adw cleaner logAdwCleaner Logfile: Code:
# AdwCleaner v3.018 - Bericht erstellt am 05/02/2014 um 19:15:51
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzername : Keanu - BIZZIE
# Gestartet von : C:\Users\Keanu\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pc speed up
Ordner Gelöscht : C:\Program Files (x86)\The weDownload Manager
Ordner Gelöscht : C:\Windows\SysWOW64\Searchprotect
Ordner Gelöscht : C:\Users\Keanu\AppData\LocalLow\The weDownload Manager
Ordner Gelöscht : C:\Users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Windows\Tasks\The weDownload Manager-codedownloader.job
Datei Gelöscht : C:\Windows\System32\Tasks\The weDownload Manager-codedownloader
Datei Gelöscht : C:\Windows\Tasks\The weDownload Manager-enabler.job
Datei Gelöscht : C:\Windows\System32\Tasks\The weDownload Manager-enabler
Datei Gelöscht : C:\Windows\Tasks\The weDownload Manager-firefoxinstaller.job
Datei Gelöscht : C:\Windows\System32\Tasks\The weDownload Manager-firefoxinstaller
Datei Gelöscht : C:\Windows\Tasks\The weDownload Manager-updater.job
Datei Gelöscht : C:\Windows\System32\Tasks\The weDownload Manager-updater
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Updater]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\The weDownload Manager
Schlüssel Gelöscht : HKLM\Software\The weDownload Manager
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\The weDownload Manager
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16537
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\Keanu\AppData\Roaming\Mozilla\Firefox\Profiles\70npye4n.default\prefs.js ]
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.InstallationThankYouPage", false);
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.InstallationTime", 1391337837);
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.active", true);
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.addressbar", "NA");
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.addressbarenhanced", "");
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.asyncdb.was_copied", "true");
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.asyncdb_dbWasSet", true);
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.asyncdb_dbWasSet_FF25_FIX", true);
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.asyncinternaldb.was_copied", "true");
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.asyncinternaldb_dbWasSet", true);
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.asyncinternaldb_dbWasSet_FF25_FIX", true);
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.backgroundver", 1);
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.certdomaininstaller", "");
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.changeprevious", false);
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.InstallationTime.value", "%221391337837%22");
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22000898%22%2C%22sub_id%22%3A%22verticals-in[...]
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.domain", "");
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.enablesearch", false);
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.homepage", "");
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.iframe", false);
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22BBAAAB20B51140F589D72C0B5FA31[...]
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22000898%22%2C%22sub_id%22%3A%22vertical[...]
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22000898%22%2C%22sub_id%22%3A%22ver[...]
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%22BBAAAB20B51140F589D7[...]
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_appVer.value", "29");
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_lastVersion.value", "1");
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_nextCheck.expiration", "Wed Feb 05 2014 01:01:59 GMT+0100");
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_nextCheck.value", "true");
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_queue.value", "%7B%7D");
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_resource_479259.expiration", "Tue May 06 2014 00:29:02 GMT+0200");
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.__defualt_browser__.value", "%22ie%22");
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A%22BBAAAB20[...]
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.monetization_plugin_last_executable_request.expiration", "Wed Feb 05 2014 11:17:31 GMT+[...]
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.monetization_plugin_last_executable_request.value", "%22hxxp%3A//download.bleepingcompu[...]
