Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   C:\Programme(x86)\Browser Updater\TBUpdater.dll (https://www.trojaner-board.de/134873-c-programme-x86-browser-updater-tbupdater-dll.html)

notiD 13.05.2013 15:54
C:\Programme(x86)\Browser Updater\TBUpdater.dll
 
Hallo Community,
ich habe mich gerade hier angemeldet um zu hoffen, dass ihr mir helfen könnt.
Also sobald ich meinen Computer starte und ich beim Desktop bin, öffnet sich ein RunDll Fenster und es erscheint die Meldung: "Die Datei C:\Programme(x86)\Browser Updater\TBUpdater.dll konnte nicht gefunden werden.
Das angegebene Modul wurde nicht gefunden" , und mein Computer hängt sich für ca 2-5 min auf. Ich kann in dieser Zeit nicht mal den Task Manager öffnen.
ICh hab schon nach dieser Datei geschaut, kann sie aber leider nicht finden.

Jetzt bitte ich euch, mir zu helfen.

MfG
notiD

ryder 13.05.2013 17:53
!! Hinweis an Mitlesende !!
Dieses Thema und die Anweisungen sind nur für diesen speziellen Fall gedacht.
Sie könnten andere Computer schwer beschädigen. Öffnet bitte euer eigenes Thema.


:hallo:

Ich werde dir bei deinem Problem helfen. Die Bereinigung funktioniert nur, wenn du dich an die folgenden Regeln hälst:
Bitte lesen:
Regeln für die Bereinigung
  • Illegal genutzte Software
    Beim ersten Anzeichen wird der Support ohne Diskussion eingestellt. Also sorge bitte vorher dafür, dass hier nichts mehr auftaucht.
  • Keine Garantie
    Wir werden uns Mühe geben, aber einen 100% sicheren und sauberen Computer bekommst du nicht zurück. Der einzig sichere Weg ist die Formatierung mit Neuaufsetzen.
  • Keine Alleingänge
    Die Bereinigung funktioniert nur, wenn du genau das machst, was ich anweise. Installiere/deinstalliere keine Software, führe keine Scans durch, die ich dir nicht angewiesen habe. Poste dein Thema in keinem anderen Forum und folge nicht den Anweisungen anderer Helfer. Du raubst damit allen Beteiligten nur Zeit.
  • Aufmerksam lesen und nachfragen
    Lies jede Anleitung genau durch. Bei Unklarheiten bitte vorher nachfragen. Arbeite die Schritte in der Reihenfolge ab und antworte dann erst nach dem letzten Schritt oder wenn du eine Frage hast.
  • Richtig antworten
    • Nachdem du alle Schritte abgearbeitet hast gibst du mir bitte zu jedem Schritt eine Rückmeldung (Logfile oder Antwort) und das gesammelt in einer Antwort.
    • Mache deinen Namen nur dann unkenntlich, wenn es wirklich sein muss.
    • Logfiles bitte zwischen Code-Tags platzieren (im Antwortfenster das #-Symbol anklicken) sieht dann so aus:
      [CODE] (Logfile) [/CODE]
    • Hinweis in eigener Sache: Angehängte oder gezippte Logfiles erschweren mir die Arbeit massiv! Mache das also nur, wenn das Logfile zu groß ist, um es direkt zu posten.
  • Keine privaten Nachrichten
    Ich sehe es, wenn du geantwortet hast, du mußt mich nicht benachrichtigen. Schicke mir nur dann eine PM wenn ich drei Tage nicht geantwortet habe und nur dann.
  • Wie läuft die Bereinigung ab?
    Ganz grob: Analyse > Bereinigung > Kontrolle mit Updates > Fertig. Ob fertig oder nicht werde ich dir ganz deutlich mitteilen, du brauchst nicht nachzufragen.



Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!)
Deinstallation von Programmen
  • Windows XP: Start > Systemsteuerung > Software > [Programmname] > Deinstallieren
  • Windows Vista / 7: Start > Systemsteuerung > Programme und Funktionen > [Programmname] > Deinstallieren
  • ggf. Neustart zulassen
Deinstalliere - falls du es nicht absichtlich installiert hast - alles was den Zusatz "Toolbar" enthält, sowie Downloader-Anwendungen

Gehe bitte die folgende Liste durch und deinstalliere die genannten Programme, falls vorhanden:
CCleaner oder andere Registry-Cleaner, TuneUp Utilities (inkl. Language Pack), Glary Utilities, Spybot S & D (inklusive Teatimer), Zonealarm Firewall, McAfee Security Scan, Spyware Hunter, Spyware Terminator, Java 6 (alle), Pokersoftware, xp-Antispy, Hotspot Shield, iLivid, Amazon Icon, DriverEasy, Advanced Driver Updater, DriverCure, Uniblue DriverScanner, FireJump, SearchAnonymizer, SpeedMaxPC, Optimzer Pro




Schritt 2:
AdwCleaner: Werbeprogramme suchen und löschen
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 3:
Scan mit DDS+ (mit attach)
Downloade dir bitte DDS (von sUBs) und speichere die Datei auf deinem Desktop.

dds.com
  • Schließe alle laufenden Programme und starte DDS mit Doppelklick.
  • Der Desktop wird verschwinden, das ist normal.
  • Stelle folgendes ein:

    [X] dds.txt
    [X] attach.txt
    [ ] options for dds.txt

  • Ändere keine Einstellung ohne Anweisung.
  • Klicke auf Start.
  • Es werden 2 Logfiles auf deinem Desktop erstellt.
    • dds.txt
    • attach.txt
  • Poste die beiden Logfile hier, möglichst in CODE-Tags.

notiD 13.05.2013 19:06
Schritt 2: ADW CleanerAdwCleaner Logfile:
Code:
# AdwCleaner v2.300 - Datei am 13/05/2013 um 19:55:04 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Diton Shkreli - DITONS-LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Diton Shkreli\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : DefaultTabSearch
Gestoppt & Gelöscht : DefaultTabUpdate
Gestoppt & Gelöscht : eSafeSvc

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Diton Shkreli\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
Datei Gelöscht : C:\Users\Diton Shkreli\AppData\Roaming\Mozilla\Firefox\Profiles\0\searchplugins\Web Search.xml
Datei Gelöscht : C:\Windows\Tasks\AmiUpdXp.job
Ordner Gelöscht : C:\Program Files (x86)\BrowserCompanion
Ordner Gelöscht : C:\Program Files (x86)\Common Files\337
Ordner Gelöscht : C:\Program Files (x86)\Complitly
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\ConduitEngine
Ordner Gelöscht : C:\Program Files (x86)\DefaultTab
Ordner Gelöscht : C:\Program Files (x86)\Protected Search
Ordner Gelöscht : C:\ProgramData\Anti-phishing Domain Advisor
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\eSafe
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\ProgramData\SpeedMaxPc
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Diton Shkreli\AppData\Local\APN
Ordner Gelöscht : C:\Users\Diton Shkreli\AppData\Local\blekkotb
Ordner Gelöscht : C:\Users\Diton Shkreli\AppData\Local\Minibar
Ordner Gelöscht : C:\Users\Diton Shkreli\AppData\Local\SwvUpdater
Ordner Gelöscht : C:\Users\Diton Shkreli\AppData\Local\visualbeeexe
Ordner Gelöscht : C:\Users\Diton Shkreli\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Diton Shkreli\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\Diton Shkreli\AppData\LocalLow\IncrediMail_MediaBar_2
Ordner Gelöscht : C:\Users\Diton Shkreli\AppData\LocalLow\simplytech
Ordner Gelöscht : C:\Users\Diton Shkreli\AppData\LocalLow\SweetIM
Ordner Gelöscht : C:\Users\Diton Shkreli\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\Diton Shkreli\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Diton Shkreli\AppData\Roaming\BrowserCompanion
Ordner Gelöscht : C:\Users\Diton Shkreli\AppData\Roaming\Complitly
Ordner Gelöscht : C:\Users\Diton Shkreli\AppData\Roaming\DefaultTab
Ordner Gelöscht : C:\Users\Diton Shkreli\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\Diton Shkreli\AppData\Roaming\eIntaller
Ordner Gelöscht : C:\Users\Diton Shkreli\AppData\Roaming\eType
Ordner Gelöscht : C:\Users\Diton Shkreli\AppData\Roaming\Media Finder
Ordner Gelöscht : C:\Users\Diton Shkreli\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@themediafinder.com
Ordner Gelöscht : C:\Users\Diton Shkreli\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Ordner Gelöscht : C:\Users\Diton Shkreli\AppData\Roaming\OCS
Ordner Gelöscht : C:\Users\Diton Shkreli\AppData\Roaming\simplytech
Ordner Gelöscht : C:\Users\Diton Shkreli\AppData\Roaming\SpeedMaxPc
Ordner Gelöscht : C:\Users\DITONS~1\AppData\Local\Temp\Desk365
Ordner Gelöscht : C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\blekkotb
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DefaultTab
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_2
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\BrowserCompanion
Schlüssel Gelöscht : HKCU\Software\Complitly
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\Default Tab
Schlüssel Gelöscht : HKCU\Software\DefaultTab
Schlüssel Gelöscht : HKCU\Software\Headlight
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\MediaFinder
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{498BF512-BBD8-41BA-A3B1-22AD4DCEF7D4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9A16B3E4-E725-41F7-A4E4-F4CCC3855BDB}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Somoto Toolbar
Schlüssel Gelöscht : HKCU\Software\5b48c8fb468e817
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\SMTTB2009
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3F39D17D-50C7-4AC4-A63A-CDF6CDBD0C61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3FC27B34-0C19-49DA-875E-1875DDD4A6B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\IEPlugin.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IEPlugin.IEWebHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IEPlugin.IEWebHook.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{71E3A30E-9444-49D9-ABDB-B4B531D0BBA3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wtb.Band
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wtb.Band.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wtb.NotificationSource
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wtb.NotificationSource.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wtb.SourceSinkImpl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wtb.ToolbarInfo.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\conduitEngine
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Default Tab
Schlüssel Gelöscht : HKLM\Software\DefaultTab
Schlüssel Gelöscht : HKLM\Software\Desksvc
Schlüssel Gelöscht : HKLM\Software\eSafeSecControl
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\ImInstaller
Schlüssel Gelöscht : HKLM\Software\IncrediMail_MediaBar_2
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_2_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_2_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F64ED36-9215-4179-A46C-D1328F7759AB}
Schlüssel Gelöscht : HKLM\Software\Minibar
Schlüssel Gelöscht : HKLM\Software\portaldositesSoftware
Schlüssel Gelöscht : HKLM\Software\SimplyGen
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9A16B3E4-E725-41F7-A4E4-F4CCC3855BDB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A928E66C-F501-4E66-9953-855C712F93B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AE9908C1-3400-4B10-9061-C6C04D96E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ibgfbdggapddbjjbopabhlhianklajie
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5582A725-57F8-4FDE-9F3C-46380506BB17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CB2298B-9F4E-4570-A64F-51F6766D2ABA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\eSafeSecControl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AE9908C1-3400-4B10-9061-C6C04D96E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Browser companion helper]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{338B4DFE-2E2C-4338-9E41-E176D497299E}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16476

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=pfr&from=pfr&uid=WDCXWD5000BPVT-22HXZT3_WD-WXL1A718451284512&ts=1367423674 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=pfr&from=pfr&uid=WDCXWD5000BPVT-22HXZT3_WD-WXL1A718451284512&ts=1367423674 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&st=chrome&q= --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&st=chrome&q= --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&st=chrome&q= --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&st=chrome&q= --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&st=chrome&q= --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&st=chrome&q= --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - CustomizeSearch] = hxxp://search.portaldosites.com/web/?utm_source=b&utm_medium=pfr&from=pfr&uid=WDCXWD5000BPVT-22HXZT3_WD-WXL1A718451284512&ts=0 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.portaldosites.com/web/?utm_source=b&utm_medium=pfr&from=pfr&uid=WDCXWD5000BPVT-22HXZT3_WD-WXL1A718451284512&ts=0 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&st=chrome&q= --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&st=chrome&q= --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&st=chrome&q= --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - CustomizeSearch] = hxxp://search.portaldosites.com/web/?utm_source=b&utm_medium=pfr&from=pfr&uid=WDCXWD5000BPVT-22HXZT3_WD-WXL1A718451284512&ts=0 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.portaldosites.com/web/?utm_source=b&utm_medium=pfr&from=pfr&uid=WDCXWD5000BPVT-22HXZT3_WD-WXL1A718451284512&ts=0 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - (Default)] = hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&q=%s --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - (Default)] = hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&q=%s --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=pfr&from=pfr&uid=WDCXWD5000BPVT-22HXZT3_WD-WXL1A718451284512&ts=1367423674 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=pfr&from=pfr&uid=WDCXWD5000BPVT-22HXZT3_WD-WXL1A718451284512&ts=1367423674 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&st=chrome&q= --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=pfr&from=pfr&uid=WDCXWD5000BPVT-22HXZT3_WD-WXL1A718451284512&ts=1367423674 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.portaldosites.com/?utm_source=b&utm_medium=pfr&from=pfr&uid=WDCXWD5000BPVT-22HXZT3_WD-WXL1A718451284512&ts=1367423674 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Search Page] = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&st=chrome&q= --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&st=chrome&q= --> hxxp://www.google.com

-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]

Datei : C:\Users\Diton Shkreli\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js

Gelöscht : user_pref("browser.search.defaultenginename", "Web Search");
Gelöscht : user_pref("browser.search.defaultengine", "Web Search");
Gelöscht : user_pref("browser.search.selectedEngine", "Web Search");user_pref("browser.search.order.1", "Web Se[...]
Gelöscht : user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366452227540&tgu[...]

*************************

AdwCleaner[S1].txt - [34894 octets] - [13/05/2013 19:55:04]

########## EOF - C:\AdwCleaner[S1].txt - [34955 octets] ##########
--- --- ---

ryder 13.05.2013 19:08
Und Schritt 3?

notiD 13.05.2013 19:11
Schritt 3:

DDSDDS Logfile:
Code:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476  BrowserJavaVersion: 10.17.2
Run by Diton Shkreli at 20:08:36 on 2013-05-13
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3948.2546 [GMT 2:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_6_602_180_ActiveX.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
uProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
uCustomizeSearch = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
mCustomizeSearch = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: HomeTab: {96edaac7-6183-4cb5-8823-b8b12d94f967} - C:\Users\Diton Shkreli\AppData\Roaming\HomeTab\HomeTab.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
TB: HomeTab: {96edaac7-6183-4cb5-8823-b8b12d94f967} - C:\Users\Diton Shkreli\AppData\Roaming\HomeTab\HomeTab.dll
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
IE: {6e80943c-847c-4447-b830-f94e7dcbbd4e} - {96edaac7-6183-4cb5-8823-b8b12d94f967}
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{24D56DD0-2FBE-42FA-BC05-1300280A189D} : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{976E7C6E-A22D-483E-8654-FD812FFC4502} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{976E7C6E-A22D-483E-8654-FD812FFC4502}\4435C475C414E4D4F64656D6230303 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{976E7C6E-A22D-483E-8654-FD812FFC4502}\5416379724F687D2537373443353 : DHCPNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://www.google.com
x64-mDefault_Page_URL = hxxp://www.google.com
x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: klogon - C:\Windows\System32\klogon.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2011-3-4 11864]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2011-3-10 29488]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-7-25 204288]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-4-24 206448]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-7-25 353360]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-25 13336]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-3-30 598312]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-7-25 2656280]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-7-25 138024]
R3 IntcDAud;Intel(R) Display-Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-7-25 317440]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2011-7-25 12228128]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-7-25 76912]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2011-7-25 1222248]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SystemStoreService;System Store;C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe [2013-4-20 296448]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 SXDS10;soft Xpansion Dispatch Service;C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [2013-4-28 234096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
.
=============== Created Last 30 ================
.
2013-05-13 14:48:52        9317456        ----a-w-        C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7CE07215-57F3-42CC-8AE5-9904D51ACDF9}\mpengine.dll
2013-05-13 12:05:42        19352        ----a-w-        C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2013-05-12 16:44:33        --------        d-----w-        C:\Program Files (x86)\VS Revo Group
2013-05-12 14:37:34        --------        d-----w-        C:\Windows\System32\IO
2013-05-11 15:33:52        --------        d-----w-        C:\Users\Diton Shkreli\AppData\Roaming\Malwarebytes
2013-05-11 15:33:41        --------        d-----w-        C:\ProgramData\Malwarebytes
2013-05-09 10:09:11        --------        d-----w-        C:\Users\Diton Shkreli\AppData\Roaming\ParetoLogic
2013-05-09 10:09:11        --------        d-----w-        C:\Users\Diton Shkreli\AppData\Roaming\DriverCure
2013-05-09 10:09:01        --------        d-----w-        C:\ProgramData\ParetoLogic
2013-05-07 17:01:03        --------        d-----w-        C:\Users\Diton Shkreli\AppData\Local\assembly
2013-05-05 11:11:33        --------        d-----w-        C:\Users\Diton Shkreli\AppData\Local\DownloadGuide
2013-05-03 17:06:38        --------        d-----w-        C:\Users\Diton Shkreli\AppData\Local\Microsoft Games
2013-05-01 15:54:11        --------        d-----w-        C:\Users\Diton Shkreli\AppData\Roaming\GoPlayer
2013-04-28 09:09:17        --------        d-----w-        C:\Program Files (x86)\Common Files\soft Xpansion
2013-04-28 09:08:42        --------        d-----w-        C:\Program Files (x86)\Common Files\Freemium
2013-04-28 09:08:40        --------        d-----w-        C:\ProgramData\Freemium
2013-04-24 11:40:16        1656680        ----a-w-        C:\Windows\System32\drivers\ntfs.sys
2013-04-20 10:04:01        16896        ----a-w-        C:\Windows\Launcher.exe
2013-04-20 10:04:00        --------        d-----w-        C:\Users\Diton Shkreli\AppData\Roaming\HomeTab
2013-04-20 10:04:00        --------        d-----w-        C:\Program Files (x86)\HomeTab
2013-04-20 10:03:23        --------        d-----w-        C:\Program Files (x86)\SoftwareUpdater
2013-04-20 09:58:46        --------        d-----w-        C:\Users\Diton Shkreli\AppData\Roaming\eDownload
2013-04-16 08:04:31        282296        ----a-w-        C:\Windows\SysWow64\PnkBstrB.exe
2013-04-16 08:04:31        282296        ----a-w-        C:\Windows\SysWow64\PnkBstrB.ex0
2013-04-16 08:04:30        76888        ----a-w-        C:\Windows\SysWow64\PnkBstrA.exe
.
==================== Find3M  ====================
.
2013-05-05 10:40:57        282296        ----a-w-        C:\Windows\SysWow64\PnkBstrB.xtr
2013-05-02 00:06:08        278800        ------w-        C:\Windows\System32\MpSigStub.exe
2013-05-01 15:54:37        420944        ----a-w-        C:\Windows\SysWow64\msvcp100.dll
2013-04-10 12:47:46        0        ----a-w-        C:\Windows\SysWow64\shoA86F.tmp
2013-04-07 18:54:11        0        ----a-w-        C:\Windows\SysWow64\shoBE03.tmp
2013-03-26 10:30:04        95648        ----a-w-        C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-26 10:30:04        861088        ----a-w-        C:\Windows\SysWow64\npdeployJava1.dll
2013-03-26 10:30:04        782240        ----a-w-        C:\Windows\SysWow64\deployJava1.dll
2013-03-19 06:04:06        5550424        ----a-w-        C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56        43520        ----a-w-        C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13        3968856        ----a-w-        C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10        3913560        ----a-w-        C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50        6656        ----a-w-        C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33        112640        ----a-w-        C:\Windows\System32\smss.exe
2013-03-13 20:07:13        0        ----a-w-        C:\Windows\SysWow64\sho1805.tmp
2013-03-13 17:45:46        73432        ----a-w-        C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 17:45:46        693976        ----a-w-        C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-11 12:48:57        43520        ----a-w-        C:\Windows\SysWow64\CmdLineExt03.dll
2013-03-01 03:36:04        3153408        ----a-w-        C:\Windows\System32\win32k.sys
2013-02-28 13:41:12        0        ----a-w-        C:\Windows\SysWow64\sho4E02.tmp
2013-02-22 06:27:49        2312704        ----a-w-        C:\Windows\System32\jscript9.dll
2013-02-22 06:20:51        1392128        ----a-w-        C:\Windows\System32\wininet.dll
2013-02-22 06:19:37        1494528        ----a-w-        C:\Windows\System32\inetcpl.cpl
2013-02-22 06:15:48        173056        ----a-w-        C:\Windows\System32\ieUnatt.exe
2013-02-22 06:15:23        599040        ----a-w-        C:\Windows\System32\vbscript.dll
2013-02-22 06:12:41        2382848        ----a-w-        C:\Windows\System32\mshtml.tlb
2013-02-22 03:46:00        1800704        ----a-w-        C:\Windows\SysWow64\jscript9.dll
2013-02-22 03:38:00        1129472        ----a-w-        C:\Windows\SysWow64\wininet.dll
2013-02-22 03:37:50        1427968        ----a-w-        C:\Windows\SysWow64\inetcpl.cpl
2013-02-22 03:34:17        142848        ----a-w-        C:\Windows\SysWow64\ieUnatt.exe
2013-02-22 03:34:03        420864        ----a-w-        C:\Windows\SysWow64\vbscript.dll
2013-02-22 03:31:46        2382848        ----a-w-        C:\Windows\SysWow64\mshtml.tlb
2013-02-21 19:13:27        0        ----a-w-        C:\Windows\SysWow64\sho23A8.tmp
2013-02-20 19:54:35        0        ----a-w-        C:\Windows\SysWow64\shoA333.tmp
2013-02-17 18:47:30        0        ----a-w-        C:\Windows\SysWow64\shoD4C1.tmp
2013-02-15 06:08:40        44032        ----a-w-        C:\Windows\System32\tsgqec.dll
2013-02-15 06:06:11        3717632        ----a-w-        C:\Windows\System32\mstscax.dll
2013-02-15 06:02:26        158720        ----a-w-        C:\Windows\System32\aaclient.dll
2013-02-15 04:37:10        3217408        ----a-w-        C:\Windows\SysWow64\mstscax.dll
2013-02-15 04:34:10        131584        ----a-w-        C:\Windows\SysWow64\aaclient.dll
2013-02-15 03:25:51        36864        ----a-w-        C:\Windows\SysWow64\tsgqec.dll
2013-02-12 21:30:40        0        ----a-w-        C:\Windows\SysWow64\sho258B.tmp
.
============= FINISH: 20:09:06,99 ===============
--- --- ---


