UA.job
2013-11-09 14:45 - 2013-11-09 14:45 - 00009326 _____ C:\Users\ADRI96\Desktop\JRT.txt
2013-11-09 14:41 - 2013-11-09 14:41 - 01034531 _____ (Thisisu) C:\Users\ADRI96\Downloads\JRT (1).exe
2013-11-09 14:39 - 2013-08-24 14:04 - 01812267 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-09 14:39 - 2010-07-18 05:26 - 00000346 _____ C:\WINDOWS\Tasks\RegistryBooster.job
2013-11-09 14:39 - 2010-04-27 13:36 - 00001106 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-09 14:38 - 2013-08-24 14:04 - 00071286 _____ C:\WINDOWS\setupact.log
2013-11-09 14:38 - 2012-07-26 08:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-11-09 14:37 - 2013-08-24 14:00 - 00000000 ____D C:\AdwCleaner
2013-11-09 14:37 - 2012-11-03 22:09 - 00000999 _____ C:\Users\ADRI96\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-09 14:37 - 2011-12-11 15:03 - 00000000 ____D C:\Users\ADRI96\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-11-09 14:36 - 2013-11-09 14:35 - 01073262 _____ C:\Users\ADRI96\Downloads\adwcleaner.exe
2013-11-09 14:30 - 2013-08-24 14:03 - 00003490 _____ C:\WINDOWS\PFRO.log
2013-11-09 14:30 - 2012-07-26 06:26 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2013-11-09 14:18 - 2013-11-09 14:18 - 00000000 ____D C:\WINDOWS\ERUNT
2013-11-09 14:17 - 2013-11-09 14:17 - 01034531 _____ (Thisisu) C:\Users\ADRI96\Downloads\JRT.exe
2013-11-09 14:14 - 2010-04-27 13:36 - 00001110 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-09 14:13 - 2013-11-09 14:13 - 00000000 ____D C:\Users\ADRI96\AppData\Roaming\Malwarebytes
2013-11-09 14:13 - 2013-11-09 14:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-09 14:13 - 2013-11-09 14:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-09 14:08 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\system32\sru
2013-11-08 23:59 - 2010-03-05 15:01 - 00001124 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1417303628-3328293042-299085541-1001UA.job
2013-11-08 21:47 - 2011-12-11 15:03 - 00001072 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1417303628-3328293042-299085541-1006Core.job
2013-11-08 18:34 - 2012-03-03 22:27 - 00000000 ____D C:\Users\ADRI96\AppData\Roaming\vlc
2013-11-08 18:32 - 2013-11-04 09:55 - 00000000 ____D C:\Users\ADRI96\Downloads\Saturday.Night.Live.S39E05.Kerry.Washington-Eminem.HDTV.x264-2HD[rarbg]
2013-11-08 18:32 - 2013-10-25 13:52 - 00000000 ____D C:\Users\ADRI96\Downloads\VA-Death Row Records-The Singles
2013-11-08 18:30 - 2013-11-03 20:40 - 00000000 ____D C:\Users\ADRI96\Downloads\How.to.Make.Money.Selling.Drugs.2012.1080p.BluRay.x264-LOUNGE [PublicHD]
2013-11-08 17:09 - 2012-11-04 20:15 - 63817728 ___SH C:\Users\ADRI96\Downloads\Thumbs.db
2013-11-08 16:59 - 2010-03-05 15:01 - 00001072 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1417303628-3328293042-299085541-1001Core.job
2013-11-08 16:43 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-11-07 22:49 - 2013-11-07 20:41 - 00000000 ____D C:\WINDOWS\72AAF4551E54475BB0AB5413C78D0E63.TMP
2013-11-07 20:43 - 2013-11-07 20:43 - 00000000 _____ C:\autoexec.bat
2013-11-07 20:42 - 2013-11-07 20:42 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-11-07 20:31 - 2013-11-07 20:31 - 00034488 _____ C:\Users\ADRI96\Downloads\Addition.txt
2013-11-07 20:28 - 2013-11-07 20:28 - 00000000 ____D C:\FRST
2013-11-05 21:47 - 2013-11-05 21:36 - 00000000 ____D C:\Users\ADRI96\AppData\Roaming\PhotoScape
2013-11-05 21:38 - 2011-12-11 15:03 - 00000000 ____D C:\Users\ADRI96\AppData\Local\Google
2013-11-05 21:38 - 2010-04-27 13:36 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-05 21:36 - 2013-11-05 21:36 - 00000000 ____D C:\Program Files (x86)\PhotoScape
2013-11-05 21:29 - 2013-11-05 21:29 - 00000000 ____D C:\Users\ADRI96\Documents\MAGIX
2013-11-05 21:29 - 2013-11-05 21:29 - 00000000 ____D C:\Users\ADRI96\AppData\Roaming\MAGIX
2013-11-05 21:29 - 2013-11-05 21:29 - 00000000 ____D C:\Users\ADRI96\AppData\Local\MAGIX
2013-11-05 21:29 - 2013-11-05 21:29 - 00000000 ____D C:\ProgramData\MAGIX
2013-11-05 21:29 - 2013-11-05 21:29 - 00000000 ____D C:\Program Files (x86)\MAGIX
2013-11-05 20:56 - 2012-01-02 14:52 - 00000000 ____D C:\Users\ADRI96\AppData\Local\Windows Live
2013-11-05 20:23 - 2012-11-07 17:18 - 53646512 _____ C:\Users\ADRI96\AppData\Local\rx_image32.Cache