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.lastDailyReport", "1391536905264");
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.lastUpdate", "1391536902618");
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.manifesturl", "");
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.name", "The weDownload Manager");
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.newtab", "");
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.opensearch", "");
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/49074/plugins/093/ff/plugins.json");
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.pluginsversion", 25);
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.publisher", "weDownload");
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.searchstatus", 0);
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.setnewtab", false);
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.thankyou", "");
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.updateinterval", 360);
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.ver", 29);
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.FilesValidatorDueTime", "1391558558856");
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.apps", "49074");
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.bic", "143fe10076889627053425d2ace68746");
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.cid", 49074);
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.firstrun", false);
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.hadappinstalled", true);
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.installationdate", 1391536900);
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.modetype", "production");
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.reportInstall", true);
Zeile gelöscht : user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.statsDailyCounter", 1);
-\\ Google Chrome v
[ Datei : C:\Users\Keanu\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht : search_url
Gelöscht : keyword
*************************
AdwCleaner[R0].txt - [15756 octets] - [02/02/2014 22:52:54]
AdwCleaner[R1].txt - [16000 octets] - [02/02/2014 23:00:09]
AdwCleaner[R2].txt - [14842 octets] - [03/02/2014 23:29:38]
AdwCleaner[R3].txt - [30655 octets] - [05/02/2014 00:30:19]
AdwCleaner[R4].txt - [23468 octets] - [05/02/2014 00:55:10]
AdwCleaner[S0].txt - [23084 octets] - [05/02/2014 19:15:51]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [23145 octets] ########## --- --- ---
JRT file Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 8 x64
Ran by Keanu on 05.02.2014 at 0:43:21,05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Successfully stopped: [Service] cltmngsvc
Successfully deleted: [Service] cltmngsvc
Failed to stop: [Service] update betterbrowse
Failed to stop: [Service] util betterbrowse
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\pcspeedup
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3247051021-3588894272-2128777945-1002\Software\Microsoft\Internet Explorer\Main\\Start Page
Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?
Value Name Type Value Data
========================================================================================
NextLive REG_SZ C:\Windows\SysWOW64\rundll32.exe "C:\Users\Keanu\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\pricepeep.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminent
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\dynconie
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\pricepeep
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchthewebarp
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0049074.BHO
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0049074.Sandbox
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0049074.Sandbox.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0050780.BHO
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0050780.BHO.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0050780.Sandbox
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0050780.Sandbox.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110411901174}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110511071180}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220422902274}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220522072280}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550455905574}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550555075580}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660466906674}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660566076680}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440544074480}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{11111111-1111-1111-1111-110411901174}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{11111111-1111-1111-1111-110511071180}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220422902274}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220522072280}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550455905574}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550555075580}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660466906674}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660566076680}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440544074480}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0049074.BHO
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0049074.Sandbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0049074.Sandbox.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0050780.BHO
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0050780.BHO.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0050780.Sandbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0050780.Sandbox.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550455905574}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550555075580}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660466906674}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660566076680}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440544074480}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511071180}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511071180}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550455905574}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550555075580}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660466906674}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660566076680}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440544074480}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411901174}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511071180}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
~~~ Files
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-7.7-codedownloader.job
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-7.7-firefoxinstaller.job
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-7.7-validator.job
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Keanu\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\Keanu\appdata\local\searchprotect"
Failed to delete: [Folder] "C:\Program Files (x86)\betterbrowse"
Successfully deleted: [Folder] "C:\Program Files (x86)\iminent"
Successfully deleted: [Folder] "C:\Program Files (x86)\pc speed up"
Successfully deleted: [Folder] "C:\Program Files (x86)\sweetpacks bundle uninstaller"
~~~ FireFox
Successfully deleted: [File] C:\Users\Keanu\AppData\Roaming\mozilla\firefox\profiles\70npye4n.default\extensions\pricepeep@getpricepeep.com.xpi
Successfully deleted the following from C:\Users\Keanu\AppData\Roaming\mozilla\firefox\profiles\70npye4n.default\prefs.js
user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_channels.expiration", "Fri Feb 01 2030 00:00:00
user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_channels.value", "%7B%22app0%22%3A%22app0%22%2C
user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_css.expiration", "Wed Feb 05 2014 19:13:50 GMT+
user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_css.value", "%22.%25CSSClass%25%20%7B%5Cn%5Ctdi
user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_geolocation.expiration", "Tue Feb 11 2014 19:13
user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_geolocation.value", "%22DE%22");
user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_metadata.expiration", "Wed Feb 05 2014 19:13:50
user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.cookie.CrossriderNotifier_metadata.value", "%7B%22appId%22%3A49074%2C%22a
user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.description", "Enhance your search results with direct download links and
user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_meta.value", "%7B%22extension.css%22%3A%7B%22id%22%3
user_pref("extensions.ab1ac2ff78e514bb68bf887f1d567919a4bb97481aead4c2ea62be25e264651bbcom49074.49074.internaldb.Resources_resource_479259.value", "%22.crossrider-nofity-34345
user_pref("extensions.crossrider.bic", "143fe10076889627053425d2ace68746");
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.02.2014 at 0:54:02,78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ sc cleaner log files Code:
Shortcut Cleaner 1.2.8 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/
Windows Version: Windows 8
Program started at: 02/05/2014 09:19:28 PM.