Attach

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 14.10.2011 16:16:33
System Uptime: 13.05.2013 19:56:06 (1 hours ago)
.
Motherboard: Packard Bell | | SJV70_HR
Processor: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz | CPU1 | 2200/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 446 GiB total, 394,99 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SBRE
Device ID: ROOT\LEGACY_SBRE\0000
Manufacturer:
Name: SBRE
PNP Device ID: ROOT\LEGACY_SBRE\0000
Service: SBRE
.
==== System Restore Points ===================
.
RP317: 09.05.2013 12:15:39 - TuneUp Utilities Language Pack (de-DE) wird entfernt
RP318: 11.05.2013 19:04:52 - Windows Update
RP319: 12.05.2013 16:11:09 - Removed Java 7 Update 17
RP320: 12.05.2013 16:35:30 - Removed Project64 1.6
RP321: 12.05.2013 18:08:38 - Wiederherstellungsvorgang
RP322: 12.05.2013 18:23:13 - Windows Update
RP323: 12.05.2013 18:26:41 - Removed Ragnarok Online
RP324: 12.05.2013 18:34:56 - Free Pdf Perfect Prereq
RP325: 12.05.2013 18:35:22 - Free System Utilities
RP326: 12.05.2013 18:36:08 - Removed Project64 1.6
RP327: 12.05.2013 18:45:31 - Revo Uninstaller's restore point - Browser Updater 1.1
RP328: 12.05.2013 18:47:45 - Revo Uninstaller's restore point - TuneUp Utilities 2013
RP329: 12.05.2013 19:02:51 - Revo Uninstaller's restore point - Battlefield Heroes
RP330: 13.05.2013 13:56:59 - Windows Update
RP331: 13.05.2013 16:22:53 - Wiederherstellungsvorgang
RP332: 13.05.2013 16:48:06 - Windows Update
RP333: 13.05.2013 16:55:50 - Removed Project64 1.6
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.6) MUI
AMD APP SDK Runtime
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
ATI Catalyst Install Manager
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CyberLink MediaEspresso
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
EAX Unified
ETDWare PS/2-X64 8.0.6.0_WHQL
HomeMedia
HomeTab 2.7
Identity Card
Intel(R) Display Audio Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Java 7 Update 17
Java Auto Updater
Kaspersky Internet Security 2012
Launch Manager
Microsoft-Maus- und Tastatur-Center
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended DEU Language Pack
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office Home and Student 2010
Microsoft Office Klick-und-Los 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared 64-bit MUI (German) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (German) 2010
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_CRT_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
OpenAL
Paint.NET v3.5.10
PunkBuster Services
PX Profile Update
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
swMSM
TeamSpeak 3 Client
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Video Web Camera
Welcome Center
.
==== End Of File ===========================

ryder 13.05.2013 19:24
Sieht eigentlich gut aus.

Bevor es weiter geht: Besteht das Problem noch?

notiD 13.05.2013 19:31
Ja leider... noch irgendeine möglichkeit?
Und ich bedanke mich schonmal bis hier :)

ryder 13.05.2013 19:55
Ja sicher. Wir schauen mal weiter:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

notiD 13.05.2013 20:04
Ich hab mal kurz davor ne frage wie lange dauert der scan ungefähr? Denn ich hab nicht mehr viel zeit heute...

ryder 13.05.2013 20:21
Normalerweise so in etwa 10 Minuten.

notiD 13.05.2013 21:00
Combofix Logfile:
Code:
ComboFix 13-05-13.01 - Diton Shkreli 13.05.2013  21:40:58.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3948.2469 [GMT 2:00]
ausgeführt von:: c:\users\Diton Shkreli\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Diton Shkreli\AppData\Local\assembly\tmp
c:\users\Diton Shkreli\AppData\Local\VirtualStore\Program Files (x86)\epicRO - Renewal Client\AI\USER_AI\_desktop.ini
c:\users\Diton Shkreli\AppData\Roaming\Microsoft\Windows\Recent\godgames.url
c:\users\Diton Shkreli\AppData\Roaming\Microsoft\Windows\Recent\mafia.url
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-04-13 bis 2013-05-13  ))))))))))))))))))))))))))))))
.
.
2013-05-13 19:49 . 2013-05-13 19:49        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-05-13 19:46 . 2013-05-13 19:46        76232        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{7CE07215-57F3-42CC-8AE5-9904D51ACDF9}\offreg.dll
2013-05-13 14:48 . 2013-04-10 03:46        9317456        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{7CE07215-57F3-42CC-8AE5-9904D51ACDF9}\mpengine.dll
2013-05-12 16:44 . 2013-05-12 16:44        --------        d-----w-        c:\program files (x86)\VS Revo Group
2013-05-12 14:37 . 2013-05-12 14:37        --------        d-----w-        c:\windows\system32\IO
2013-05-11 15:33 . 2013-05-11 15:33        --------        d-----w-        c:\users\Diton Shkreli\AppData\Roaming\Malwarebytes
2013-05-11 15:33 . 2013-05-13 14:26        --------        d-----w-        c:\programdata\Malwarebytes
2013-05-09 10:09 . 2013-05-09 10:09        --------        d-----w-        c:\users\Diton Shkreli\AppData\Roaming\ParetoLogic
2013-05-09 10:09 . 2013-05-09 10:09        --------        d-----w-        c:\users\Diton Shkreli\AppData\Roaming\DriverCure
2013-05-09 10:09 . 2013-05-09 10:11        --------        d-----w-        c:\programdata\ParetoLogic
2013-05-07 17:01 . 2013-05-13 19:47        --------        d-----w-        c:\users\Diton Shkreli\AppData\Local\assembly
2013-05-05 11:11 . 2013-05-13 14:42        --------        d-----w-        c:\users\Diton Shkreli\AppData\Local\DownloadGuide
2013-05-03 17:06 . 2013-05-13 14:40        --------        d-----w-        c:\users\Diton Shkreli\AppData\Local\Microsoft Games
2013-05-01 15:54 . 2013-05-01 15:54        --------        d-----w-        c:\users\Diton Shkreli\AppData\Roaming\GoPlayer
2013-04-28 09:09 . 2013-05-13 14:41        --------        d-----w-        c:\program files (x86)\Common Files\soft Xpansion
2013-04-28 09:08 . 2013-05-13 14:41        --------        d-----w-        c:\program files (x86)\Common Files\Freemium
2013-04-28 09:08 . 2013-05-01 10:34        --------        d-----w-        c:\programdata\Freemium
2013-04-27 06:00 . 2013-05-13 17:41        --------        d-----w-        c:\program files (x86)\Google
2013-04-24 11:40 . 2013-04-12 14:45        1656680        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2013-04-20 10:04 . 2013-03-19 04:41        16896        ----a-w-        c:\windows\Launcher.exe
2013-04-20 10:04 . 2013-05-13 14:42        --------        d-----w-        c:\users\Diton Shkreli\AppData\Roaming\HomeTab
2013-04-20 10:04 . 2013-05-13 14:42        --------        d-----w-        c:\program files (x86)\HomeTab
2013-04-20 10:03 . 2013-05-13 14:42        --------        d-----w-        c:\program files (x86)\SoftwareUpdater
2013-04-20 09:58 . 2013-05-13 14:42        --------        d-----w-        c:\users\Diton Shkreli\AppData\Roaming\eDownload
2013-04-16 08:04 . 2013-05-05 10:40        282296        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2013-04-16 08:04 . 2013-05-05 10:38        282296        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2013-04-16 08:04 . 2013-04-16 08:11        76888        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-05 10:40 . 2012-03-25 18:40        282296        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2013-05-02 00:06 . 2010-11-21 03:27        278800        ------w-        c:\windows\system32\MpSigStub.exe
2013-05-01 15:54 . 2011-06-10 23:58        420944        ----a-w-        c:\windows\SysWow64\msvcp100.dll
2013-04-10 12:47 . 2013-04-10 12:47        0        ----a-w-        c:\windows\SysWow64\shoA86F.tmp
2013-04-10 12:45 . 2012-08-08 11:33        72702784        ----a-w-        c:\windows\system32\MRT.exe
2013-04-07 18:54 . 2013-04-07 18:54        0        ----a-w-        c:\windows\SysWow64\shoBE03.tmp
2013-03-26 10:30 . 2013-03-26 10:30        95648        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-26 10:30 . 2012-05-12 18:19        861088        ----a-w-        c:\windows\SysWow64\npdeployJava1.dll
2013-03-26 10:30 . 2012-01-26 18:52        782240        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2013-03-19 06:04 . 2013-04-10 11:54        5550424        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 11:54        43520        ----a-w-        c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 11:54        3968856        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 11:54        3913560        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 11:54        6656        ----a-w-        c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 11:54        112640        ----a-w-        c:\windows\system32\smss.exe
2013-03-13 20:07 . 2013-03-13 20:07        0        ----a-w-        c:\windows\SysWow64\sho1805.tmp
2013-03-13 17:45 . 2012-04-13 10:19        693976        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 17:45 . 2011-07-25 10:15        73432        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-11 12:48 . 2012-12-15 17:51        43520        ----a-w-        c:\windows\SysWow64\CmdLineExt03.dll
2013-03-01 03:36 . 2013-04-10 11:54        3153408        ----a-w-        c:\windows\system32\win32k.sys
2013-02-28 13:41 . 2013-02-28 13:41        0        ----a-w-        c:\windows\SysWow64\sho4E02.tmp
2013-02-22 06:57 . 2013-04-10 12:43        17817088        ----a-w-        c:\windows\system32\mshtml.dll
2013-02-22 06:29 . 2013-04-10 12:43        10925568        ----a-w-        c:\windows\system32\ieframe.dll
2013-02-22 06:27 . 2013-04-10 12:43        2312704        ----a-w-        c:\windows\system32\jscript9.dll
2013-02-22 06:21 . 2013-04-10 12:43        1346560        ----a-w-        c:\windows\system32\urlmon.dll
2013-02-22 06:20 . 2013-04-10 12:43        1392128        ----a-w-        c:\windows\system32\wininet.dll
2013-02-22 06:19 . 2013-04-10 12:43        1494528        ----a-w-        c:\windows\system32\inetcpl.cpl
2013-02-22 06:18 . 2013-04-10 12:43        237056        ----a-w-        c:\windows\system32\url.dll
2013-02-22 06:17 . 2013-04-10 12:43        85504        ----a-w-        c:\windows\system32\jsproxy.dll
2013-02-22 06:15 . 2013-04-10 12:43        173056        ----a-w-        c:\windows\system32\ieUnatt.exe
2013-02-22 06:15 . 2013-04-10 12:43        599040        ----a-w-        c:\windows\system32\vbscript.dll
2013-02-22 06:15 . 2013-04-10 12:43        816640        ----a-w-        c:\windows\system32\jscript.dll
2013-02-22 06:14 . 2013-04-10 12:43        729088        ----a-w-        c:\windows\system32\msfeeds.dll
2013-02-22 06:13 . 2013-04-10 12:43        2147840        ----a-w-        c:\windows\system32\iertutil.dll
2013-02-22 06:13 . 2013-04-10 12:43        96768        ----a-w-        c:\windows\system32\mshtmled.dll
2013-02-22 06:12 . 2013-04-10 12:43        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2013-02-22 06:09 . 2013-04-10 12:43        248320        ----a-w-        c:\windows\system32\ieui.dll
2013-02-22 03:46 . 2013-04-10 12:43        1800704        ----a-w-        c:\windows\SysWow64\jscript9.dll
2013-02-22 03:38 . 2013-04-10 12:43        1129472        ----a-w-        c:\windows\SysWow64\wininet.dll
2013-02-22 03:37 . 2013-04-10 12:43        1427968        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2013-02-22 03:34 . 2013-04-10 12:43        142848        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2013-02-22 03:34 . 2013-04-10 12:43        420864        ----a-w-        c:\windows\SysWow64\vbscript.dll
2013-02-22 03:31 . 2013-04-10 12:43        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2013-02-21 19:13 . 2013-02-21 19:13        0        ----a-w-        c:\windows\SysWow64\sho23A8.tmp
2013-02-20 19:54 . 2013-02-20 19:54        0        ----a-w-        c:\windows\SysWow64\shoA333.tmp
2013-02-17 18:47 . 2013-02-17 18:47        0        ----a-w-        c:\windows\SysWow64\shoD4C1.tmp
2013-02-15 06:08 . 2013-04-10 11:54        44032        ----a-w-        c:\windows\system32\tsgqec.dll
2013-02-15 06:06 . 2013-04-10 11:54        3717632        ----a-w-        c:\windows\system32\mstscax.dll
2013-02-15 06:02 . 2013-04-10 11:54        158720        ----a-w-        c:\windows\system32\aaclient.dll
2013-02-15 04:37 . 2013-04-10 11:54        3217408        ----a-w-        c:\windows\SysWow64\mstscax.dll
2013-02-15 04:34 . 2013-04-10 11:54        131584        ----a-w-        c:\windows\SysWow64\aaclient.dll
2013-02-15 03:25 . 2013-04-10 11:54        36864        ----a-w-        c:\windows\SysWow64\tsgqec.dll
2013-02-12 21:30 . 2013-02-12 21:30        0        ----a-w-        c:\windows\SysWow64\sho258B.tmp
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{96edaac7-6183-4cb5-8823-b8b12d94f967}]
2013-03-24 03:22        1031752        ----a-w-        c:\users\Diton Shkreli\AppData\Roaming\HomeTab\HomeTab.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{96edaac7-6183-4cb5-8823-b8b12d94f967}"= "c:\users\Diton Shkreli\AppData\Roaming\HomeTab\HomeTab.dll" [2013-03-24 1031752]
.
[HKEY_CLASSES_ROOT\clsid\{96edaac7-6183-4cb5-8823-b8b12d94f967}]
[HKEY_CLASSES_ROOT\wtb.Band.1]
[HKEY_CLASSES_ROOT\TypeLib\{b7dc94d1-a06f-411b-9396-70cc757a9133}]
[HKEY_CLASSES_ROOT\wtb.Band]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2012-10-31 206448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SystemStoreService;System Store;c:\program files (x86)\SoftwareUpdater\SystemStore.exe  -displayname System Store -servicename SystemStoreService [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 SXDS10;soft Xpansion Dispatch Service;c:\program files (x86)\Common Files\soft Xpansion\sxds10.exe \Service [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-24 204288]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-24 52320]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-12 138024]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-04-15 12228128]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-09-27 76912]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-26 46176]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2011-03-09 1222248]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 17:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-10 11785832]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-15 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-15 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-15 416024]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-26 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-26 2004584]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
uCustomizeSearch = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
mCustomizeSearch = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
IE: Hinzufügen zu Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: {{6e80943c-847c-4447-b830-f94e7dcbbd4e} - {96edaac7-6183-4cb5-8823-b8b12d94f967} - c:\users\Diton Shkreli\AppData\Roaming\HomeTab\HomeTab.dll
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-PunkBusterSvc - c:\program files (x86)\EA Games\Battlefield Heroes\pbsvc_heroes.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-3844378849-2479913660-30988051-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-3844378849-2479913660-30988051-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-3844378849-2479913660-30988051-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (S-1-5-21-3844378849-2479913660-30988051-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-3844378849-2479913660-30988051-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_USERS\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-3844378849-2479913660-30988051-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_USERS\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (S-1-5-21-3844378849-2479913660-30988051-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-13  21:58:50
ComboFix-quarantined-files.txt  2013-05-13 19:58
.
Vor Suchlauf: 8 Verzeichnis(se), 423.631.581.184 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 423.355.420.672 Bytes frei
.
- - End Of File - - 2261FE9ACA6776AE7CF153A4E4D92CE3
--- --- ---

ryder 13.05.2013 21:08
Dann wollen wir nochmal etwas entfernen:

Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

    Code:

    Folder::
    c:\users\Diton Shkreli\AppData\Roaming\HomeTab
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

notiD 13.05.2013 21:23
Also heute schaff ich das nicht mehr ich mach morgen weiter.
Vielen vielen dank von mir dass du es so lange mit mir ausgehalten hast ;)

Code:
ComboFix 13-05-14.01 - Diton Shkreli 14.05.2013  16:07:17.2.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3948.2269 [GMT 2:00]
ausgeführt von:: c:\users\Diton Shkreli\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Diton Shkreli\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Diton Shkreli\AppData\Roaming\HomeTab
c:\users\Diton Shkreli\AppData\Roaming\HomeTab\HomeTab.dll
c:\users\Diton Shkreli\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\Diton Shkreli\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-04-14 bis 2013-05-14  ))))))))))))))))))))))))))))))
.
.
2013-05-14 14:15 . 2013-05-14 14:15        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-05-14 14:03 . 2013-04-10 03:46        9317456        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{7A0D78AF-8599-4B63-BD28-BF6604B3C1C0}\mpengine.dll
2013-05-13 20:01 . 2013-05-13 20:01        0        ----a-w-        c:\windows\SysWow64\shoF8DF.tmp
2013-05-12 16:44 . 2013-05-12 16:44        --------        d-----w-        c:\program files (x86)\VS Revo Group
2013-05-12 14:37 . 2013-05-12 14:37        --------        d-----w-        c:\windows\system32\IO
2013-05-11 15:33 . 2013-05-11 15:33        --------        d-----w-        c:\users\Diton Shkreli\AppData\Roaming\Malwarebytes
2013-05-11 15:33 . 2013-05-13 14:26        --------        d-----w-        c:\programdata\Malwarebytes
2013-05-09 10:09 . 2013-05-09 10:09        --------        d-----w-        c:\users\Diton Shkreli\AppData\Roaming\ParetoLogic
2013-05-09 10:09 . 2013-05-09 10:09        --------        d-----w-        c:\users\Diton Shkreli\AppData\Roaming\DriverCure
2013-05-09 10:09 . 2013-05-09 10:11        --------        d-----w-        c:\programdata\ParetoLogic
2013-05-07 17:01 . 2013-05-13 19:47        --------        d-----w-        c:\users\Diton Shkreli\AppData\Local\assembly
2013-05-05 11:11 . 2013-05-13 14:42        --------        d-----w-        c:\users\Diton Shkreli\AppData\Local\DownloadGuide
2013-05-03 17:06 . 2013-05-13 14:40        --------        d-----w-        c:\users\Diton Shkreli\AppData\Local\Microsoft Games
2013-05-01 15:54 . 2013-05-01 15:54        --------        d-----w-        c:\users\Diton Shkreli\AppData\Roaming\GoPlayer
2013-04-28 09:09 . 2013-05-13 14:41        --------        d-----w-        c:\program files (x86)\Common Files\soft Xpansion
2013-04-28 09:08 . 2013-05-13 14:41        --------        d-----w-        c:\program files (x86)\Common Files\Freemium
2013-04-28 09:08 . 2013-05-01 10:34        --------        d-----w-        c:\programdata\Freemium
2013-04-27 06:00 . 2013-05-13 17:41        --------        d-----w-        c:\program files (x86)\Google
2013-04-24 11:40 . 2013-04-12 14:45        1656680        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2013-04-20 10:04 . 2013-03-19 04:41        16896        ----a-w-        c:\windows\Launcher.exe
2013-04-20 10:04 . 2013-05-13 14:42        --------        d-----w-        c:\program files (x86)\HomeTab
2013-04-20 10:03 . 2013-05-13 14:42        --------        d-----w-        c:\program files (x86)\SoftwareUpdater
2013-04-20 09:58 . 2013-05-13 14:42        --------        d-----w-        c:\users\Diton Shkreli\AppData\Roaming\eDownload
2013-04-16 08:04 . 2013-05-05 10:40        282296        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2013-04-16 08:04 . 2013-05-05 10:38        282296        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2013-04-16 08:04 . 2013-04-16 08:11        76888        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-05 10:40 . 2012-03-25 18:40        282296        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2013-05-02 00:06 . 2010-11-21 03:27        278800        ------w-        c:\windows\system32\MpSigStub.exe
2013-05-01 15:54 . 2011-06-10 23:58        420944        ----a-w-        c:\windows\SysWow64\msvcp100.dll
2013-04-10 12:47 . 2013-04-10 12:47        0        ----a-w-        c:\windows\SysWow64\shoA86F.tmp
2013-04-10 12:45 . 2012-08-08 11:33        72702784        ----a-w-        c:\windows\system32\MRT.exe
2013-04-07 18:54 . 2013-04-07 18:54        0        ----a-w-        c:\windows\SysWow64\shoBE03.tmp
2013-03-26 10:30 . 2013-03-26 10:30        95648        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-26 10:30 . 2012-05-12 18:19        861088        ----a-w-        c:\windows\SysWow64\npdeployJava1.dll
2013-03-26 10:30 . 2012-01-26 18:52        782240        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2013-03-19 06:04 . 2013-04-10 11:54        5550424        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 11:54        43520        ----a-w-        c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 11:54        3968856        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 11:54        3913560        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 11:54        6656        ----a-w-        c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 11:54        112640        ----a-w-        c:\windows\system32\smss.exe
2013-03-13 20:07 . 2013-03-13 20:07        0        ----a-w-        c:\windows\SysWow64\sho1805.tmp
2013-03-13 17:45 . 2012-04-13 10:19        693976        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 17:45 . 2011-07-25 10:15        73432        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-11 12:48 . 2012-12-15 17:51        43520        ----a-w-        c:\windows\SysWow64\CmdLineExt03.dll
2013-03-01 03:36 . 2013-04-10 11:54        3153408        ----a-w-        c:\windows\system32\win32k.sys
2013-02-28 13:41 . 2013-02-28 13:41        0        ----a-w-        c:\windows\SysWow64\sho4E02.tmp
2013-02-22 06:57 . 2013-04-10 12:43        17817088        ----a-w-        c:\windows\system32\mshtml.dll
2013-02-22 06:29 . 2013-04-10 12:43        10925568        ----a-w-        c:\windows\system32\ieframe.dll
2013-02-22 06:27 . 2013-04-10 12:43        2312704        ----a-w-        c:\windows\system32\jscript9.dll
2013-02-22 06:21 . 2013-04-10 12:43        1346560        ----a-w-        c:\windows\system32\urlmon.dll
2013-02-22 06:20 . 2013-04-10 12:43        1392128        ----a-w-        c:\windows\system32\wininet.dll
2013-02-22 06:19 . 2013-04-10 12:43        1494528        ----a-w-        c:\windows\system32\inetcpl.cpl
2013-02-22 06:18 . 2013-04-10 12:43        237056        ----a-w-        c:\windows\system32\url.dll
2013-02-22 06:17 . 2013-04-10 12:43        85504        ----a-w-        c:\windows\system32\jsproxy.dll
2013-02-22 06:15 . 2013-04-10 12:43        173056        ----a-w-        c:\windows\system32\ieUnatt.exe
2013-02-22 06:15 . 2013-04-10 12:43        599040        ----a-w-        c:\windows\system32\vbscript.dll
2013-02-22 06:15 . 2013-04-10 12:43        816640        ----a-w-        c:\windows\system32\jscript.dll
2013-02-22 06:14 . 2013-04-10 12:43        729088        ----a-w-        c:\windows\system32\msfeeds.dll
2013-02-22 06:13 . 2013-04-10 12:43        2147840        ----a-w-        c:\windows\system32\iertutil.dll
2013-02-22 06:13 . 2013-04-10 12:43        96768        ----a-w-        c:\windows\system32\mshtmled.dll
2013-02-22 06:12 . 2013-04-10 12:43        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2013-02-22 06:09 . 2013-04-10 12:43        248320        ----a-w-        c:\windows\system32\ieui.dll
2013-02-22 03:46 . 2013-04-10 12:43        1800704        ----a-w-        c:\windows\SysWow64\jscript9.dll
2013-02-22 03:38 . 2013-04-10 12:43        1129472        ----a-w-        c:\windows\SysWow64\wininet.dll
2013-02-22 03:37 . 2013-04-10 12:43        1427968        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2013-02-22 03:34 . 2013-04-10 12:43        142848        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2013-02-22 03:34 . 2013-04-10 12:43        420864        ----a-w-        c:\windows\SysWow64\vbscript.dll
2013-02-22 03:31 . 2013-04-10 12:43        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2013-02-21 19:13 . 2013-02-21 19:13        0        ----a-w-        c:\windows\SysWow64\sho23A8.tmp
2013-02-20 19:54 . 2013-02-20 19:54        0        ----a-w-        c:\windows\SysWow64\shoA333.tmp
2013-02-17 18:47 . 2013-02-17 18:47        0        ----a-w-        c:\windows\SysWow64\shoD4C1.tmp
2013-02-15 06:08 . 2013-04-10 11:54        44032        ----a-w-        c:\windows\system32\tsgqec.dll
2013-02-15 06:06 . 2013-04-10 11:54        3717632        ----a-w-        c:\windows\system32\mstscax.dll
2013-02-15 06:02 . 2013-04-10 11:54        158720        ----a-w-        c:\windows\system32\aaclient.dll
2013-02-15 04:37 . 2013-04-10 11:54        3217408        ----a-w-        c:\windows\SysWow64\mstscax.dll
2013-02-15 04:34 . 2013-04-10 11:54        131584        ----a-w-        c:\windows\SysWow64\aaclient.dll
2013-02-15 03:25 . 2013-04-10 11:54        36864        ----a-w-        c:\windows\SysWow64\tsgqec.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2012-10-31 206448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SystemStoreService;System Store;c:\program files (x86)\SoftwareUpdater\SystemStore.exe  -displayname System Store -servicename SystemStoreService [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 SXDS10;soft Xpansion Dispatch Service;c:\program files (x86)\Common Files\soft Xpansion\sxds10.exe \Service [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-24 204288]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-24 52320]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-12 138024]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-04-15 12228128]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-09-27 76912]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-26 46176]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2011-03-09 1222248]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 17:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-10 11785832]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-15 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-15 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-15 416024]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-26 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-26 2004584]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
uCustomizeSearch = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
mCustomizeSearch = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
IE: Hinzufügen zu Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: {{6e80943c-847c-4447-b830-f94e7dcbbd4e} - {96edaac7-6183-4cb5-8823-b8b12d94f967} - c:\users\Diton Shkreli\AppData\Roaming\HomeTab\HomeTab.dll
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{96edaac7-6183-4cb5-8823-b8b12d94f967} - c:\users\Diton Shkreli\AppData\Roaming\HomeTab\HomeTab.dll
Toolbar-Locked - (no file)
Toolbar-{96edaac7-6183-4cb5-8823-b8b12d94f967} - c:\users\Diton Shkreli\AppData\Roaming\HomeTab\HomeTab.dll
AddRemove-PunkBusterSvc - c:\program files (x86)\EA Games\Battlefield Heroes\pbsvc_heroes.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-3844378849-2479913660-30988051-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-3844378849-2479913660-30988051-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-3844378849-2479913660-30988051-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (S-1-5-21-3844378849-2479913660-30988051-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-3844378849-2479913660-30988051-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_USERS\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-3844378849-2479913660-30988051-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.XHT"
.
[HKEY_USERS\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (S-1-5-21-3844378849-2479913660-30988051-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-14  16:25:07
ComboFix-quarantined-files.txt  2013-05-14 14:25
ComboFix2.txt  2013-05-13 19:58
.
Vor Suchlauf: 14 Verzeichnis(se), 423.375.548.416 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 423.053.492.224 Bytes frei
.
- - End Of File - - 774BCD838B7BEAD10E14E6F1416F6D93
Hast du dir das Log schon angeschaut?

ryder 15.05.2013 16:46
Okay.

Bevor es weiter geht: Besteht das Problem noch?

notiD 15.05.2013 16:48
Es lag an kaspersky dass der pc hing habs geloescht und wieder drauf gemacht laeuft wieder einwandfrei.
Aber die fehlermeldung erscheint immer noch, irgend einen tipp?

ryder 15.05.2013 16:55
Ja, sicher wir schauen mal weiter:

Kontrollscan mit OTL
  • Starte bitte OTL.exe - falls noch nicht vorhanden: LINK
  • Stelle sicher, dass "Alle Benuzter Scannen" angehakt ist!
  • Drücke den Quick Scan Button.
  • Poste die OTL.txt hier in deinen Thread.

notiD 15.05.2013 18:25
Code:
OTL logfile created on: 15.05.2013 19:14:24 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Diton Shkreli\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 47,13% Memory free
7,71 Gb Paging File | 5,23 Gb Available in Paging File | 67,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 445,66 Gb Total Space | 389,90 Gb Free Space | 87,49% Space Free | Partition Type: NTFS
Drive D: | 342,29 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: DITONS-LAPTOP | User Name: Diton Shkreli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.15 19:14:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Diton Shkreli\Downloads\OTL.exe
PRC - [2013.05.15 16:19:15 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2013.05.15 16:19:06 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013.05.15 15:37:40 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2013.04.09 10:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012.12.18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.07.01 04:51:14 | 000,418,896 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2011.07.01 04:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011.05.20 18:44:32 | 000,986,208 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
PRC - [2011.03.30 00:33:08 | 000,598,312 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011.02.01 23:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.01 23:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.01.13 03:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.15 15:31:40 | 013,136,776 | ---- | M] () -- C:\Users\Diton Shkreli\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll
MOD - [2013.04.09 10:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013.04.09 10:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013.04.09 10:56:15 | 000,598,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013.04.09 10:56:14 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013.04.09 10:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.05.24 17:03:40 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.05.15 16:19:15 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2013.05.15 16:19:06 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.05.15 15:37:40 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2013.05.15 13:44:59 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.01 16:55:09 | 000,296,448 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe -- (SystemStoreService)
SRV - [2013.04.28 11:08:42 | 000,234,096 | ---- | M] (soft Xpansion) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe -- (SXDS10)
SRV - [2012.12.18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.11.28 23:38:00 | 004,229,912 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.07.01 04:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011.03.30 00:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011.02.01 23:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.01 23:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.01.13 03:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.05.15 15:53:50 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.06.26 22:38:28 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012.06.24 22:24:48 | 000,052,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.07.14 07:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.07.14 07:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.05.24 18:26:58 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.05.24 16:25:44 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.04.15 05:08:26 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011.03.09 10:06:44 | 001,222,248 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.12 08:23:40 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.14 19:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.09.27 09:24:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.02.03 17:37:50 | 000,075,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfdrv01.sys -- (sfdrv01)
DRV:64bit: - [2007.02.08 19:47:24 | 000,107,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfvfs02.sys -- (sfvfs02)
DRV:64bit: - [2006.06.14 16:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.03 17:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=APBTDF&pc=MAPB&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3844378849-2479913660-30988051-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-3844378849-2479913660-30988051-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab
IE - HKU\S-1-5-21-3844378849-2479913660-30988051-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3844378849-2479913660-30988051-1000\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://www.google.com
IE - HKU\S-1-5-21-3844378849-2479913660-30988051-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-3844378849-2479913660-30988051-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = hxxp://www.google.com
IE - HKU\S-1-5-21-3844378849-2479913660-30988051-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3844378849-2479913660-30988051-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-3844378849-2479913660-30988051-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
IE - HKU\S-1-5-21-3844378849-2479913660-30988051-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab
IE - HKU\S-1-5-21-3844378849-2479913660-30988051-1000\..\SearchScopes,DefaultScope = {BE02333D-A334-4968-8C75-2CCAE540D285}
IE - HKU\S-1-5-21-3844378849-2479913660-30988051-1000\..\SearchScopes\{BE02333D-A334-4968-8C75-2CCAE540D285}: "URL" = hxxp://www.mysearchresults.com/search?&c=4001&t=10&q={searchTerms}
IE - HKU\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ocr@babylon.com: C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2013.05.15 15:53:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2013.05.15 15:53:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2013.05.15 15:53:58 | 000,000,000 | ---D | M]
 
[2012.08.24 16:50:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Diton Shkreli\AppData\Roaming\mozilla\Extensions
[2012.01.28 17:35:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Diton Shkreli\AppData\Roaming\mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2013.05.13 19:55:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Diton Shkreli\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions
[2013.04.20 12:04:05 | 000,000,000 | ---D | M] (HomeTab) -- C:\Users\Diton Shkreli\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions\{aa9cc3fa-a5e4-449b-aab5-1ebdbc7314ee}
[2013.05.13 14:18:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Diton Shkreli\AppData\Roaming\mozilla\Firefox\Profiles\4tept9sc.default\extensions
[2013.05.13 15:44:53 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Diton Shkreli\AppData\Roaming\mozilla\Firefox\Profiles\4tept9sc.default\extensions\battlefieldheroespatcher@ea.com
[2012.10.25 19:07:02 | 000,214,909 | ---- | M] () (No name found) -- C:\Users\Diton Shkreli\AppData\Roaming\mozilla\firefox\profiles\0\extensions\onlinehdtv@onlinehd.tv.xpi
[2013.05.13 19:41:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Docs = C:\Users\Diton Shkreli\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\Diton Shkreli\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Diton Shkreli\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Battlefield Heroes = C:\Users\Diton Shkreli\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh\5.0.203.0_0\
CHR - Extension: WiseConvert = C:\Users\Diton Shkreli\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgiaikfpllchefojlnehlmpekeogihnm\2.3.10.3_0\
CHR - Extension: Google-Suche = C:\Users\Diton Shkreli\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Diton Shkreli\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.397_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Diton Shkreli\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\Diton Shkreli\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\Diton Shkreli\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: Google Mail = C:\Users\Diton Shkreli\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\Diton Shkreli\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\
 