2013-11-05 20:23 - 2012-11-07 17:18 - 02170880 _____ C:\Users\ADRI96\AppData\Local\rx_audio.Cache
2013-11-05 20:17 - 2012-07-26 11:27 - 00751892 _____ C:\WINDOWS\system32\perfh007.dat
2013-11-05 20:17 - 2012-07-26 11:27 - 00155620 _____ C:\WINDOWS\system32\perfc007.dat
2013-11-05 20:17 - 2012-07-26 08:28 - 01745416 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-11-03 21:33 - 2013-11-03 21:33 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\stflt.sys
2013-11-03 21:19 - 2013-11-03 19:56 - 00000000 ____D C:\ProgramData\436e6ce759bac406
2013-11-03 21:19 - 2013-11-03 19:56 - 00000000 ____D C:\Program Files (x86)\ShoppingChip
2013-11-02 16:31 - 2013-03-28 12:55 - 00000000 ____D C:\Users\ADRI96\Downloads\Eminem
2013-11-01 10:22 - 2013-11-01 10:22 - 00398224 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-25 13:32 - 2013-10-25 13:32 - 00000000 ____D C:\Users\ADRI96\Downloads\Death Row Records
2013-10-24 19:30 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2013-10-22 20:48 - 2013-10-22 20:48 - 00000000 ____D C:\Users\ADRI96\Downloads\Jay-Z - The Blueprint² The Gift & the Curse (2002)
2013-10-20 20:38 - 2013-10-14 09:51 - 00000000 ____D C:\Users\ADRI96\Downloads\Instrumental Pack
2013-10-20 18:22 - 2013-10-20 17:53 - 00000000 ____D C:\Users\ADRI96\AppData\Roaming\Fox Dgital Copy
2013-10-20 17:48 - 2013-10-20 17:48 - 00000000 ____D C:\Users\ADRI96\AppData\Roaming\WindSolutions
2013-10-20 17:48 - 2013-10-20 17:48 - 00000000 ____D C:\ProgramData\WindSolutions
2013-10-20 17:40 - 2013-03-31 08:08 - 00000000 ____D C:\Users\ADRI96\AppData\Roaming\dvdcss
2013-10-17 20:42 - 2011-12-11 15:03 - 00004072 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1417303628-3328293042-299085541-1006UA
2013-10-17 20:42 - 2011-12-11 15:03 - 00003692 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1417303628-3328293042-299085541-1006Core
2013-10-16 20:04 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\rescache
2013-10-15 13:30 - 2013-09-27 14:55 - 00000000 ____D C:\Users\ADRI96\Downloads\Snoop Doggy Dogg Collection (50 Albums)(RAR)(by dragan09)
2013-10-15 13:14 - 2013-02-24 17:33 - 00001388 _____ C:\Users\ADRI96\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
2013-10-13 21:15 - 2011-12-11 15:00 - 00000000 ___RD C:\Users\ADRI96\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-13 21:15 - 2011-12-11 14:59 - 00000000 ___RD C:\Users\ADRI96\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-13 21:12 - 2012-05-15 21:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-13 21:12 - 2012-05-15 21:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-13 17:41 - 2012-07-26 09:12 - 00000000 ___RD C:\WINDOWS\ToastData
2013-10-12 13:25 - 2013-10-10 22:01 - 00000000 ____D C:\Users\ADRI96\Downloads\LINKIN PARK FULL DISCOGRAPHY INC [THE CATALYST 2010 SINGLE]
2013-10-11 13:09 - 2010-04-27 13:36 - 00004082 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-11 13:09 - 2010-04-27 13:36 - 00003846 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-11 11:47 - 2013-07-13 10:54 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-10-11 11:47 - 2011-03-13 11:15 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-11 11:45 - 2010-04-17 09:43 - 80541720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-10-10 21:00 - 2013-10-10 20:59 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-10 21:00 - 2013-10-10 20:59 - 00000000 ____D C:\Program Files\iTunes
2013-10-10 21:00 - 2010-08-16 18:55 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-10 20:59 - 2013-10-10 20:59 - 00000000 ____D C:\Program Files\iPod
2013-10-10 20:58 - 2013-10-10 20:58 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-10-10 20:57 - 2013-10-10 20:57 - 00000000 ____D C:\Program Files\Bonjour
2013-10-10 20:57 - 2013-10-10 20:57 - 00000000 ____D C:\Program Files (x86)\Bonjour
Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.2784.dll
Some content of TEMP:
====================
C:\Users\ADRI96\AppData\Local\Temp\GoogleSetup.exe
C:\Users\ADRI96\AppData\Local\Temp\Quarantine.exe
C:\Users\ADRI96\AppData\Local\Temp\SHSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-08 17:47
==================== End Of Log ============================
--- --- ---
--- --- ---