Scanning for registry hijacks:
* No issues found in the Registry.
Searching for Hijacked Shortcuts:
Searching C:\Users\Keanu\AppData\Roaming\Microsoft\Windows\Start Menu\
Searching C:\ProgramData\Microsoft\Windows\Start Menu\
Searching C:\Users\Keanu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\
Searching C:\Users\Public\Desktop\
Searching C:\Users\Keanu\Desktop
0 bad shortcuts found.
Program finished at: 02/05/2014 09:19:29 PM
Execution time: 0 hours(s), 0 minute(s), and 1 seconds(s) jetzt scann ich nochmal mit FRST und ich hoffe es hängt sich nicht wieder auf :)
frst log
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2014
Ran by Keanu (administrator) on BIZZIE on 05-02-2014 21:21:24
Running from C:\Users\Keanu\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\ProgramData\InternetUpdater\InternetUpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\Mobogenie\MgAssist.exe
() C:\Program Files\SavingsbullFilter\SavingsbullFilterService64.exe
() C:\Program Files (x86)\BetterBrowse\updateBetterBrowse.exe
() C:\Program Files (x86)\BetterBrowse\bin\utilBetterBrowse.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
() C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(Spotify Ltd) C:\Users\Keanu\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\APRP\aprp.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Updater) C:\ProgramData\Updater\updater.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(WatchDog) C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
(WatchDog) C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe
(WatchDog) C:\ProgramData\RHelpers\IeHelper\IeHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-09-11] (ASUS)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-11-27] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe [3423104 2012-08-31] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [Updater] - C:\ProgramData\Updater\Updater.exe [486264 2013-12-18] (Updater)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [775872 2014-02-02] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3247051021-3588894272-2128777945-1002\...\Run: [Spotify] - C:\Users\Keanu\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-01-19] (Spotify Ltd)
HKU\S-1-5-21-3247051021-3588894272-2128777945-1002\...\Run: [Spotify Web Helper] - C:\Users\Keanu\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-19] (Spotify Ltd)
HKU\S-1-5-21-3247051021-3588894272-2128777945-1002\...\Run: [NextLive] - C:\Windows\SysWOW64\rundll32.exe "C:\Users\Keanu\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-3247051021-3588894272-2128777945-1002\...\Run: [Updater] - C:\ProgramData\Updater\updater.exe [486264 2013-12-18] (Updater)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [245872 2013-04-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-04-08] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Plus-HD-7.7 - {11111111-1111-1111-1111-110511071180} - C:\Program Files (x86)\Plus-HD-7.7\Plus-HD-7.7-bho64.dll (Plus HD)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Keanu\AppData\Roaming\Mozilla\Firefox\Profiles\70npye4n.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Websteroids - C:\Users\Keanu\AppData\Roaming\Mozilla\Firefox\Profiles\70npye4n.default\Extensions\support@websteroidsapp.com [2014-02-04]
FF Extension: Adblock Plus - C:\Users\Keanu\AppData\Roaming\Mozilla\Firefox\Profiles\70npye4n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-04]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP5C9116DF-81B3-4356-8A67-DD845F203BB1&SSPV=
CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP5C9116DF-81B3-4356-8A67-DD845F203BB1&SSPV="
CHR DefaultSearchProvider: Conduit Search
CHR DefaultSearchURL: hxxp://www.google.com
CHR Extension: (Google Docs) - C:\Users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-06]
CHR Extension: (Google Drive) - C:\Users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-06]
CHR Extension: (YouTube) - C:\Users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-06]
CHR Extension: (Google-Suche) - C:\Users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-06]
CHR Extension: (Google-Suche) - C:\Users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb [2014-01-05]
CHR Extension: (PricePeep) - C:\Users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb [2014-02-04]
CHR Extension: (Google Wallet) - C:\Users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-06]
CHR Extension: (Google Mail) - C:\Users\Keanu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-06]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-02] (Avira Operations GmbH & Co. KG)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 InternetUpdater; C:\ProgramData\InternetUpdater\InternetUpdaterService.exe [40448 2013-12-06] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MgAssistService; C:\Program Files (x86)\Mobogenie\MgAssist.exe [63168 2014-02-02] ()
R2 SavingsbullFilterService64; c:\Program Files\SavingsbullFilter\SavingsbullFilterService64.exe [167936 2014-01-16] ()
R2 Update BetterBrowse; C:\Program Files (x86)\BetterBrowse\updateBetterBrowse.exe [80168 2014-02-05] ()
R2 Util BetterBrowse; C:\Program Files (x86)\BetterBrowse\bin\utilBetterBrowse.exe [103208 2014-02-02] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-02] (Avira Operations GmbH & Co. KG)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46232 2013-12-17] (NetFilterSDK.com)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-11-27] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U0 msahci;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-05 21:21 - 2014-02-05 21:21 - 00000000 ____D () C:\Users\Keanu\Downloads\FRST-OlderVersion
2014-02-05 21:15 - 2014-02-05 21:19 - 00001742 _____ () C:\sc-cleaner.txt
2014-02-05 21:15 - 2014-02-05 21:15 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Keanu\Downloads\sc-cleaner(1).exe
2014-02-05 00:54 - 2014-02-05 00:54 - 00013222 _____ () C:\Users\Keanu\Desktop\JRT.txt
2014-02-05 00:43 - 2014-02-05 00:43 - 00000000 ____D () C:\Windows\ERUNT
2014-02-05 00:41 - 2014-02-05 00:41 - 01037530 _____ (Thisisu) C:\Users\Keanu\Downloads\JRT.exe
2014-02-05 00:41 - 2014-02-05 00:41 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Keanu\Downloads\sc-cleaner.exe
2014-02-05 00:29 - 2014-02-05 00:29 - 01166132 _____ () C:\Users\Keanu\Downloads\adwcleaner.exe
2014-02-05 00:19 - 2014-02-05 00:19 - 00067528 _____ () C:\ComboFix.txt
2014-02-04 23:53 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-04 23:53 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-04 23:53 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-04 23:53 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-04 23:53 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-04 23:53 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2014-02-04 23:53 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-04 23:53 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-04 23:53 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-04 23:51 - 2014-02-05 00:19 - 00000000 ____D () C:\Qoobox
2014-02-04 23:51 - 2014-02-05 00:16 - 00000000 ____D () C:\Windows\erdnt