O1 HOSTS File: ([2013.05.14 16:15:30 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (HomeTab) - {96edaac7-6183-4cb5-8823-b8b12d94f967} - C:\Users\Diton Shkreli\AppData\Roaming\HomeTab\HomeTab.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (HomeTab) - {96edaac7-6183-4cb5-8823-b8b12d94f967} - C:\Users\Diton Shkreli\AppData\Roaming\HomeTab\HomeTab.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3844378849-2479913660-30988051-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3844378849-2479913660-30988051-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_x64_5.0.203.0.cab (Battlefield Heroes Updater)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24D56DD0-2FBE-42FA-BC05-1300280A189D}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{976E7C6E-A22D-483E-8654-FD812FFC4502}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.05.11 15:49:37 | 000,693,816 | R--- | M] (Kaspersky Lab ZAO) - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.10.08 04:00:00 | 000,000,051 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.15 16:19:59 | 000,000,000 | ---D | C] -- C:\Users\Diton Shkreli\Documents\Battlefield Heroes
[2013.05.15 15:47:03 | 000,000,000 | ---D | C] -- C:\Users\Diton Shkreli\Desktop\Cleans
[2013.05.15 15:24:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.05.15 15:04:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012
[2013.05.15 15:04:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.05.15 15:04:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2013.05.15 15:04:04 | 000,637,272 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2013.05.14 17:55:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games
[2013.05.14 16:41:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.13 21:39:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.13 21:39:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.13 21:39:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.13 21:39:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.13 21:39:32 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.13 14:51:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
[2013.05.13 14:05:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.12 18:44:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013.05.12 18:44:33 | 000,000,000 | ---D | C] -- C:\Users\Diton Shkreli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013.05.12 16:37:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\IO
[2013.05.11 18:37:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tools
[2013.05.11 17:33:52 | 000,000,000 | ---D | C] -- C:\Users\Diton Shkreli\AppData\Roaming\Malwarebytes
[2013.05.11 17:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.09 12:09:11 | 000,000,000 | ---D | C] -- C:\Users\Diton Shkreli\AppData\Roaming\ParetoLogic
[2013.05.09 12:09:11 | 000,000,000 | ---D | C] -- C:\Users\Diton Shkreli\AppData\Roaming\DriverCure
[2013.05.09 12:09:01 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2013.05.07 19:31:09 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013.05.07 19:01:03 | 000,000,000 | ---D | C] -- C:\Users\Diton Shkreli\AppData\Local\assembly
[2013.05.05 13:11:33 | 000,000,000 | ---D | C] -- C:\Users\Diton Shkreli\AppData\Local\DownloadGuide
[2013.05.03 19:06:38 | 000,000,000 | ---D | C] -- C:\Users\Diton Shkreli\AppData\Local\Microsoft Games
[2013.05.01 17:54:11 | 000,000,000 | ---D | C] -- C:\Users\Diton Shkreli\AppData\Roaming\GoPlayer
[2013.04.28 11:09:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\soft Xpansion
[2013.04.28 11:08:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Freemium
[2013.04.28 11:08:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemium
[2013.04.27 08:00:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.04.20 12:04:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HomeTab
[2013.04.20 12:03:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoftwareUpdater
[2013.04.20 11:58:46 | 000,000,000 | ---D | C] -- C:\Users\Diton Shkreli\AppData\Roaming\eDownload
[34 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.15 19:13:21 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.15 19:13:21 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.15 19:09:16 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.15 19:05:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.15 19:05:03 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.15 16:19:15 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.05.15 16:19:07 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.05.15 16:19:06 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.05.15 15:53:54 | 000,153,053 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2013.05.15 15:53:54 | 000,107,384 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2013.05.15 15:53:50 | 000,637,272 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2013.05.15 15:44:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.15 15:28:05 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.15 15:21:23 | 000,376,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.15 15:12:38 | 001,636,916 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.15 15:12:38 | 000,697,542 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.15 15:12:38 | 000,652,820 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.15 15:12:38 | 000,148,548 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.15 15:12:38 | 000,121,494 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.14 16:15:30 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.05.13 19:40:24 | 000,000,898 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013.05.05 12:40:57 | 000,282,296 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.05.03 14:52:46 | 000,000,017 | ---- | M] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2013.04.28 11:08:44 | 000,010,464 | ---- | M] () -- C:\Windows\SysWow64\sx_p2d.tlb
[34 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.15 15:23:18 | 000,001,124 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.15 15:23:16 | 000,001,120 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.15 15:04:54 | 000,153,053 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2013.05.15 15:04:54 | 000,107,384 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2013.05.13 21:39:56 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.13 21:39:56 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.13 21:39:56 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.13 21:39:56 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.13 21:39:56 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.03 14:52:45 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2013.04.28 11:08:44 | 000,010,464 | ---- | C] () -- C:\Windows\SysWow64\sx_p2d.tlb
[2013.04.20 12:04:01 | 000,016,896 | ---- | C] () -- C:\Windows\Launcher.exe
[2013.04.16 10:04:31 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.04.16 10:04:31 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.04.16 10:04:30 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.03.29 11:27:31 | 000,003,280 | ---- | C] () -- C:\Windows\SysWow64\LOWERP.ini
[2013.03.29 11:27:31 | 000,001,760 | ---- | C] () -- C:\Windows\SysWow64\LPOff.ini
[2013.03.29 11:27:02 | 000,000,600 | ---- | C] () -- C:\Users\Diton Shkreli\AppData\Local\PUTTY.RND
[2013.03.28 17:46:12 | 000,051,200 | ---- | C] () -- C:\Users\Diton Shkreli\GestureMouseSession.etl
[2013.03.26 15:15:20 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2012.12.15 19:51:52 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2012.10.21 19:52:08 | 000,001,527 | ---- | C] () -- C:\Users\Diton Shkreli\AppData\Local\recently-used.xbel
[2012.09.19 18:19:26 | 000,017,408 | ---- | C] () -- C:\Users\Diton Shkreli\AppData\Local\WebpageIcons.db
[2011.12.26 13:47:00 | 001,592,818 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.14 17:52:21 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.08.27 04:54:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.08.27 04:51:57 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011.07.25 12:01:00 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.07.25 12:01:00 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.07.25 12:01:00 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.07.25 12:00:59 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.07.25 12:00:58 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.07.25 12:00:57 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2004.01.26 18:15:29 | 000,233,472 | R--- | C] () -- C:\Users\Diton Shkreli\AppData\Roaming\MafiaSetup.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.01.26 20:52:56 | 000,000,000 | ---D | M] -- C:\Users\Diton Shkreli\AppData\Roaming\.minecraft
[2012.07.29 20:57:53 | 000,000,000 | ---D | M] -- C:\Users\Diton Shkreli\AppData\Roaming\AnvSoft
[2013.05.09 12:09:11 | 000,000,000 | ---D | M] -- C:\Users\Diton Shkreli\AppData\Roaming\DriverCure
[2013.05.13 16:42:19 | 000,000,000 | ---D | M] -- C:\Users\Diton Shkreli\AppData\Roaming\eDownload
[2013.03.27 19:09:59 | 000,000,000 | ---D | M] -- C:\Users\Diton Shkreli\AppData\Roaming\EurekaLog
[2012.02.01 19:06:04 | 000,000,000 | ---D | M] -- C:\Users\Diton Shkreli\AppData\Roaming\Flock
[2013.01.20 13:34:57 | 000,000,000 | ---D | M] -- C:\Users\Diton Shkreli\AppData\Roaming\GetRightToGo
[2013.01.27 13:49:50 | 000,000,000 | ---D | M] -- C:\Users\Diton Shkreli\AppData\Roaming\GoforFiles
[2013.05.01 17:54:11 | 000,000,000 | ---D | M] -- C:\Users\Diton Shkreli\AppData\Roaming\GoPlayer
[2011.10.25 17:58:23 | 000,000,000 | ---D | M] -- C:\Users\Diton Shkreli\AppData\Roaming\Leadertech
[2012.01.29 12:24:45 | 000,000,000 | ---D | M] -- C:\Users\Diton Shkreli\AppData\Roaming\OpenOffice.org
[2013.05.13 16:42:19 | 000,000,000 | ---D | M] -- C:\Users\Diton Shkreli\AppData\Roaming\Opera
[2013.05.09 12:09:11 | 000,000,000 | ---D | M] -- C:\Users\Diton Shkreli\AppData\Roaming\ParetoLogic
[2011.10.23 09:02:28 | 000,000,000 | ---D | M] -- C:\Users\Diton Shkreli\AppData\Roaming\SNS
[2012.09.19 18:48:17 | 000,000,000 | ---D | M] -- C:\Users\Diton Shkreli\AppData\Roaming\SoftGrid Client
[2011.12.26 13:47:37 | 000,000,000 | ---D | M] -- C:\Users\Diton Shkreli\AppData\Roaming\TP
[2013.05.13 16:41:13 | 000,000,000 | ---D | M] -- C:\Users\Diton Shkreli\AppData\Roaming\TS3Client
[2013.04.13 15:37:10 | 000,000,000 | ---D | M] -- C:\Users\Diton Shkreli\AppData\Roaming\TuneUp Software
[2012.08.14 09:27:11 | 000,000,000 | ---D | M] -- C:\Users\Diton Shkreli\AppData\Roaming\Unity
[2013.03.29 10:55:56 | 000,000,000 | -HSD | M] -- C:\Users\Diton Shkreli\AppData\Roaming\wyUpdate AU
 
========== Purity Check ==========
 
 

< End of report >

ryder 15.05.2013 18:31
Merkwürdig. Ich sehe erstmal nix, was diesen Fehler erzeugen könnte ...

Kannst du mir einen Screenshot davon machen?

notiD 15.05.2013 18:38
Von der fehlermeldung?

ryder 15.05.2013 18:43
Ja bitte. Damit ich mir das mal ansehen kann.

notiD 15.05.2013 19:07
http://www.myimg.de/?img=IMG20130515WA0000f4676.jpg

ryder 15.05.2013 19:09
hm :)

nix zu sehen

notiD 15.05.2013 19:11
Kannst du das bild nit sehn?

ryder 15.05.2013 19:14
Nö da ist nix. Auch nicht, wenn ich den Werbeblocker deaktiviere.

notiD 15.05.2013 19:15
Mach mal rechtsklick "in einem neuen tab öffnen"

ryder 15.05.2013 19:35
in deinem feld ist gar nichts zu sehen

wenn du einen link hast bitte pm

ryder 15.05.2013 19:49
Echt seltsam, wir müssen mal explizit suchen evtl übersehe ich was:

Scan mit SystemLook

Lade dir die passende Version von SystemLook (jpshortstuff) von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.

Download Mirror #1 (32 bit) - Download Mirror #2 (32 bit)
Download Mirror #1 (64 bit) - Download Mirror #2 (64 bit)
  • Starte das Tool mit Doppelklick.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
    Code:
    :regfind
    tbupdater
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

notiD 15.05.2013 19:57
Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 20:56 on 15/05/2013 by Diton Shkreli
Administrator - Elevation successful

========== regfind ==========

Searching for "tbupdater"
No data found.

Searching for "        "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"="            <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" >                <InitializationParameters>                    <Param Name="PSVersion" Value="2.0"/>                </InitializationParameters>                <Resources>                    <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true">                        <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                        <Capability Type="Shell"/>                    </Resource>                </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" >                        <InitializationParameters>                            <Param Name="PSVersion" Value="2.0"/>                        </InitializationParameters>                        <Resources>                            <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true">                                <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>                               

-= EOF =-

ryder 15.05.2013 19:58
Hm echt komisch und du bist in dem Benutzer angemeldet der auch die Fehler bekommt?

notiD 15.05.2013 20:05
Ja ich hab nur einen benutzer

Was kannst du mir noch vorschlagen?

ryder 15.05.2013 20:12
Was findest du im Startmenü unter "Autostart" ?

notiD 15.05.2013 20:18
Wie meinst du das?

Also wenn du diesen Ordner meinst da ist nichts drin: <leer>

ryder 15.05.2013 20:43
Das ist ja echt unglaublich. Aber ich sehe in keinem Logfile etwas das es bewirken könnte ....

So langsam gehen mir die Optionen aus :(

Scan mit ZOEK

Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen
  • Starte Zoek.exe mit einem Doppelklick.
  • Klicke auch auf "Options" und wähle die folgenden Optionen aus:
    • Running processes
    • Recently Created
    • Startup Information
    • Silent Runners
    • Auto Clean
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchläuft.
  • Wenn das Tool fertig ist wird sich Notepad mit dem Logfile öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)

notiD 15.05.2013 20:59
Code:
Zoek.exe Version 4.0.0.2 Updated 15-May-2013
Tool run by Diton Shkreli on 15.05.2013 at 21:47:29,58.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== Running Processes ======================

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Users\Diton Shkreli\Desktop\zoek.exe
C:\Windows\system32\conhost.exe

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9312D118-6419-4C6A-A709-9AA0106B6E9C} deleted successfully
HKEY_USERS\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BE02333D-A334-4968-8C75-2CCAE540D285} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Files \ Folders ======================