2014-02-04 23:49 - 2014-02-04 23:50 - 05179684 ____R (Swearware) C:\Users\Keanu\Downloads\ComboFix.exe
2014-02-04 23:31 - 2014-02-04 23:31 - 05556104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-04 23:20 - 2014-02-05 21:21 - 00015955 _____ () C:\Users\Keanu\Downloads\FRST.txt
2014-02-04 19:23 - 2014-02-04 19:23 - 00000000 ____D () C:\Program Files (x86)\Plus-HD-7.7
2014-02-04 19:20 - 2014-02-04 19:20 - 00264560 _____ (setup process) C:\Users\Keanu\Downloads\Adobe%20Flash%20Player%2011.exe
2014-02-04 19:16 - 2014-02-04 19:16 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-02-04 18:49 - 2014-02-04 18:49 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-04 18:49 - 2014-02-04 18:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-04 18:49 - 2014-02-04 18:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-04 01:29 - 2014-02-04 23:17 - 00016635 _____ () C:\Users\Keanu\Desktop\FRST.txt
2014-02-04 01:27 - 2014-02-05 21:21 - 02082304 _____ (Farbar) C:\Users\Keanu\Downloads\FRST64.exe
2014-02-04 00:05 - 2014-02-04 00:05 - 00003088 _____ () C:\Windows\System32\Tasks\{79EDCAE6-B4C7-4DEF-9BF0-307AEDA2E7D6}
2014-02-04 00:00 - 2014-02-04 00:00 - 00011657 _____ () C:\AdwCleaner[R2].txt
2014-02-04 00:00 - 2014-02-04 00:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-03 23:54 - 2014-02-03 23:54 - 00581957 _____ () C:\Users\Keanu\Desktop\adwcleaner-1.606-en(1).exe
2014-02-03 23:52 - 2014-02-03 23:52 - 00011074 _____ () C:\AdwCleaner[R1].txt
2014-02-03 23:52 - 2014-02-03 23:52 - 00000000 ____D () C:\Program Files\SavingsbullFilter
2014-02-03 23:51 - 2014-02-03 23:51 - 00000000 ____D () C:\Program Files\Level Quality Watcher
2014-02-03 23:37 - 2014-02-05 21:21 - 00000000 ____D () C:\FRST
2014-02-02 22:51 - 2014-02-05 20:57 - 00000000 ____D () C:\AdwCleaner
2014-02-02 22:51 - 2014-02-02 22:51 - 01166132 _____ () C:\Users\Keanu\Desktop\adwcleaner.exe
2014-02-02 17:10 - 2014-02-02 17:14 - 00000000 ____D () C:\Users\Keanu\Desktop\usb stick
2014-02-02 12:42 - 2013-12-26 02:50 - 1324053055 _____ () C:\Users\Keanu\Desktop\iPhone5,2_7.0.4_11B554a_Restore.ipsw
2014-02-02 11:51 - 2014-02-02 11:51 - 03197440 _____ () C:\Users\Keanu\Desktop\tinyumbrella-7.04.00.exe
2014-02-02 11:50 - 2014-02-02 12:15 - 00129764 _____ () C:\Users\Keanu\Desktop\umbrella.log
2014-02-02 11:49 - 2014-02-02 11:49 - 00260528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-02 11:49 - 2014-02-02 11:49 - 00174000 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-02 11:49 - 2014-02-02 11:49 - 00173992 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-02 11:49 - 2014-02-02 11:49 - 00095184 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-02 11:49 - 2014-02-02 11:49 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-02 11:47 - 2014-02-05 21:12 - 00000000 ____D () C:\Users\Keanu\AppData\Roaming\newnext.me
2014-02-02 11:47 - 2014-02-02 12:06 - 00000000 ____D () C:\Users\Keanu\AppData\Local\Mobogenie
2014-02-02 11:47 - 2014-02-02 11:52 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2014-02-02 11:47 - 2014-02-02 11:51 - 00000000 ____D () C:\Users\Keanu\AppData\Local\cache
2014-02-02 11:47 - 2014-02-02 11:48 - 00000000 ____D () C:\Users\Keanu\AppData\Local\genienext
2014-02-02 11:47 - 2014-02-02 11:47 - 00001025 _____ () C:\Users\Keanu\Desktop\Mobogenie.lnk
2014-02-02 11:47 - 2014-02-02 11:47 - 00000000 ____D () C:\Users\Keanu\Documents\Mobogenie
2014-02-02 11:47 - 2014-02-02 11:47 - 00000000 ____D () C:\Users\Keanu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2014-02-02 11:47 - 2014-02-02 11:47 - 00000000 ____D () C:\Users\Keanu\.android