"C:\Windows\Launcher.exe" deleted
"C:\Windows\Syswow64\sho1805.tmp" deleted
"C:\Windows\Syswow64\sho230C.tmp" deleted
"C:\Windows\Syswow64\sho23A8.tmp" deleted
"C:\Windows\Syswow64\sho258B.tmp" deleted
"C:\Windows\Syswow64\sho3287.tmp" deleted
"C:\Windows\Syswow64\sho3BF8.tmp" deleted
"C:\Windows\Syswow64\sho3CD2.tmp" deleted
"C:\Windows\Syswow64\sho4E02.tmp" deleted
"C:\Windows\Syswow64\sho533E.tmp" deleted
"C:\Windows\Syswow64\sho63B2.tmp" deleted
"C:\Windows\Syswow64\sho6400.tmp" deleted
"C:\Windows\Syswow64\sho6CF5.tmp" deleted
"C:\Windows\Syswow64\sho6E6C.tmp" deleted
"C:\Windows\Syswow64\sho6E8E.tmp" deleted
"C:\Windows\Syswow64\sho7762.tmp" deleted
"C:\Windows\Syswow64\sho87C6.tmp" deleted
"C:\Windows\Syswow64\sho895B.tmp" deleted
"C:\Windows\Syswow64\sho8D15.tmp" deleted
"C:\Windows\Syswow64\sho90E9.tmp" deleted
"C:\Windows\Syswow64\sho9658.tmp" deleted
"C:\Windows\Syswow64\sho9C9F.tmp" deleted
"C:\Windows\Syswow64\sho9D0D.tmp" deleted
"C:\Windows\Syswow64\sho9D96.tmp" deleted
"C:\Windows\Syswow64\shoA333.tmp" deleted
"C:\Windows\Syswow64\shoA86F.tmp" deleted
"C:\Windows\Syswow64\shoAE8D.tmp" deleted
"C:\Windows\Syswow64\shoBBA2.tmp" deleted
"C:\Windows\Syswow64\shoBE03.tmp" deleted
"C:\Windows\Syswow64\shoC758.tmp" deleted
"C:\Windows\Syswow64\shoD4C1.tmp" deleted
"C:\Windows\Syswow64\shoD74D.tmp" deleted
"C:\Windows\Syswow64\shoE85C.tmp" deleted
"C:\Windows\Syswow64\shoF25B.tmp" deleted
"C:\Windows\Syswow64\shoF8DF.tmp" deleted
"C:\Users\Diton Shkreli\AppData\Roaming\Flock" deleted
"C:\Program Files (x86)\HomeTab" deleted
"C:\Program Files (x86)\Ask.com" deleted
"C:\Users\Diton Shkreli\AppData\Roaming\GoforFiles" deleted
"C:\Users\Diton Shkreli\AppData\Roaming\eDownload" deleted
"C:\Users\Diton Shkreli\AppData\Local\CRE" deleted
"C:\Users\Diton Shkreli\AppData\Local\APN" deleted
"C:\Users\Diton Shkreli\AppData\Local\DownloadGuide" deleted
"C:\Users\Diton Shkreli\AppData\LocalLow\HomeTab" deleted
"C:\Users\Diton Shkreli\AppData\LocalLow\AskToolbar" deleted
"C:\Windows\SysWow64\searchplugins" deleted
"C:\Windows\SysWow64\Extensions" deleted
"C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2013-05-13 19:39:56        F042EE4C8D66248D9B86DCF52ABAE416        256000        ----a-w-        C:\Windows\PEV.exe
2013-05-13 19:39:56        9E05A9C264C8A908A8E79450FCBFF047        80412        ----a-w-        C:\Windows\grep.exe
2013-05-13 19:39:56        5E832F4FAF5F481F2EAF3B3A48F603B8        68096        ----a-w-        C:\Windows\zip.exe
2013-05-13 19:39:56        0297C72529807322B152F517FDB0A9FC        406528        ----a-w-        C:\Windows\SWSC.exe
2013-05-13 19:39:56        0277C027A26428DB64EF4F64F52BB4FD        208896        ----a-w-        C:\Windows\MBR.exe
====== C:\Users\DITONS~1\AppData\Local\Temp ====
====== C:\Windows\SysWOW64 =====
2013-05-15 13:10:39        26F30066B9FA78C97A0E92803D496211        12324864        ----a-w-        C:\Windows\SysWOW64\mshtml.dll
2013-05-15 13:10:37        BAC6BA11D60205F91797329817168B70        2382848        ----a-w-        C:\Windows\SysWOW64\mshtml.tlb
2013-05-15 13:09:43        EB776FA63947CB30EC24A71EAFC2D618        73216        ----a-w-        C:\Windows\SysWOW64\mshtmled.dll
2013-05-15 13:09:43        4B185E9743BFF0DFC905911C4FABAB05        420864        ----a-w-        C:\Windows\SysWOW64\vbscript.dll
2013-05-15 13:09:42        9649C970BFFA54F66E77FC18AC9B6BF4        176640        ----a-w-        C:\Windows\SysWOW64\ieui.dll
2013-05-15 13:09:42        6B07400F62998EB6970807C0A69CF152        1796096        ----a-w-        C:\Windows\SysWOW64\iertutil.dll
2013-05-15 13:09:41        DFD966309C42287C731428258BCA997F        1427968        ----a-w-        C:\Windows\SysWOW64\inetcpl.cpl
2013-05-15 13:09:41        B64259DE087A5FB227D50F476B466735        1104384        ----a-w-        C:\Windows\SysWOW64\urlmon.dll
2013-05-15 13:09:41        AFAF17FF419BA7E47412AD720ABBEC23        231936        ----a-w-        C:\Windows\SysWOW64\url.dll
2013-05-15 13:09:41        61AE3CFCD6EFDA9EADAB6B87CD6BC7DC        142848        ----a-w-        C:\Windows\SysWOW64\ieUnatt.exe
2013-05-15 13:09:40        36AD48C975F88D302C1F824987D691CA        607744        ----a-w-        C:\Windows\SysWOW64\msfeeds.dll
2013-05-15 13:09:40        2C96B3921B4CDE10DBAED5AAD760DB67        1129472        ----a-w-        C:\Windows\SysWOW64\wininet.dll
2013-05-15 13:09:39        9E254EC51F63C38C3FE4DF83E5CE42CE        65024        ----a-w-        C:\Windows\SysWOW64\jsproxy.dll
2013-05-15 13:09:39        5123EBB7008E8BC0F016CBECAE2A52C3        1800704        ----a-w-        C:\Windows\SysWOW64\jscript9.dll
2013-05-15 13:09:39        03CB321720B8607C9BF38B8057E1EE29        717824        ----a-w-        C:\Windows\SysWOW64\jscript.dll
2013-05-15 13:09:35        054211C307009F31BAF47CF046D48D42        9738752        ----a-w-        C:\Windows\SysWOW64\ieframe.dll
2013-05-15 11:42:17        E904178851A6A44BFA97E064EF779E9D        1796096        ----a-w-        C:\Windows\SysWOW64\authui.dll
2013-05-15 11:42:17        565D78187494FB5F08B5A52DEB2AEA7A        12872704        ----a-w-        C:\Windows\SysWOW64\shell32.dll
2013-05-15 11:42:17        1F05F5A16881CD928C82D53CEFCF4477        180224        ----a-w-        C:\Windows\SysWOW64\shdocvw.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2013-05-15 13:10:37        955A6E94C2728F2A647BAB24F2A0B0D6        2382848        ----a-w-        C:\Windows\Sysnative\mshtml.tlb
2013-05-15 13:10:37        7212340908E00AD2F28E58EA04CEB852        17818624        ----a-w-        C:\Windows\Sysnative\mshtml.dll
2013-05-15 13:09:43        7A2E6DFEB8F800233FED8D5484306C7D        96768        ----a-w-        C:\Windows\Sysnative\mshtmled.dll
2013-05-15 13:09:42        2801567C850F1696D53C5E2CD1AE569A        2147840        ----a-w-        C:\Windows\Sysnative\iertutil.dll
2013-05-15 13:09:41        F28D84112B79212FE84366A4EA517C87        2312704        ----a-w-        C:\Windows\Sysnative\jscript9.dll
2013-05-15 13:09:41        8FECD64E4FA72FE8A85731CD5E840297        248320        ----a-w-        C:\Windows\Sysnative\ieui.dll
2013-05-15 13:09:41        4E468ED6298FA175A3F2EA7098D91225        237056        ----a-w-        C:\Windows\Sysnative\url.dll
2013-05-15 13:09:41        47BC290F4400C1741B1F26429A352C60        173056        ----a-w-        C:\Windows\Sysnative\ieUnatt.exe
2013-05-15 13:09:41        429597553FE585EECB03C8485D45FE7A        1494528        ----a-w-        C:\Windows\Sysnative\inetcpl.cpl
2013-05-15 13:09:41        420C9E418CECC3B0DBF5B9BB914F8D0D        1346560        ----a-w-        C:\Windows\Sysnative\urlmon.dll
2013-05-15 13:09:40        C1B443AAB0FC3C98C868B4F804DFD520        729088        ----a-w-        C:\Windows\Sysnative\msfeeds.dll
2013-05-15 13:09:40        563C71A913CAC0C3DE5FFCD36EDB43A0        1392128        ----a-w-        C:\Windows\Sysnative\wininet.dll
2013-05-15 13:09:40        05A140843C0A768AFAAF443238C6340C        85504        ----a-w-        C:\Windows\Sysnative\jsproxy.dll
2013-05-15 13:09:39        51BBFA26DA948738E64B23802E325E04        816640        ----a-w-        C:\Windows\Sysnative\jscript.dll
2013-05-15 13:09:39        36A7EEDB4155B1EA04A53C0FFE93C2EE        599040        ----a-w-        C:\Windows\Sysnative\vbscript.dll
2013-05-15 13:09:36        F5C9C0C541AE814AED6ED959C1F26423        10926080        ----a-w-        C:\Windows\Sysnative\ieframe.dll
2013-05-15 11:42:26        943F527DF79E6B400104341AA7023C75        144384        ----a-w-        C:\Windows\Sysnative\cdd.dll
2013-05-15 11:42:24        FE90B750AB808FB9DD8FBB428B5FF83B        230400        ----a-w-        C:\Windows\Sysnative\wwansvc.dll
2013-05-15 11:42:24        A11523523B31086DD760C0189C763359        3153920        ----a-w-        C:\Windows\Sysnative\win32k.sys
2013-05-15 11:42:24        30B1489F2DCD8DC1AB6BB60CA6093615        48640        ----a-w-        C:\Windows\Sysnative\wwanprotdim.dll
2013-05-15 11:42:18        3EF480BFED1B5947A32585E30A58D4ED        1930752        ----a-w-        C:\Windows\Sysnative\authui.dll
2013-05-15 11:42:18        1BFC94665BCA35F9001ADC7BFB167C63        14172672        ----a-w-        C:\Windows\Sysnative\shell32.dll
2013-05-15 11:42:17        E948D1D42DC68923ABD75EEB5BCCD1D3        111448        ----a-w-        C:\Windows\Sysnative\consent.exe
2013-05-15 11:42:17        9D2A2369AB4B08A4905FE72DB104498F        70144        ----a-w-        C:\Windows\Sysnative\appinfo.dll
2013-05-15 11:42:17        22A0AE97360C1B146FDD9AA55AC0E989        197120        ----a-w-        C:\Windows\Sysnative\shdocvw.dll
====== C:\Windows\Sysnative\drivers =====
2013-05-15 18:15:49        4BDDB42CB6BF46452FA7155EA5381576        83160        ----a-w-        C:\Windows\Sysnative\drivers\avnetflt.sys
2013-05-15 18:14:42        490FA25161BF3E51993EB724ECF0ACEB        28600        ----a-w-        C:\Windows\Sysnative\drivers\avkmgr.sys
2013-05-15 18:14:42        488486DAD09A5B6C6DBB8B990A8B2307        130016        ----a-w-        C:\Windows\Sysnative\drivers\avipbb.sys
2013-05-15 18:14:42        09E6069EF94B345061B4BD3CEBD974C8        100712        ----a-w-        C:\Windows\Sysnative\drivers\avgntflt.sys
2013-05-15 11:42:26        AF2E16242AA723F68F461B6EAE2EAD3D        983400        ----a-w-        C:\Windows\Sysnative\drivers\dxgkrnl.sys
2013-05-15 11:42:26        1F04CFB79DD5FB7694468CE3FB3DCC31        265064        ----a-w-        C:\Windows\Sysnative\drivers\dxgmms1.sys
2013-04-24 11:40:16        B98F8C6E31CD07B2E6F71F7F648E38C0        1656680        ----a-w-        C:\Windows\Sysnative\drivers\ntfs.sys
====== C:\Windows\Tasks ======
2013-05-15 13:23:18        FA7526FE1C96B6F6D26CEFD46A2DA101        1124        ----a-w-        C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-15 13:23:16        920870103160F2880FA0500B906FE2E4        1120        ----a-w-        C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\Program Files (x86) =====
2013-05-15 18:14:41        --------        d-----w-        C:\Program Files (x86)\Avira
2013-05-14 15:55:57        --------        d-----w-        C:\Program Files (x86)\EA Games
2013-05-12 16:44:33        --------        d-----w-        C:\Program Files (x86)\VS Revo Group
2013-04-28 09:09:17        --------        d-----w-        C:\Program Files (x86)\Common Files\soft Xpansion
2013-04-28 09:08:42        --------        d-----w-        C:\Program Files (x86)\Common Files\Freemium
2013-04-27 06:00:27        --------        d-----w-        C:\Program Files (x86)\Google
2013-04-20 10:03:23        --------        d-----w-        C:\Program Files (x86)\SoftwareUpdater
======= C: =====
2013-05-15 11:32:35        F198354369DF18F3CEC485E97315E209        1013        ----a-w-        C:\AdwCleaner[S2].txt
2013-05-15 11:32:16        5B0A6BA2B8CF8AA82B2DA6CBAEE0524A        952        ----a-w-        C:\AdwCleaner[R1].txt
2013-05-13 17:55:04        EAFA01EC3EA13F3B03785C6F528021CC        34883        ----a-w-        C:\AdwCleaner[S1].txt
====== C:\Users\Diton Shkreli\AppData\Roaming ======
2013-05-15 18:20:39        --------        d-----w-        C:\users\Diton Shkreli\AppData\Roaming\Avira
2013-05-14 14:25:21        --------        d-----w-        C:\users\Public\AppData\Local\temp
2013-05-14 14:25:21        --------        d-----w-        C:\users\Default\AppData\Local\temp
2013-05-14 14:25:21        --------        d-----w-        C:\users\Default User\AppData\Local\temp
2013-05-12 16:44:33        --------        d-----w-        C:\users\Diton Shkreli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2013-05-09 10:09:11        --------        d-----w-        C:\users\Diton Shkreli\AppData\Roaming\DriverCure
2013-05-03 17:06:38        --------        d-----w-        C:\users\Diton Shkreli\AppData\Local\Microsoft Games
2013-05-01 15:54:11        --------        d-----w-        C:\users\Diton Shkreli\AppData\Roaming\GoPlayer
====== C:\Users\Diton Shkreli ======
2013-05-15 18:15:02        --------        d-----w-        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2013-05-15 18:14:41        --------        d-----w-        C:\ProgramData\Avira
2013-05-15 13:24:55        --------        d-----w-        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-05-13 19:59:03        --------        d-----w-        C:\Users\Public\AppData
2013-05-13 12:51:36        --------        d-----w-        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
2013-05-11 16:37:08        --------        d-----w-        C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tools
2013-04-28 09:08:40        --------        d-----w-        C:\ProgramData\Freemium