2014-02-02 11:47 - 2014-02-02 11:47 - 00000000 _____ () C:\Users\Keanu\daemonprocess.txt
2014-02-02 11:43 - 2014-02-05 00:47 - 00000000 ____D () C:\Program Files (x86)\BetterBrowse
2014-01-25 02:00 - 2014-01-25 02:01 - 23867560 _____ (Mozilla) C:\Users\Keanu\Desktop\Firefox Setup 26.0.exe
2014-01-15 03:08 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2014-01-15 03:08 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2014-01-15 03:08 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2014-01-15 03:08 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2014-01-15 03:08 - 2013-10-28 06:50 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-01-15 03:08 - 2013-10-28 05:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-01-15 03:08 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2014-01-15 03:08 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-01-15 03:08 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-01-15 03:08 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-01-15 03:08 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-01-15 03:07 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-01-15 03:07 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 03:07 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-01-15 03:07 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-06 20:20 - 2014-01-06 20:20 - 00307760 _____ () C:\Windows\system32\FNTCACHE.DAT
==================== One Month Modified Files and Folders =======
2014-02-05 22:12 - 2014-02-04 23:20 - 00015955 _____ () C:\Users\Keanu\Downloads\FRST.txt
2014-02-05 22:02 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-02-05 21:46 - 2013-09-14 20:22 - 00001122 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-05 21:31 - 2013-04-24 18:21 - 01950770 _____ () C:\Windows\WindowsUpdate.log
2014-02-05 21:30 - 2013-04-24 20:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-05 21:21 - 2014-02-05 21:21 - 00000000 ____D () C:\Users\Keanu\Downloads\FRST-OlderVersion
2014-02-05 21:21 - 2014-02-04 01:27 - 02082304 _____ (Farbar) C:\Users\Keanu\Downloads\FRST64.exe
2014-02-05 21:21 - 2014-02-03 23:37 - 00000000 ____D () C:\FRST
2014-02-05 21:19 - 2014-02-05 21:15 - 00001742 _____ () C:\sc-cleaner.txt
2014-02-05 21:16 - 2012-08-03 00:02 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-02-05 21:16 - 2012-08-03 00:02 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-02-05 21:16 - 2012-07-26 08:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-05 21:15 - 2014-02-05 21:15 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Keanu\Downloads\sc-cleaner(1).exe
2014-02-05 21:13 - 2013-12-18 23:48 - 00000000 ____D () C:\Users\Keanu\AppData\Roaming\Spotify
2014-02-05 21:12 - 2014-02-02 11:47 - 00000000 ____D () C:\Users\Keanu\AppData\Roaming\newnext.me
2014-02-05 21:12 - 2013-04-24 18:26 - 00000408 _____ () C:\Users\Keanu\AppData\Roaming\sp_data.sys
2014-02-05 21:11 - 2013-09-14 20:22 - 00001118 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-05 21:10 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-05 21:09 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-02-05 21:02 - 2013-04-24 18:33 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3247051021-3588894272-2128777945-1002
2014-02-05 20:57 - 2014-02-02 22:51 - 00000000 ____D () C:\AdwCleaner
2014-02-05 00:54 - 2014-02-05 00:54 - 00013222 _____ () C:\Users\Keanu\Desktop\JRT.txt
2014-02-05 00:47 - 2014-02-02 11:43 - 00000000 ____D () C:\Program Files (x86)\BetterBrowse