====== C: exe-files ==
2013-05-15 18:55:46        F783EC309D42813F74319EB776153B2B        165376        ----a-w-        C:\Users\Diton Shkreli\Downloads\SystemLook_x64.exe
2013-05-15 18:14:43        64140E3954710DD7CA9F097252E382CA        88288        ----a-w-        C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe
2013-05-15 18:14:42        F0096413AD44007EAF651171A625CEE9        181984        ----a-w-        C:\Program Files (x86)\Avira\AntiVir Desktop\avrestart.exe
2013-05-15 18:14:42        EDAE538F742A20D0E4DBEAD2FA6136F2        58080        ----a-w-        C:\Program Files (x86)\Avira\AntiVir Desktop\avupgsvc.exe
2013-05-15 18:14:42        D9A92E6DD41C5ADC045AE485026AA40C        86752        ----a-w-        C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
2013-05-15 18:14:42        C67EBE5C9DA7462D2FF6394979D06EA2        91872        ----a-w-        C:\Program Files (x86)\Avira\AntiVir Desktop\setuppending.exe
2013-05-15 18:14:42        ADA0D1407E2C328FB95686E9D5AB88B5        111328        ----a-w-        C:\Program Files (x86)\Avira\AntiVir Desktop\ccuac.exe
2013-05-15 18:14:42        AD74CCA501DA08EF395E520D9C258F81        5655248        ----a-w-        C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe
2013-05-15 18:14:42        9F5DEC0A6FB856A405567A662F9F3E0D        147512        ----a-w-        C:\Program Files (x86)\Avira\AntiVir Desktop\guardgui.exe
2013-05-15 18:14:42        9EDAE2D1CA368E8D01BEE8BFBC9488E4        562744        ----a-w-        C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
2013-05-15 18:14:42        93A912072351DFEF975F12EFAD18BD9F        145096        ----a-w-        C:\Program Files (x86)\Avira\AntiVir Desktop\apnstub.exe
2013-05-15 18:14:42        8C2C2E5119E844B43085CBC73106754B        597560        ----a-w-        C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe
2013-05-15 18:14:42        8431C70B4F671C3D95EDBDED05FAE755        456928        ----a-w-        C:\Program Files (x86)\Avira\AntiVir Desktop\fact.exe
2013-05-15 18:14:42        7D9DA7DF9535859A4EFC16F69BFE4A8A        83680        ----a-w-        C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe
2013-05-15 18:14:42        79AC9425C345302914EC0DEF25C2DA94        764984        ----a-w-        C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe
2013-05-15 18:14:42        715A90A0E5FC7F59DCD4C233ED492F4A        98544        ----a-w-        C:\Program Files (x86)\Avira\AntiVir Desktop\licmgr.exe
2013-05-15 18:14:42        6F2974248B974B6DE037A6C682B59414        248032        ----a-w-        C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
2013-05-15 18:14:42        6A510E9EC1684D05CC982636B14754CA        330976        ----a-w-        C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
2013-05-15 18:14:42        66A7A38F7C439153B758548375EB9E5E        110816        ----a-w-        C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
2013-05-15 18:14:42        63A5363103A02C654209E686EAF7F723        84704        ----a-w-        C:\Program Files (x86)\Avira\AntiVir Desktop\avadmin.exe
2013-05-15 18:14:42        5FF8FFD589DA25F43C4FE944A4B2AE0A        775224        ----a-w-        C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
2013-05-15 18:14:42        5A06D4AA070B80464A272D67FCC5D7AF        285408        ----a-w-        C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe
2013-05-15 18:14:42        51318B6FD70FEC60B3F51E6C8C6B720D        424504        ----a-w-        C:\Program Files (x86)\Avira\AntiVir Desktop\avconfig.exe
2013-05-15 18:14:42        366D042446928E2BE7F053766E631D7E        636984        ----a-w-        C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
2013-05-15 18:14:42        22DC787A09D2EC7E3F1138A26C41083C        46960        ----a-w-        C:\Program Files (x86)\Avira\AntiVir Desktop\updrgui.exe
2013-05-15 18:14:42        14D4F782EF8E75C0785A093BE10F8FC6        232672        ----a-w-        C:\Program Files (x86)\Avira\AntiVir Desktop\avwebloader.exe
2013-05-15 18:14:42        14855274B4E742D704909C8F32734BA9        165512        ----a-w-        C:\Program Files (x86)\Avira\AntiVir Desktop\avwsc.exe
2013-05-15 18:14:42        12D4E394014C6A9EFB34D64AE4E64CE0        170864        ----a-w-        C:\Program Files (x86)\Avira\AntiVir Desktop\inssda64.exe
2013-05-15 18:14:42        020D1DB5DFB5E03A35777950463383FF        345312        ----a-w-        C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
2013-05-15 18:11:38        71424EEA3BD5FE9D59A26678FBCEF601        102323272        ----a-w-        C:\Users\Diton Shkreli\Downloads\avira_free3640_antivirus_de (1).exe
2013-05-15 18:08:55        94B4CCD762DD81910F3550AD57E326E5        49064248        ----a-w-        C:\Users\Diton Shkreli\Downloads\avira_free3640_antivirus_de.exe
2013-05-15 17:13:55        4ADCFEE16EE9978F06157634669D36FB        602112        ----a-w-        C:\Users\Diton Shkreli\Downloads\OTL.exe
2013-05-15 14:19:05        0CB35FD6B686774EC36FD664A34DF9F7        2577776        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\pbsvc_heroes.exe
2013-05-15 14:18:50        E44DB89A8C72442BFE4A89966951B59D        880640        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\Uninstaller.exe
2013-05-15 14:18:31        09DDD983C900CF8A8F7E8FB1F7FD0FFC        17540096        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\BFHeroes.exe
2013-05-15 13:37:09        0CB35FD6B686774EC36FD664A34DF9F7        2577776        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\pb\pbsvc_heroes.exe
2013-05-15 13:33:40        9C675E39F7FD76535D8C82EBD1F465AA        1784224        ----a-w-        C:\Users\Diton Shkreli\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh\5.0.203.0_0\BFHUpdater.exe
2013-05-15 13:24:40        88363B688206D0C89FB1DD926F074C42        33302880        ----a-w-        C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\26.0.1410.64\26.0.1410.64_chrome_installer.exe
2013-05-15 13:23:12        8F11F0321ED84B1533FC1384AC71AC8D        59784        ----atw-        C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleUpdateBroker.exe
2013-05-15 13:23:12        76B35CB0F3A4E69D6DFF27F542B9F856        216968        ----atw-        C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
2013-05-15 13:23:12        506708142BC63DABA64F2D3AD1DCD5BF        116648        ----atw-        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
2013-05-15 13:23:12        506708142BC63DABA64F2D3AD1DCD5BF        116648        ----atw-        C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleUpdate.exe
2013-05-15 13:23:12        4E252E85E5DC31BD645E809222AFAF27        287624        ----atw-        C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
2013-05-15 13:23:12        322803CD2E33DEA06E1983C36B8E8D3F        781816        ----a-w-        C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleUpdateSetup.exe
2013-05-15 13:23:12        00F714CA28A01FACB709486D6DA306A8        59784        ----atw-        C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleUpdateOnDemand.exe
2013-05-15 13:09:41        A1B0DEC3BB845C6369F97BC1A3542A07        763504        ----a-w-        C:\Program Files\Internet Explorer\iexplore.exe
2013-05-15 13:09:41        61AE3CFCD6EFDA9EADAB6B87CD6BC7DC        142848        ----a-w-        C:\Windows\SysWOW64\ieUnatt.exe
2013-05-15 13:09:41        47BC290F4400C1741B1F26429A352C60        173056        ----a-w-        C:\Windows\System32\ieUnatt.exe
2013-05-15 13:09:41        3F00BE80B9CEA20B7FE7363D15EDDB94        757360        ----a-w-        C:\Program Files (x86)\Internet Explorer\iexplore.exe
2013-05-15 11:42:17        E948D1D42DC68923ABD75EEB5BCCD1D3        111448        ----a-w-        C:\Windows\System32\consent.exe
2013-05-13 19:39:56        F042EE4C8D66248D9B86DCF52ABAE416        256000        ----a-w-        C:\Windows\PEV.exe
2013-05-13 19:39:56        9E05A9C264C8A908A8E79450FCBFF047        80412        ----a-w-        C:\Windows\grep.exe
2013-05-13 19:39:56        5E832F4FAF5F481F2EAF3B3A48F603B8        68096        ----a-w-        C:\Windows\zip.exe
2013-05-13 19:39:56        0297C72529807322B152F517FDB0A9FC        406528        ----a-w-        C:\Windows\SWSC.exe
2013-05-13 19:39:56        0277C027A26428DB64EF4F64F52BB4FD        208896        ----a-w-        C:\Windows\MBR.exe
2013-05-13 18:08:09        943236987A9346B8B9A5B649CD9059F2        700783        ----a-r-        C:\Users\Diton Shkreli\Desktop\Cleans\dds+.exe
2013-05-13 17:54:38        A95866BA166A09E360BB88DA72D4531D        628743        ----a-w-        C:\Users\Diton Shkreli\Desktop\Cleans\adwcleaner.exe
=== C: other files ==
2013-05-15 18:15:49        4BDDB42CB6BF46452FA7155EA5381576        83160        ----a-w-        C:\Windows\System32\drivers\avnetflt.sys
2013-05-15 18:14:51        CE9E7F1EA07DCE9DF0BFE4A8B1B2EF78        196012        ----a-w-        C:\Users\Diton Shkreli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MJGB3JJT\aaaaabfjnbeinlpljodiajipidiompfl_7.15.24.0[1].crx
2013-05-15 18:14:42        E310FCBA8884EEBD9017C3D01B6D0BCF        100680        ----a-w-        C:\Program Files (x86)\Avira\AntiVir Desktop\sweb.zip
2013-05-15 18:14:42        4BDDB42CB6BF46452FA7155EA5381576        83160        ----a-w-        C:\Program Files (x86)\Avira\AntiVir Desktop\avnetflt.sys
2013-05-15 18:14:42        490FA25161BF3E51993EB724ECF0ACEB        28600        ----a-w-        C:\Windows\System32\drivers\avkmgr.sys
2013-05-15 18:14:42        490FA25161BF3E51993EB724ECF0ACEB        28600        ----a-w-        C:\Program Files (x86)\Avira\AntiVir Desktop\avkmgr.sys
2013-05-15 18:14:42        488486DAD09A5B6C6DBB8B990A8B2307        130016        ----a-w-        C:\Windows\System32\drivers\avipbb.sys
2013-05-15 18:14:42        488486DAD09A5B6C6DBB8B990A8B2307        130016        ----a-w-        C:\Program Files (x86)\Avira\AntiVir Desktop\avipbb.sys
2013-05-15 18:14:42        09E6069EF94B345061B4BD3CEBD974C8        100712        ----a-w-        C:\Windows\System32\drivers\avgntflt.sys
2013-05-15 18:14:42        09E6069EF94B345061B4BD3CEBD974C8        100712        ----a-w-        C:\Program Files (x86)\Avira\AntiVir Desktop\avgntflt.sys
2013-05-15 14:18:50        F423BE66828D391FC9BA81D7FB6C9B89        2872597        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\pylib-2.3.4.zip
2013-05-15 14:17:58        747EB481FF379E3F3853139E45E92A4B        52795611        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Menu_client.zip
2013-05-15 14:16:09        DB2AB98A87255F4C8E519157FDA67363        8693477        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Common_client.zip
2013-05-15 14:16:09        C7FEF9DBBBF60D900D776AB471F0AFE3        718895        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Shaders_client.zip
2013-05-15 14:16:09        508799FF4F331AFA629626C1EED86CDD        1414462        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Menu_server.zip
2013-05-15 14:16:09        29A750F3FFDBDDA0D41335357BF6F832        24604        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Sound_server.zip
2013-05-15 14:16:09        2499DB0C12D4A083D3369BA045542EB0        31312        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Fonts_server.zip
2013-05-15 14:15:43        CC89140390B618FF14835EC51DFD43BE        54452        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Common_server.zip
2013-05-15 14:15:43        C12C8E01852566476FE24AF32CE5E5C1        16419115        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Fonts_client.zip
2013-05-15 14:15:14        10229E04920D32E099FF544968B9FE2F        212131543        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Sound_client.zip
2013-05-15 14:09:52        3AD955980DEE15BD8448558A4A82FB49        126518058        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\StaticObjects_client.zip
2013-05-15 14:09:52        08A5E89FBF7E84C01AFCD13864CF01A8        5542600        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Vegitation_client.zip
2013-05-15 14:09:51        ED3CFC7B1A25F25717E4A8EB5D2C4FE7        468075        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Common_client.zip
2013-05-15 14:09:51        E8A054B7C39FED9190324F1E6FB11E53        19001        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Kits_server.zip
2013-05-15 14:09:51        E7F565E509CE1288466DB8019DAB4883        973        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Water_server.zip
2013-05-15 14:09:51        DF5B5B7A3FB9E1B27D0375CC35F42667        1049209        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Vehicles_server.zip
2013-05-15 14:09:51        25D9F4BEB5A89EDFC8C1C90AE6E012F8        2798899        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Items_server.zip
2013-05-15 14:04:59        F1D2B4686E6DC8FB2D061326E55B91AE        659        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Water_client.zip
2013-05-15 14:04:59        D3A2393AF7D087B5AB53B9F9EF4C2B72        5331        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Roads_server.zip
2013-05-15 14:04:59        B837591F063106DDA1D6B73BF002A279        377947008        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Items_client.zip
2013-05-15 14:04:59        03D5C7589453FA0D8B4F63892C7728DD        6726762        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\StaticObjects_server.zip
2013-05-15 13:55:07        F2CFB8248579CB9A8E21D5AF6815157B        7988467        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Vehicles_client.zip
2013-05-15 13:55:07        27E33DC6E79076B19A874EAF1B709BBD        1753649        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Weapons_server.zip
2013-05-15 13:55:06        4B6159DDFDF5764C25A4202D6D383030        3916876        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Effects_client.zip
2013-05-15 13:54:48        56D1BD9D0350C74A8CBB5C6F86B27290        16514084        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Weapons_client.zip
2013-05-15 13:54:48        4B53098321A42A5BF6A72D114F0353E2        117802        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Common_server.zip
2013-05-15 13:54:48        37754C87A5848000AD8C1C2C108FEB31        766992        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Soldiers_client.zip
2013-05-15 13:54:47        545D91DC3756B655ECB1C1314E3BD15B        1332614        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Roads_client.zip
2013-05-15 13:54:22        D2CF7CA03A7E7C785CD022769F34F687        827770        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Kits_client.zip
2013-05-15 13:54:22        A811D0AD0EE3AA312A5BEC71E7AB3B19        209001        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Vegitation_server.zip
2013-05-15 13:54:22        8FBF73270A4FE91D4E044EE99F3ED1E2        19354536        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Soldiers_server.zip
2013-05-15 13:54:22        55065A50A9CF4D74EAA22B6122999409        1276302        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Effects_server.zip
2013-05-15 13:54:22        4C4F8C0959EC4CAE52848422B5F6D64F        820256        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\Lunar\server.zip
2013-05-15 13:53:48        CC14CFC0E4F2084340AE4AB08972C8C1        42494427        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\Lunar\client.zip
2013-05-15 13:53:48        3592B1A5DEF92AA2E3363106525D94DA        190247        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\Mayhem\server.zip
2013-05-15 13:52:19        6AB09B4B836393AD6A640E78F97F89BD        415490        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\Dependant_Day_Night\server.zip
2013-05-15 13:52:19        33B0903D1D3A3306C7F63341410DCF35        16262628        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\Mayhem\client.zip
2013-05-15 13:51:37        A8F90D5090CFBEB4A1925532EEDC9CD6        19851560        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\Dependant_Day_Night\client.zip
2013-05-15 13:51:37        A3129E5F2F809CC9659C0F1FDEF961C9        93781        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\village\server.zip
2013-05-15 13:50:51        D7052DB31CC95404B0CCE1822C9D4D6C        204647        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\ruin_day\server.zip
2013-05-15 13:50:51        54CB3F751596133492E7E8556DFB3820        18060493        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\village\client.zip
2013-05-15 13:50:08        B108456F77628B401B82079D0F6944BE        26820        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\smack2_snow\server.zip
2013-05-15 13:50:08        AB3B4343E497D02ED71C31BF7F7A5FC6        16420263        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\ruin_day\client.zip
2013-05-15 13:49:24        F5E9F5FEC73CC2AB8C680046AAA64541        28346        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\heat_snow\server.zip
2013-05-15 13:49:24        0F1463C60B60A3862AB5DE36D2860BF2        14968474        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\smack2_snow\client.zip
2013-05-15 13:48:43        99EE41C55DB6CE88C76EA72AF52001E5        41525        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\seaside_skirmish_night\server.zip
2013-05-15 13:48:43        1C71C52B1A7C2918265B4955170EB022        5263375        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\heat_snow\client.zip
2013-05-15 13:48:42        5138DE2F6FDF6298C3031C0304308C87        7054117        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\seaside_skirmish_night\client.zip
2013-05-15 13:48:42        1B0E3E64A2060970FAA3092EA0289B7D        434161        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\seaside_skirmish\server.zip
2013-05-15 13:48:13        F819C2112C2EEAC0A04118A33700CCE0        24567164        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\seaside_skirmish\client.zip
2013-05-15 13:48:13        A25AF7133CE9730335F81EC889410AD2        34618        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\village_snow\server.zip
2013-05-15 13:47:26        FE4DBA50287042EA06845C7821548D92        16494889        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\village_snow\client.zip
2013-05-15 13:47:26        2A239362302D4FE4B8D78D1A527820B0        416774        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\Dependant_Day\server.zip
2013-05-15 13:46:53        FC245FBB7865AB8A826D23D860FA18E4        29843566        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\Dependant_Day\client.zip
2013-05-15 13:46:53        E2A8ED972ED29572F2FFA65CA4F0A430        320900        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\lake\server.zip
2013-05-15 13:45:45        60BA9D5110CDF3EBF5D9D9219B230A80        22481239        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\lake\client.zip
2013-05-15 13:45:45        0AD9EA12D64DF9B79AF5B5092108427D        111119        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\Smack2\server.zip
2013-05-15 13:44:52        A657F2DF17F0D16E391267EB53CAEA3A        15743250        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\Smack2\client.zip
2013-05-15 13:44:52        1379C638556D5B34913C4BEFD7582F89        35538        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\smack2_night\server.zip
2013-05-15 13:44:51        B18EC13DC42FAA9ED02D3FC1177EC412        2601451        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\smack2_night\client.zip
2013-05-15 13:44:51        65007DFB14A53CDE079289116FD21B8E        392002        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\woodlands\server.zip
2013-05-15 13:44:02        A196CDEAE45A1B61163AF312BF7681AC        26261332        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\woodlands\client.zip
2013-05-15 13:44:02        868719D979EF246E35948153D6B08924        207086        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\ruin\server.zip
2013-05-15 13:42:52        875798E12D638352334C2EAA448F4967        15256257        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\ruin\client.zip
2013-05-15 13:42:52        50E6DD519669A679936F77D05D51FCE7        114549        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\royal_rumble\server.zip
2013-05-15 13:42:22        84D57914A68F047785A4D4820B180AF2        24768888        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\royal_rumble\client.zip
2013-05-15 13:42:22        6B1DAD970C6AA29D2DB3C16DBE10A927        21708        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\royal_rumble_snow\server.zip
2013-05-15 13:41:34        E74CAB546A73815C61581DC789A194FE        22558659        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\royal_rumble_snow\client.zip
2013-05-15 13:41:34        3D9049B049F042A4B2D1631FD2929C28        259705        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\heat\server.zip
2013-05-15 13:40:52        ABE4EBD3969CEEBD10B335F5377EADB4        51272        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\woodlands_snow\server.zip
2013-05-15 13:40:52        942612301C7D96E7EFA982D2C0F53DD8        17830826        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\heat\client.zip
2013-05-15 13:40:20        C6AA1B75F4FE37FDC9D823005E174596        107377        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\royal_rumble_day\server.zip
2013-05-15 13:40:20        B2C1B454EF969A3A49A4C4A239B6739E        11155609        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\woodlands_snow\client.zip
2013-05-15 13:40:20        836428EB445E7EE960A3468D78C1DF28        37361        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\lake_snow\server.zip
2013-05-15 13:40:20        1F2A8E7E3CE6FC3A3F76D6F4C9570269        6588412        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\lake_snow\client.zip
2013-05-15 13:39:49        F1F7ECE183F00EF3B57805F58115DDED        24290        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\ruin_snow\server.zip
2013-05-15 13:39:49        EBCA16214BA105C714D6EE5C7D520289        25049823        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\royal_rumble_day\client.zip
2013-05-15 13:38:54        AC762412FC8AD686B620BE3C7850251F        11833650        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\ruin_snow\client.zip
2013-05-15 13:38:53        CCD2294B54ED42D52B69948FA6CE3DBF        33998        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\lake_night\server.zip
2013-05-15 13:38:53        C12D94B072E2C4651BA07D6FEE8CF553        5671153        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\lake_night\client.zip
2013-05-15 13:38:53        1E99B10E29D803A534554718ADF34172        251916        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\wicked_wake\server.zip
2013-05-15 13:38:16        DD74460E70D4C949976DF3CD0D76B70E        14875285        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\wicked_wake\client.zip
2013-05-15 13:38:16        CDF39A5C90F180F757C4B2E10CD59C66        242798        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\river\server.zip
2013-05-15 13:37:11        ED6DEBF9DE01E89634AA41A77307418A        22507213        ----a-w-        C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\river\client.zip
2013-05-15 11:42:26        AF2E16242AA723F68F461B6EAE2EAD3D        983400        ----a-w-        C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-15 11:42:26        1F04CFB79DD5FB7694468CE3FB3DCC31        265064        ----a-w-        C:\Windows\System32\drivers\dxgmms1.sys
2013-05-15 11:42:24        A11523523B31086DD760C0189C763359        3153920        ----a-w-        C:\Windows\System32\win32k.sys
2013-05-12 16:56:00        9D9B0A6E6ADBDBF10822BE4E08FCD26B        886409        ----a-w-        C:\Users\Diton Shkreli\Desktop\Sachen\Sachen\pbsetup.zip

==== Startup Registry Enabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min"
"ApnUpdater"="C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"

==== Startup Registry Disabled ======================

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]
"Google Update"="\"C:\\Users\\Diton Shkreli\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""


==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ETDCtrl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ETDCtrl"
"hkey"="HKLM"
"command"="%ProgramFiles%\\Elantech\\ETDCtrl.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IntelliPoint]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IntelliPoint"
"hkey"="HKLM"
"command"="\"c:\\Program Files\\Microsoft Device Center\\ipoint.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IntelliType Pro]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IntelliType Pro"
"hkey"="HKLM"
"command"="\"c:\\Program Files\\Microsoft Device Center\\itype.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LManager]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LManager"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Launch Manager\\LManager.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StartCCC"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun"


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [15.05.2013 13:44]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [15.05.2013 15:23]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [15.05.2013 15:23]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Diton Shkreli\AppData\Roaming\Mozilla\Firefox\Profiles\0
- HomeTab - %ProfilePath%\extensions\{aa9cc3fa-a5e4-449b-aab5-1ebdbc7314ee}
- Online HD TV - %ProfilePath%\extensions\onlinehdtv@onlinehd.tv.xpi

ProfilePath: C:\Users\Diton Shkreli\AppData\Roaming\Mozilla\Firefox\Profiles\4tept9sc.default
- Battlefield Heroes Updater - %ProfilePath%\extensions\battlefieldheroespatcher@ea.com

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Diton Shkreli\AppData\Roaming\Mozilla\Firefox\Profiles\4tept9sc.default
D4BD9F86123C87ECA570418B69326F99        - C:\Windows\SysWOW64\npdeployJava1.dll -        Java Deployment Toolkit 7.0.170.2
15E298B5EC5B89C5994A59863969D9FF        - C:\Windows\SysWOW64\npmproxy.dll -        Microsoft® Windows® Operating System


==== Deleting Files \ Folders ======================

"C:\Users\Diton Shkreli\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\onlinehdtv@onlinehd.tv.xpi" deleted
"C:\Users\Diton Shkreli\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\{aa9cc3fa-a5e4-449b-aab5-1ebdbc7314ee}" deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aaaaabfjnbeinlpljodiajipidiompfl - C:\Users\Diton Shkreli\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.24.0.crx[]
cgiaikfpllchefojlnehlmpekeogihnm - C:\Users\Diton Shkreli\AppData\Local\CRE\cgiaikfpllchefojlnehlmpekeogihnm.crx[]
djbdlklldbflagkkpaljamjfbpefcbpf - C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx[]
dkinklhnkmkhkhofcnapakaoehijaoih - C:\Program Files (x86)\OnlineHD.TV\onhd11.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
cgiaikfpllchefojlnehlmpekeogihnm - C:\Users\Diton Shkreli\AppData\Local\CRE\cgiaikfpllchefojlnehlmpekeogihnm.crx[]

Battlefield Heroes - Diton Shkreli - Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh
WiseConvert - Diton Shkreli - Default\Extensions\cgiaikfpllchefojlnehlmpekeogihnm

==== Chrome Fix ======================

C:\Users\Diton Shkreli\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgiaikfpllchefojlnehlmpekeogihnm deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
"Default_Search_URL"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
"Search Bar"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
"Search Bar"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&st=chrome&q="
"Search Bar"="hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&st=chrome&q="
"Search Page"="hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&st=chrome&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&st=chrome&q="
"Search Bar"="hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&st=chrome&q="
"Search Page"="hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&st=chrome&q="
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://www.google.com"
"Search Bar"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
"CustomizeSearch"="hxxp://www.google.com"
"SearchAssistant"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://www.google.com"
"Search Bar"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
"CustomizeSearch"="hxxp://www.google.com"
"SearchAssistant"="hxxp://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://www.google.com"
"Search Bar"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
"CustomizeSearch"="hxxp://www.google.com"
"SearchAssistant"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{BE02333D-A334-4968-8C75-2CCAE540D285}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BE02333D-A334-4968-8C75-2CCAE540D285}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"CustomizeSearch"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"CustomizeSearch"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"CustomizeSearch"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{96edaac7-6183-4cb5-8823-b8b12d94f967} deleted successfully
HKEY_USERS\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{96edaac7-6183-4cb5-8823-b8b12d94f967} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{96edaac7-6183-4cb5-8823-b8b12d94f967} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96edaac7-6183-4cb5-8823-b8b12d94f967} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{96edaac7-6183-4cb5-8823-b8b12d94f967} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\aaaaabfjnbeinlpljodiajipidiompfl deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cgiaikfpllchefojlnehlmpekeogihnm deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\djbdlklldbflagkkpaljamjfbpefcbpf deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dkinklhnkmkhkhofcnapakaoehijaoih deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cgiaikfpllchefojlnehlmpekeogihnm deleted successfully

==== Silent Runners ======================

"Silent Runners.vbs", revision 69.2, hxxp://www.silentrunners.org/
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
RtHDVCpl = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [Realtek Semiconductor]
IgfxTray = C:\Windows\system32\igfxtray.exe [Intel Corporation]
HotKeysCmds = C:\Windows\system32\hkcmd.exe [Intel Corporation]
Persistence = C:\Windows\system32\igfxpers.exe [Intel Corporation]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
(Default) = (empty string) [file not found]
avgnt = "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [Avira Operations GmbH & Co. KG]
ApnUpdater = "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO
  -> {HKLM...CLSID} = Office Document Cache Handler
                  \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [MS]
  -> {HKLM...Wow...CLSID} = Office Document Cache Handler
                        \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL [MS]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub
  -> {HKLM...Wow...CLSID} = Adobe PDF Link Helper
                        \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM...Wow...CLSID} = Java(tm) Plug-In SSV Helper
                        \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\ssv.dll [Oracle Corporation]

{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO
  -> {HKLM...CLSID} = Office Document Cache Handler
                  \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [MS]
  -> {HKLM...Wow...CLSID} = Office Document Cache Handler
                        \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL [MS]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
  -> {HKLM...Wow...CLSID} = Java(tm) Plug-In 2 SSV Helper
                        \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [Oracle Corporation]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} = Display CPL Extension
  -> {HKLM...CLSID} = DisplayCplExt Class
                  \InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiama64.dll [Advanced Micro Devices, Inc.]