2014-02-05 00:43 - 2014-02-05 00:43 - 00000000 ____D () C:\Windows\ERUNT
2014-02-05 00:41 - 2014-02-05 00:41 - 01037530 _____ (Thisisu) C:\Users\Keanu\Downloads\JRT.exe
2014-02-05 00:41 - 2014-02-05 00:41 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Keanu\Downloads\sc-cleaner.exe
2014-02-05 00:29 - 2014-02-05 00:29 - 01166132 _____ () C:\Users\Keanu\Downloads\adwcleaner.exe
2014-02-05 00:19 - 2014-02-05 00:19 - 00067528 _____ () C:\ComboFix.txt
2014-02-05 00:19 - 2014-02-04 23:51 - 00000000 ____D () C:\Qoobox
2014-02-05 00:19 - 2012-07-26 06:37 - 00000000 __RHD () C:\Users\Default
2014-02-05 00:17 - 2013-04-24 18:25 - 00000000 ___RD () C:\Users\Keanu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-05 00:16 - 2014-02-04 23:51 - 00000000 ____D () C:\Windows\erdnt
2014-02-05 00:13 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-02-05 00:12 - 2012-07-26 06:26 - 00000215 _____ () C:\Windows\system.ini
2014-02-05 00:10 - 2012-08-02 14:24 - 00033458 _____ () C:\Windows\PFRO.log
2014-02-05 00:09 - 2012-07-26 06:26 - 66060288 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-02-05 00:09 - 2012-07-26 06:26 - 23068672 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-02-05 00:09 - 2012-07-26 06:26 - 00786432 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-02-05 00:09 - 2012-07-26 06:26 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-02-05 00:09 - 2012-07-26 06:26 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-02-04 23:50 - 2014-02-04 23:49 - 05179684 ____R (Swearware) C:\Users\Keanu\Downloads\ComboFix.exe
2014-02-04 23:31 - 2014-02-04 23:31 - 05556104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-04 23:31 - 2013-04-24 20:02 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-04 23:17 - 2014-02-04 01:29 - 00016635 _____ () C:\Users\Keanu\Desktop\FRST.txt
2014-02-04 23:16 - 2013-09-14 20:22 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-04 19:23 - 2014-02-04 19:23 - 00000000 ____D () C:\Program Files (x86)\Plus-HD-7.7
2014-02-04 19:22 - 2013-04-24 21:48 - 00000000 ____D () C:\Users\Keanu\AppData\Local\Adobe
2014-02-04 19:20 - 2014-02-04 19:20 - 00264560 _____ (setup process) C:\Users\Keanu\Downloads\Adobe%20Flash%20Player%2011.exe
2014-02-04 19:16 - 2014-02-04 19:16 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-02-04 19:00 - 2013-12-18 23:50 - 00000000 ____D () C:\Users\Keanu\AppData\Local\Spotify
2014-02-04 18:49 - 2014-02-04 18:49 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-04 18:49 - 2014-02-04 18:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-04 18:49 - 2014-02-04 18:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-04 18:49 - 2013-04-24 19:56 - 00000000 ____D () C:\Users\Keanu\AppData\Roaming\Mozilla
2014-02-04 01:40 - 2013-05-05 17:38 - 00000000 ____D () C:\Users\Keanu\Desktop\Programme
2014-02-04 00:05 - 2014-02-04 00:05 - 00003088 _____ () C:\Windows\System32\Tasks\{79EDCAE6-B4C7-4DEF-9BF0-307AEDA2E7D6}
2014-02-04 00:00 - 2014-02-04 00:00 - 00011657 _____ () C:\AdwCleaner[R2].txt
2014-02-04 00:00 - 2014-02-04 00:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-03 23:54 - 2014-02-03 23:54 - 00581957 _____ () C:\Users\Keanu\Desktop\adwcleaner-1.606-en(1).exe
2014-02-03 23:52 - 2014-02-03 23:52 - 00011074 _____ () C:\AdwCleaner[R1].txt
2014-02-03 23:52 - 2014-02-03 23:52 - 00000000 ____D () C:\Program Files\SavingsbullFilter
2014-02-03 23:51 - 2014-02-03 23:51 - 00000000 ____D () C:\Program Files\Level Quality Watcher
2014-02-03 23:17 - 2013-04-24 19:51 - 00756736 ___SH () C:\Users\Keanu\Desktop\Thumbs.db
2014-02-02 23:41 - 2013-11-23 23:06 - 00000000 ____D () C:\Program Files\Google
2014-02-02 22:51 - 2014-02-02 22:51 - 01166132 _____ () C:\Users\Keanu\Desktop\adwcleaner.exe
2014-02-02 22:47 - 2013-09-14 20:22 - 00000000 ____D () C:\Users\Keanu\AppData\Local\Google
2014-02-02 17:14 - 2014-02-02 17:10 - 00000000 ____D () C:\Users\Keanu\Desktop\usb stick
2014-02-02 12:15 - 2014-02-02 11:50 - 00129764 _____ () C:\Users\Keanu\Desktop\umbrella.log
2014-02-02 12:15 - 2013-06-24 17:49 - 00209150 _____ () C:\Users\Keanu\umbrella0.log
2014-02-02 12:15 - 2013-04-24 18:21 - 00000000 ____D () C:\Users\Keanu
2014-02-02 12:06 - 2014-02-02 11:47 - 00000000 ____D () C:\Users\Keanu\AppData\Local\Mobogenie
2014-02-02 12:04 - 2013-06-24 17:49 - 00000000 ____D () C:\Users\Keanu\.shsh
2014-02-02 11:52 - 2014-02-02 11:47 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2014-02-02 11:51 - 2014-02-02 11:51 - 03197440 _____ () C:\Users\Keanu\Desktop\tinyumbrella-7.04.00.exe
2014-02-02 11:51 - 2014-02-02 11:47 - 00000000 ____D () C:\Users\Keanu\AppData\Local\cache
2014-02-02 11:49 - 2014-02-02 11:49 - 00260528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-02 11:49 - 2014-02-02 11:49 - 00174000 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-02 11:49 - 2014-02-02 11:49 - 00173992 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-02 11:49 - 2014-02-02 11:49 - 00095184 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-02 11:49 - 2014-02-02 11:49 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-02 11:48 - 2014-02-02 11:47 - 00000000 ____D () C:\Users\Keanu\AppData\Local\genienext
2014-02-02 11:47 - 2014-02-02 11:47 - 00001025 _____ () C:\Users\Keanu\Desktop\Mobogenie.lnk
2014-02-02 11:47 - 2014-02-02 11:47 - 00000000 ____D () C:\Users\Keanu\Documents\Mobogenie
2014-02-02 11:47 - 2014-02-02 11:47 - 00000000 ____D () C:\Users\Keanu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2014-02-02 11:47 - 2014-02-02 11:47 - 00000000 ____D () C:\Users\Keanu\.android
2014-02-02 11:47 - 2014-02-02 11:47 - 00000000 _____ () C:\Users\Keanu\daemonprocess.txt
2014-01-30 22:10 - 2013-11-16 23:49 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-30 22:10 - 2013-11-16 23:49 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-25 14:38 - 2013-04-25 20:54 - 00000000 ____D () C:\Users\Keanu\Desktop\Musik
2014-01-25 14:31 - 2013-06-06 22:48 - 00000000 ____D () C:\Users\Keanu\AppData\Roaming\iFunbox_UserCache
2014-01-25 08:17 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2014-01-25 02:01 - 2014-01-25 02:00 - 23867560 _____ (Mozilla) C:\Users\Keanu\Desktop\Firefox Setup 26.0.exe
2014-01-18 20:26 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-01-17 03:10 - 2013-08-14 21:41 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-17 03:07 - 2013-04-25 12:59 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-17 03:07 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore
2014-01-12 23:56 - 2013-12-26 01:27 - 00003089 _____ () C:\Users\Keanu\Desktop\README.txt
2014-01-06 20:20 - 2014-01-06 20:20 - 00307760 _____ () C:\Windows\system32\FNTCACHE.DAT
Some content of TEMP:
====================
C:\Users\Keanu\AppData\Local\temp\avgnt.exe
C:\Users\Keanu\AppData\Local\temp\Quarantine.exe
C:\Users\Keanu\AppData\Local\temp\setup{A83E8D36-0DCD-4000-9431-420479E57515}.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-25 08:00
==================== End Of Log ============================ --- --- ---
--- --- ---
ABER ich habe nur die FRST.txt datei bekommen und die ADDITION.txt habe ich nicht bekommen |