{5E2121EE-0300-11D4-8D3B-444553540000} = Catalyst Context Menu extension
  -> {HKLM...CLSID} = SimpleShlExt Class
                  \InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.]

{0066D4B3-8DE0-4D08-AA83-EDD50E2431F0} = ELAN Control Panel
  -> {HKLM...CLSID} = (no title provided)
                  \InProcServer32\(Default) = C:\Program Files\Elantech\ETDMcpl.dll [ELAN Microelectronics Corp.]

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = Shell Extension for Malware scanning
  -> {HKLM...CLSID} = Shell Extension for Malware scanning
                  \InProcServer32\(Default) = C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [Avira Operations GmbH & Co. KG]

{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
  -> {HKLM...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
                  \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL [MS]

{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
  -> {HKLM...CLSID} = (no title provided)
                  \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL [MS]

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
  -> {HKLM...CLSID} = Microsoft Office Metadata Handler
                  \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
  -> {HKLM...CLSID} = Microsoft Office Thumbnail Handler
                  \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]

{506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
  -> {HKLM...CLSID} = ImageExtractorShellExt Class
                  \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS]

{D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}
  -> {HKLM...CLSID} = CInfoTipShellExt Class
                  \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS]

{7CCA70DB-DE7A-4FB7-9B2B-52E2335A3B5A} = Nameext
  -> {HKLM...CLSID} = Enterprise-Projekte
                  \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL [MS]

{0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler
  -> {HKLM...CLSID} = (no title provided)
                  \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL [MS]

{ACEF9F57-4DEF-4CC9-A2C0-7A158D967E63} = Device Center Control Panel Property Page
  -> {HKLM...CLSID} = Device Center Property Page
                  \InProcServer32\(Default) = c:\Program Files\Microsoft Device Center\cplredirector.dll [MS]

{653DCCC2-13DB-45B2-A389-427885776CFE} = Activities Control Panel Property Page
  -> {HKLM...CLSID} = Activities Property Page
                  \InProcServer32\(Default) = c:\Program Files\Microsoft Device Center\ipcplact.dll [MS]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{F764812A-132C-4013-9960-5CBBEB408A0E} = Nero Shell Extension
  -> {HKLM...Wow...CLSID} = NeroShellExt Class
                        \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Nero\NeroShellExt\\NeroShellExt.dll [Nero AG]

{23170F69-40C1-278A-1000-000100020000} = 7-Zip Shell Extension
  -> {HKLM...Wow...CLSID} = 7-Zip Shell Extension
                        \InProcServer32\(Default) = C:\Program Files (x86)\7-Zip\7-zip.dll [Igor Pavlov]

{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
  -> {HKLM...Wow...CLSID} = (no title provided)
                        \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll [MS]

{506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
  -> {HKLM...Wow...CLSID} = ImageExtractorShellExt Class
                        \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL [MS]

{D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}
  -> {HKLM...Wow...CLSID} = CInfoTipShellExt Class
                        \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL [MS]

{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
  -> {HKLM...Wow...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
                        \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL [MS]

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
  -> {HKLM...Wow...CLSID} = Microsoft Office Metadata Handler
                        \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
  -> {HKLM...Wow...CLSID} = Microsoft Office Thumbnail Handler
                        \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = {807573E5-5146-11D5-A672-00B0D022E945}
  -> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter
                  \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
  -> {HKLM...Wow...CLSID} = 7-Zip Shell Extension
                        \InProcServer32\(Default) = C:\Program Files (x86)\7-Zip\7-zip.dll [Igor Pavlov]

Shell Extension for Malware scanning\(Default) = {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
  -> {HKLM...CLSID} = Shell Extension for Malware scanning
                  \InProcServer32\(Default) = C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [Avira Operations GmbH & Co. KG]

{A4FD8DDB-5800-4414-97F9-7457AC8EE4F0}\(Default) = (no title provided)
  -> {HKLM...Wow...CLSID} = NBShellHook Class
                        \InProcServer32\(Default) = C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBShell.dll [Nero AG]

{F764812A-132C-4013-9960-5CBBEB408A0E}\(Default) = (no title provided)
  -> {HKLM...Wow...CLSID} = NeroShellExt Class
                        \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Nero\NeroShellExt\\NeroShellExt.dll [Nero AG]

HKLM\SOFTWARE\Classes\*\shellex\DragDropHandlers\

NBShellHook\(Default) = {A4FD8DDB-5800-4414-97F9-7457AC8EE4F0}
  -> {HKLM...Wow...CLSID} = NBShellHook Class
                        \InProcServer32\(Default) = C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBShell.dll [Nero AG]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
  -> {HKLM...Wow...CLSID} = 7-Zip Shell Extension
                        \InProcServer32\(Default) = C:\Program Files (x86)\7-Zip\7-zip.dll [Igor Pavlov]

{F764812A-132C-4013-9960-5CBBEB408A0E}\(Default) = (no title provided)
  -> {HKLM...Wow...CLSID} = NeroShellExt Class
                        \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Nero\NeroShellExt\\NeroShellExt.dll [Nero AG]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
  -> {HKLM...Wow...CLSID} = 7-Zip Shell Extension
                        \InProcServer32\(Default) = C:\Program Files (x86)\7-Zip\7-zip.dll [Igor Pavlov]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

ACE\(Default) = {5E2121EE-0300-11D4-8D3B-444553540000}
  -> {HKLM...CLSID} = SimpleShlExt Class
                  \InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.]

igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
  -> {HKLM...CLSID} = GraphicsShellExt Class
                  \InProcServer32\(Default) = C:\Windows\system32\igfxpph.dll [Intel Corporation]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
  -> {HKLM...Wow...CLSID} = PDF Shell Extension
                        \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

Shell Extension for Malware scanning\(Default) = {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
  -> {HKLM...CLSID} = Shell Extension for Malware scanning
                  \InProcServer32\(Default) = C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [Avira Operations GmbH & Co. KG]

{A4FD8DDB-5800-4414-97F9-7457AC8EE4F0}\(Default) = (no title provided)
  -> {HKLM...Wow...CLSID} = NBShellHook Class
                        \InProcServer32\(Default) = C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBShell.dll [Nero AG]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

NBShellHook\(Default) = {A4FD8DDB-5800-4414-97F9-7457AC8EE4F0}
  -> {HKLM...Wow...CLSID} = NBShellHook Class
                        \InProcServer32\(Default) = C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBShell.dll [Nero AG]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

EnableLinkedConnections = (REG_DWORD) dword:0x00000001
{unrecognized setting}

DisableRegistryTools = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Users\Diton Shkreli\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

MSPlayCDAudioOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.AudioCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]

MSPlayDVDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]

MSPlaySuperVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSPlayVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSWMPBurnCDOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnCD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]

NeroExpress10CopyCD\
Provider = Nero Express 10
InvokeProgID = Nero.Express.10.AutoPlay
InvokeVerb = CopyCD
HKLM\SOFTWARE\Classes\Nero.Express.10.AutoPlay\shell\CopyCD\command\(Default) = C:\Program Files (x86)\Nero\Nero 10\Nero Express\NeroExpress.exe -w /Dialog:DiscCopy [Nero AG]

NeroExpress10LaunchNE\
Provider = Nero Express 10
InvokeProgID = Nero.Express.10.AutoPlay
InvokeVerb = LanchNE
HKLM\SOFTWARE\Classes\Nero.Express.10.AutoPlay\shell\LanchNE\command\(Default) = C:\Program Files (x86)\Nero\Nero 10\Nero Express\NeroExpress.exe /Media:AUTO /Drive:%L [Nero AG]

WIA_{D31F5BA7-4DD3-4484-9EB5-CC2491EC9D79}\
Provider = WinZip
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine = /WiaCmd;C:\Program Files (x86)\WinZip\WINZIP32.EXE /wia;
  -> {HKLM...CLSID} = WPDShextAutoplay
                  \LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]


Non-disabled Scheduled Tasks: {++}
-----------------------------

C:\Windows\System32\Tasks
Adobe ARM ->  launches: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]
Adobe Flash Player Updater ->  launches: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]
Adobe Reader Speed Launcher ->  launches: "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [Adobe Systems Incorporated]
Adobe-Online-Aktualisierungsprogramm ->  launches: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [Adobe Systems Incorporated]
Desk 365 RunAsStdUser ->  launches: C:\Program Files (x86)\Desk 365\desk365.exe /autorun [file not found]
DeviceDetector -> (HIDDEN!) launches: C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [CyberLink]
Go for FilesUpdate ->  launches: C:\Program Files (x86)\GoforFiles\GFFUpdater.exe [file not found]
Google Updater and Installer ->  launches: C:\Users\Diton Shkreli\AppData\Local\Google\Update\GoogleUpdate.exe /c [file not found]
GoogleUpdateTaskMachineCore ->  launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskMachineUA ->  launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
Java Update Scheduler ->  launches: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [Sun Microsystems, Inc.]
Microsoft_Hardware_Launch_devicecenter_exe -> (HIDDEN!) launches: c:\Program Files\Microsoft Device Center\devicecenter.exe [null data]
Microsoft_Hardware_Launch_ipoint_exe -> (HIDDEN!) launches: c:\Program Files\Microsoft Device Center\ipoint.exe [MS]
Microsoft_Hardware_Launch_itype_exe -> (HIDDEN!) launches: c:\Program Files\Microsoft Device Center\itype.exe [MS]
NBAgent ->  launches: C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe /WinStart [Nero AG]
Scheduled Update for Ask Toolbar ->  launches: C:\Program Files (x86)\Ask.com\UpdateTask.exe [file not found]
Software Updater ->  launches: C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [null data]
Software Updater Ui ->  launches: C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Ui.exe [null data]
{44C18F0B-4A96-4F98-9CEC-25E8E21C77DE} ->  launches: C:\Windows\system32\pcalua.exe -a "C:\Users\Diton Shkreli\Downloads\Age-of-Empires.exe" -d "C:\Users\Diton Shkreli\Downloads" [MS]
{8760E898-A2E3-47DF-93BD-0458BBCAC0F8} ->  launches: C:\Windows\system32\pcalua.exe -a "C:\Users\Diton Shkreli\Desktop\Age of Empire\age\setup.exe" -d "C:\Users\Diton Shkreli\Desktop\Age of Empire\age" [MS]

C:\Windows\System32\Tasks\Browser Updater
Browser Updater ->  launches: "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\Browser Updater\TBUpdater.dll",TBCheckForUpdate [MS]

C:\Windows\System32\Tasks\Games
UpdateCheck_S-1-5-21-3844378849-2479913660-30988051-1000 -> (HIDDEN!) launches: {CA22F5B1-E06F-4A2B-94FC-21E87FE53781}
  -> {HKLM...CLSID} = GameUpdateTask Class
                  \InProcServer32\(Default) = C:\Windows\System32\gameux.dll [MS]
  -> {HKLM...Wow...CLSID} = GameUpdateTask Class
                        \InProcServer32\(Default) = C:\Windows\SysWOW64\gameux.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Manual) ->  launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}
  -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
                  \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
  -> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
                        \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
AitAgent ->  launches: aitagent [MS]
ProgramDataUpdater ->  launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
Proxy ->  launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
UninstallDeviceTask ->  launches: BthUdTask.exe $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
SystemTask ->  launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
  -> {HKLM...CLSID} = Certificate Services Client Task Handler
                  \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
  -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
                        \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
UserTask ->  launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
  -> {HKLM...CLSID} = Certificate Services Client Task Handler
                  \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
  -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
                        \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
Consolidator ->  launches: %SystemRoot%\System32\wsqmcons.exe [MS]
KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}
  -> {HKLM...CLSID} = KernelCeipCustomHandler
                  \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS]
UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}
  -> {HKLM...CLSID} = UsbCeip
                  \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
  -> {HKLM...Wow...CLSID} = UsbCeip
                        \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
ScheduledDefrag ->  launches: %windir%\system32\defrag.exe -c [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}
  -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler
                  \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Location
Notifications ->  launches: %windir%\System32\LocationNotifications.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
WinSAT ->  launches: {A9A33436-678B-4C9C-A211-7CC38785E79D}
  -> {HKLM...CLSID} = WinSAT Task Manger Task
                  \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]
  -> {HKLM...Wow...CLSID} = WinSAT Task Manger Task
                        \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
ActivateWindowsSearch ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS]
ConfigureInternetTimeService ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS]
DispatchRecoveryTasks ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS]
ehDRMInit ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS]
InstallPlayReady ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS]
mcupdate ->  launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS]
MediaCenterRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS]
ObjectStoreRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS]
OCURActivate ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS]
OCURDiscovery ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS]
PBDADiscovery ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS]
PBDADiscoveryW1 ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS]
PBDADiscoveryW2 ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS]
PvrRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS]
PvrScheduleTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS]
RegisterSearch ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS]
ReindexSearchRoot ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS]
SqlLiteRecoveryTask ->  launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS]
StartRecording ->  launches: %SystemRoot%\ehome\ehrec /StartRecording [MS]
UpdateRecordPath ->  launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
  -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler
                  \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]
DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
  -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler
                  \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
HotStart ->  launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
  -> {HKLM...CLSID} = HotStart User Agent
                  \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI
LPRemove ->  launches: %windir%\system32\lpremove.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
SystemSoundsService ->  launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
  -> {HKLM...CLSID} = Microsoft PlaySoundService Class
                  \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
  -> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class
                        \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
GatherNetworkInfo ->  launches: %windir%\system32\gatherNetworkInfo.vbs [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
AnalyzeSystem ->  launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC
RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}
  -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler
                  \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]
  -> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler
                        \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Ras
MobilityManager ->  launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}
  -> {HKLM...CLSID} = RasMobilityManager
                  \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Registry
RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}
  -> {HKLM...CLSID} = RegistryIdleBackupHandler
                  \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
GadgetManager ->  launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}
  -> {HKLM...CLSID} = GadgetsManager Class
                  \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
SR ->  launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}
  -> {HKLM...CLSID} = RunTask
                  \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
  -> {HKLM...Wow...CLSID} = RunTask
                        \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
IpAddressConflict1 ->  launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]
IpAddressConflict2 ->  launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
  -> {HKLM...CLSID} = MsCtfMonitor task handler
                  \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
  -> {HKLM...Wow...CLSID} = MsCtfMonitor task handler
                        \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
SynchronizeTime ->  launches: %windir%\system32\sc.exe start w32time task_started [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
UPnPHostConfig ->  launches: sc.exe config upnphost start= auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI
ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
  -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler
                  \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
  -> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler
                        \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
QueueReporting ->  launches: %windir%\system32\wermgr.exe -queuereporting [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
UpdateLibrary ->  launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
ConfigNotification ->  launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS]

C:\Windows\System32\Tasks\ProtectedSearch
Protected Search ->  launches: "C:\Program Files (x86)\Protected Search\ProtectedSearch.exe"  [file not found]

C:\Windows\System32\Tasks\WPD
SqmUpload_S-1-5-21-3844378849-2479913660-30988051-1000 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [Avira Operations GmbH & Co. KG], 01 - 08, 19
%SystemRoot%\system32\mswsock.dll [MS], 09 - 18

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [Avira Operations GmbH & Co. KG], 01 - 08, 19
%SystemRoot%\system32\mswsock.dll [MS], 09 - 18


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = An OneNote senden
MenuText = An OneNote s&enden
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
  -> {HKLM...CLSID} = Send to OneNote from Internet Explorer button
                  \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll [MS]

{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\
ButtonText = Verknpfte &OneNote-Notizen
MenuText = Verknpfte &OneNote-Notizen
CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}
  -> {HKLM...CLSID} = Linked Notes button
                  \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = An OneNote senden
MenuText = An OneNote s&enden
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
  -> {HKLM...Wow...CLSID} = Send to OneNote from Internet Explorer button
                        \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll [MS]

{6E80943C-847C-4447-B830-F94E7DCBBD4E}\
BandCLSID = {96edaac7-6183-4cb5-8823-b8b12d94f967}

{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\
ButtonText = Verknpfte &OneNote-Notizen
MenuText = Verknpfte &OneNote-Notizen
CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}
  -> {HKLM...Wow...CLSID} = Linked Notes button
                        \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated]
AMD External Events Utility, AMD External Events Utility, C:\Windows\system32\atiesrxx.exe [AMD]
Application Virtualization Client, sftlist, "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe" [MS]
Application Virtualization Service Agent, sftvsa, "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe" [MS]
Avira Browser-Schutz, AntiVirWebService, "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [Avira Operations GmbH & Co. KG]
Avira Echtzeit-Scanner, AntiVirService, "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [Avira Operations GmbH & Co. KG]
Avira Planer, AntiVirSchedulerService, "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [Avira Operations GmbH & Co. KG]
Client Virtualization Handler, cvhsvc, "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE" [MS]
Dritek WMI Service, DsiWMIService, C:\Program Files (x86)\Launch Manager\dsiwmis.exe [Dritek System Inc.]
Intel(R) Management and Security Application Local Management Service, LMS, C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [Intel Corporation]
Intel(R) Management and Security Application User Notification Service, UNS, "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [Intel Corporation]
Intel(R) Rapid Storage Technology, IAStorDataMgrSvc, "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe" [null data]
Microsoft .NET Framework NGEN v4.0.30319_X64, clr_optimization_v4.0.30319_64, C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [MS]
Nero Update, NAUpdate, "C:\Program Files (x86)\Nero\Update\NASvc.exe" [Nero AG]
PnkBstrA, PnkBstrA, C:\Windows\system32\PnkBstrA.exe [file not found]




==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Diton Shkreli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Diton Shkreli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\users\Diton Shkreli\AppData\Local\Mozilla\Firefox\Profiles\4tept9sc.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\users\Diton Shkreli\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

After Reboot

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\DITONS~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied
Der Fehler kam nach dem Neustart immernoch :(

ryder 15.05.2013 21:23
So das müßte es sein:

Combofix-Skript
WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

  • Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link
  • Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!
  • Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
  • Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

    Code:
    Folder::
    C:\Windows\System32\Tasks\Browser Updater
    C:\Program Files (x86)\Browser Updater
  • Speichere dies als CFScript.txt auf deinem Desktop.
  • Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.
  • Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:
  • Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
    Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.

Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

notiD 15.05.2013 21:43
Code:
ComboFix 13-05-15.01 - Diton Shkreli 15.05.2013  22:35:55.3.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3948.2427 [GMT 2:00]
ausgeführt von:: c:\users\Diton Shkreli\Downloads\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Diton Shkreli\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Diton Shkreli\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\Diton Shkreli\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-04-15 bis 2013-05-15  ))))))))))))))))))))))))))))))
.
.
2013-05-15 20:41 . 2013-05-15 20:41        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-05-15 19:56 . 2013-05-15 20:41        --------        d-----w-        c:\users\Diton Shkreli\AppData\Local\Temp
2013-05-15 19:56 . 2013-05-15 19:47        24064        ----a-w-        c:\windows\zoek-delete.exe
2013-05-15 18:20 . 2013-05-15 18:20        --------        d-----w-        c:\users\Diton Shkreli\AppData\Roaming\Avira
2013-05-15 18:15 . 2013-05-15 18:15        83160        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2013-05-15 18:14 . 2013-03-06 14:13        28600        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2013-05-15 18:14 . 2013-02-26 14:56        130016        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2013-05-15 18:14 . 2013-02-26 14:56        100712        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2013-05-15 18:14 . 2013-05-15 18:15        --------        d-----w-        c:\programdata\Avira
2013-05-15 18:14 . 2013-05-15 18:14        --------        d-----w-        c:\program files (x86)\Avira
2013-05-15 14:19 . 2013-05-15 14:19        76232        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{11ECCF02-92C3-48E6-AC7C-158E90C9E52C}\offreg.dll
2013-05-15 13:10 . 2013-05-05 21:36        17818624        ----a-w-        c:\windows\system32\mshtml.dll
2013-05-15 13:10 . 2013-05-05 21:16        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2013-05-15 13:10 . 2013-05-05 19:12        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2013-05-15 11:42 . 2013-05-13 06:37        9460464        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{11ECCF02-92C3-48E6-AC7C-158E90C9E52C}\mpengine.dll
2013-05-14 15:55 . 2013-05-14 15:55        --------        d-----w-        c:\program files (x86)\EA Games
2013-05-12 16:44 . 2013-05-12 16:44        --------        d-----w-        c:\program files (x86)\VS Revo Group
2013-05-12 14:37 . 2013-05-12 14:37        --------        d-----w-        c:\windows\system32\IO
2013-05-11 15:33 . 2013-05-11 15:33        --------        d-----w-        c:\users\Diton Shkreli\AppData\Roaming\Malwarebytes
2013-05-11 15:33 . 2013-05-13 14:26        --------        d-----w-        c:\programdata\Malwarebytes
2013-05-09 10:09 . 2013-05-09 10:09        --------        d-----w-        c:\users\Diton Shkreli\AppData\Roaming\ParetoLogic
2013-05-09 10:09 . 2013-05-09 10:09        --------        d-----w-        c:\users\Diton Shkreli\AppData\Roaming\DriverCure
2013-05-09 10:09 . 2013-05-09 10:11        --------        d-----w-        c:\programdata\ParetoLogic
2013-05-07 17:01 . 2013-05-13 19:47        --------        d-----w-        c:\users\Diton Shkreli\AppData\Local\assembly
2013-05-03 17:06 . 2013-05-13 14:40        --------        d-----w-        c:\users\Diton Shkreli\AppData\Local\Microsoft Games
2013-05-01 15:54 . 2013-05-01 15:54        --------        d-----w-        c:\users\Diton Shkreli\AppData\Roaming\GoPlayer
2013-04-28 09:09 . 2013-05-13 14:41        --------        d-----w-        c:\program files (x86)\Common Files\soft Xpansion
2013-04-28 09:08 . 2013-05-13 14:41        --------        d-----w-        c:\program files (x86)\Common Files\Freemium
2013-04-28 09:08 . 2013-05-01 10:34        --------        d-----w-        c:\programdata\Freemium
2013-04-27 06:00 . 2013-05-15 13:24        --------        d-----w-        c:\program files (x86)\Google
2013-04-24 11:40 . 2013-04-12 14:45        1656680        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2013-04-20 10:03 . 2013-05-13 14:42        --------        d-----w-        c:\program files (x86)\SoftwareUpdater
2013-04-16 08:04 . 2013-05-15 18:35        282296        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2013-04-16 08:04 . 2013-05-15 18:33        270240        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2013-04-16 08:04 . 2013-05-15 17:34        76888        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 18:35 . 2012-03-25 18:40        282296        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2013-05-15 13:15 . 2012-08-08 11:33        75016696        ----a-w-        c:\windows\system32\MRT.exe
2013-05-15 11:44 . 2012-04-13 10:19        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 11:44 . 2011-07-25 10:15        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 00:06 . 2010-11-21 03:27        278800        ------w-        c:\windows\system32\MpSigStub.exe
2013-05-01 15:54 . 2011-06-10 23:58        420944        ----a-w-        c:\windows\SysWow64\msvcp100.dll
2013-04-13 05:49 . 2013-05-15 11:42        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 11:42        350208        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 11:42        308736        ----a-w-        c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 11:42        111104        ----a-w-        c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 11:42        474624        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 11:42        2176512        ----a-w-        c:\windows\apppatch\AcGenral.dll
2013-03-26 10:30 . 2013-03-26 10:30        95648        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-26 10:30 . 2012-05-12 18:19        861088        ----a-w-        c:\windows\SysWow64\npdeployJava1.dll
2013-03-26 10:30 . 2012-01-26 18:52        782240        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2013-03-19 06:04 . 2013-04-10 11:54        5550424        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 11:54        43520        ----a-w-        c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 11:54        3968856        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 11:54        3913560        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 11:54        6656        ----a-w-        c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 11:54        112640        ----a-w-        c:\windows\system32\smss.exe
2013-03-11 12:48 . 2012-12-15 17:51        43520        ----a-w-        c:\windows\SysWow64\CmdLineExt03.dll
2013-02-15 06:08 . 2013-04-10 11:54        44032        ----a-w-        c:\windows\system32\tsgqec.dll
2013-02-15 06:06 . 2013-04-10 11:54        3717632        ----a-w-        c:\windows\system32\mstscax.dll
2013-02-15 06:02 . 2013-04-10 11:54        158720        ----a-w-        c:\windows\system32\aaclient.dll
2013-02-15 04:37 . 2013-04-10 11:54        3217408        ----a-w-        c:\windows\SysWow64\mstscax.dll
2013-02-15 04:34 . 2013-04-10 11:54        131584        ----a-w-        c:\windows\SysWow64\aaclient.dll
2013-02-15 03:25 . 2013-04-10 11:54        36864        ----a-w-        c:\windows\SysWow64\tsgqec.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-04-04 345312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SystemStoreService;System Store;c:\program files (x86)\SoftwareUpdater\SystemStore.exe  -displayname System Store -servicename SystemStoreService [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 SXDS10;soft Xpansion Dispatch Service;c:\program files (x86)\Common Files\soft Xpansion\sxds10.exe \Service [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-06 28600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-24 204288]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-02-25 86752]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-04-09 562744]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-24 52320]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-12 138024]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-04-15 12228128]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-09-27 76912]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-26 46176]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2011-03-09 1222248]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-15 13:24        1642448        ----a-w-        c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 11:44]
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-15 13:23]
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-15 13:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-10 11785832]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-15 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-15 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-15 416024]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: {{6e80943c-847c-4447-b830-f94e7dcbbd4e} - {96edaac7-6183-4cb5-8823-b8b12d94f967} -
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-ApnUpdater - c:\program files (x86)\Ask.com\Updater\Updater.exe
AddRemove-{c5eac06d-16a7-4836-866d-ebf3ecfdcdaa}_is1 - c:\program files (x86)\HomeTab\unins000.exe
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files (x86)\Ask.com\Updater\Updater.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-3844378849-2479913660-30988051-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-3844378849-2479913660-30988051-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-3844378849-2479913660-30988051-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (S-1-5-21-3844378849-2479913660-30988051-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-3844378849-2479913660-30988051-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-3844378849-2479913660-30988051-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (S-1-5-21-3844378849-2479913660-30988051-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-15  22:42:45
ComboFix-quarantined-files.txt  2013-05-15 20:42
ComboFix2.txt  2013-05-14 14:25
ComboFix3.txt  2013-05-13 19:58
.
Vor Suchlauf: 14 Verzeichnis(se), 419.613.872.128 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 419.321.647.104 Bytes frei
.
- - End Of File - - 04130107D8958EA3F7D6C95B6726E154

ryder 15.05.2013 21:44
Yo. Von der Lösung sieht man nix .... aber tritt es noch auf?

notiD 15.05.2013 21:50
Ja habe den pc grad neugestartet... :(

Was kannste mir noch raten?

ryder 16.05.2013 17:14
Und du bist sicher, dass das mit dem Skript richtig lief?

Wir schauen einfach nochmal genauer hin:
Scan mit SystemLook

Lade dir die passende Version von SystemLook (jpshortstuff) von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.

Download Mirror #1 (32 bit) - Download Mirror #2 (32 bit)
Download Mirror #1 (64 bit) - Download Mirror #2 (64 bit)
  • Starte das Tool mit Doppelklick.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
    Code:
    :dir
    C:\Windows\System32\Tasks /s
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

notiD 16.05.2013 17:18
Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 18:18 on 16/05/2013 by Diton Shkreli
Administrator - Elevation successful

========== dir ==========

C:\Windows\System32\Tasks - Parameters: "/s"

---Files---
Adobe ARM        --a---- 2732 bytes        [10:15 25/07/2011]        [10:15 25/07/2011]
Adobe Flash Player Updater        --a---- 3822 bytes        [10:19 13/04/2012]        [11:45 15/05/2013]
Adobe Reader Speed Launcher        --a---- 2730 bytes        [10:15 25/07/2011]        [10:15 25/07/2011]
Adobe-Online-Aktualisierungsprogramm        --a---- 3694 bytes        [13:42 13/04/2013]        [13:42 13/04/2013]
Desk 365 RunAsStdUser        --a---- 3410 bytes        [15:54 01/05/2013]        [15:54 01/05/2013]
DeviceDetector        --a---- 3200 bytes        [10:20 25/07/2011]        [10:20 25/07/2011]
Go for FilesUpdate        --a---- 3100 bytes        [11:49 27/01/2013]        [11:49 27/01/2013]
Google Updater and Installer        --a---- 3892 bytes        [13:42 13/04/2013]        [13:42 13/04/2013]
GoogleUpdateTaskMachineCore        --a---- 3868 bytes        [13:23 15/05/2013]        [13:23 15/05/2013]
GoogleUpdateTaskMachineUA        --a---- 4120 bytes        [13:23 15/05/2013]        [13:23 15/05/2013]
Java Update Scheduler        --a---- 3704 bytes        [13:42 13/04/2013]        [13:42 13/04/2013]
Microsoft_Hardware_Launch_devicecenter_exe        --a---- 3056 bytes        [16:10 23/11/2012]        [16:10 23/11/2012]
Microsoft_Hardware_Launch_ipoint_exe        --a---- 3044 bytes        [16:10 23/11/2012]        [16:10 23/11/2012]
Microsoft_Hardware_Launch_itype_exe        --a---- 3042 bytes        [16:10 23/11/2012]        [16:10 23/11/2012]
NBAgent        --a---- 2806 bytes        [10:11 25/07/2011]        [10:11 25/07/2011]
Scheduled Update for Ask Toolbar        --a---- 3844 bytes        [18:14 15/05/2013]        [18:14 15/05/2013]
Software Updater        --a---- 4130 bytes        [10:03 20/04/2013]        [14:59 16/05/2013]
Software Updater Ui        --a---- 4160 bytes        [10:04 20/04/2013]        [14:59 16/05/2013]
{44C18F0B-4A96-4F98-9CEC-25E8E21C77DE}        --a---- 3202 bytes        [11:31 27/05/2012]        [11:31 27/05/2012]
{8760E898-A2E3-47DF-93BD-0458BBCAC0F8}        --a---- 3248 bytes        [22:29 03/01/2012]        [22:29 03/01/2012]

C:\Windows\System32\Tasks\Browser Updater        d------        [10:03 20/04/2013]
Browser Updater        --a---- 4066 bytes        [10:03 20/04/2013]        [10:03 20/04/2013]

C:\Windows\System32\Tasks\Games        d------        [16:57 19/01/2013]
UpdateCheck_S-1-5-21-3844378849-2479913660-30988051-1000        --a---- 4788 bytes        [17:06 03/05/2013]        [17:06 03/05/2013]

C:\Windows\System32\Tasks\Microsoft        d------        [03:20 14/07/2009]

C:\Windows\System32\Tasks\Microsoft\Windows        d------        [03:20 14/07/2009]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client        d------        [04:53 14/07/2009]
AD RMS Rights Policy Template Management (Automated)        --a---- 4472 bytes        [04:53 14/07/2009]        [04:53 14/07/2009]
AD RMS Rights Policy Template Management (Manual)        --a---- 3854 bytes        [04:53 14/07/2009]        [04:53 14/07/2009]

C:\Windows\System32\Tasks\Microsoft\Windows\AppID        d------        [04:54 14/07/2009]
PolicyConverter        --a---- 2900 bytes        [04:54 14/07/2009]        [04:54 14/07/2009]
VerifiedPublisherCertStoreCheck        --a---- 3790 bytes        [04:54 14/07/2009]        [04:54 14/07/2009]

C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience        d------        [04:54 14/07/2009]
AitAgent        --a---- 3458 bytes        [04:54 14/07/2009]        [04:54 14/07/2009]
ProgramDataUpdater        --a---- 3614 bytes        [04:54 14/07/2009]        [04:54 14/07/2009]

C:\Windows\System32\Tasks\Microsoft\Windows\Autochk        d------        [04:49 14/07/2009]
Proxy        --a---- 3026 bytes        [04:49 14/07/2009]        [04:49 14/07/2009]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth        d------        [04:57 14/07/2009]
UninstallDeviceTask        --a---- 1862 bytes        [04:57 14/07/2009]        [04:57 14/07/2009]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient        d------        [04:53 14/07/2009]
SystemTask        --a---- 4130 bytes        [04:53 14/07/2009]        [04:53 14/07/2009]
UserTask        --a---- 3868 bytes        [04:53 14/07/2009]        [04:53 14/07/2009]
UserTask-Roam        --a---- 3134 bytes        [04:53 14/07/2009]        [05:09 14/07/2009]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program        d------        [04:53 14/07/2009]
Consolidator        --a---- 4192 bytes        [04:57 14/07/2009]        [13:42 13/04/2013]
KernelCeipTask        --a---- 3946 bytes        [04:53 14/07/2009]        [04:53 14/07/2009]
UsbCeip        --a---- 3598 bytes        [04:54 14/07/2009]        [04:54 14/07/2009]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag        d------        [04:57 14/07/2009]
ScheduledDefrag        --a---- 3886 bytes        [04:57 14/07/2009]        [04:57 14/07/2009]

C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis        d------        [04:57 14/07/2009]
Scheduled        --a---- 4018 bytes        [04:57 14/07/2009]        [04:57 14/07/2009]

C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic        d------        [09:12 25/07/2011]
Microsoft-Windows-DiskDiagnosticDataCollector        --a---- 3760 bytes        [09:12 25/07/2011]        [18:51 13/11/2011]
Microsoft-Windows-DiskDiagnosticResolver        --a---- 2538 bytes        [09:12 25/07/2011]        [09:12 25/07/2011]

C:\Windows\System32\Tasks\Microsoft\Windows\Location        d------        [04:55 14/07/2009]
Notifications        --a---- 3554 bytes        [04:55 14/07/2009]        [04:57 14/07/2009]

C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance        d------        [04:55 14/07/2009]
WinSAT        --a---- 4084 bytes        [04:55 14/07/2009]        [11:31 25/11/2011]

C:\Windows\System32\Tasks\Microsoft\Windows\Media Center        d------        [07:16 21/11/2010]
ActivateWindowsSearch        --a---- 2420 bytes        [09:12 25/07/2011]        [09:12 25/07/2011]
ConfigureInternetTimeService        --a---- 2448 bytes        [09:12 25/07/2011]        [09:12 25/07/2011]
DispatchRecoveryTasks        --a---- 3650 bytes        [09:12 25/07/2011]        [18:27 24/06/2012]
ehDRMInit        --a---- 2400 bytes        [09:12 25/07/2011]        [09:12 25/07/2011]
InstallPlayReady        --a---- 2546 bytes        [09:12 25/07/2011]        [09:12 25/07/2011]
mcupdate        --a---- 2790 bytes        [09:12 25/07/2011]        [09:12 25/07/2011]
MediaCenterRecoveryTask        --a---- 2954 bytes        [09:12 25/07/2011]        [09:12 25/07/2011]
ObjectStoreRecoveryTask        --a---- 2958 bytes        [09:12 25/07/2011]        [09:12 25/07/2011]
OCURActivate        --a---- 2380 bytes        [09:12 25/07/2011]        [09:12 25/07/2011]
OCURDiscovery        --a---- 2400 bytes        [09:12 25/07/2011]        [09:12 25/07/2011]
PBDADiscovery        --a---- 2384 bytes        [09:12 25/07/2011]        [09:12 25/07/2011]
PBDADiscoveryW1        --a---- 3226 bytes        [09:13 25/07/2011]        [09:13 25/07/2011]
PBDADiscoveryW2        --a---- 3228 bytes        [09:13 25/07/2011]        [09:13 25/07/2011]
PeriodicScanRetry        --a---- 3822 bytes        [09:12 25/07/2011]        [09:12 25/07/2011]
PvrRecoveryTask        --a---- 2926 bytes        [09:12 25/07/2011]        [09:12 25/07/2011]
PvrScheduleTask        --a---- 2918 bytes        [09:12 25/07/2011]        [09:12 25/07/2011]
RecordingRestart        --a---- 3078 bytes        [09:12 25/07/2011]        [09:12 25/07/2011]
RegisterSearch        --a---- 2408 bytes        [09:12 25/07/2011]        [09:12 25/07/2011]
ReindexSearchRoot        --a---- 2432 bytes        [09:12 25/07/2011]        [09:12 25/07/2011]
SqlLiteRecoveryTask        --a---- 2942 bytes        [09:12 25/07/2011]        [09:12 25/07/2011]
StartRecording        --a---- 3418 bytes        [18:50 29/12/2011]        [18:27 24/06/2012]
UpdateRecordPath        --a---- 2736 bytes        [09:12 25/07/2011]        [09:12 25/07/2011]

C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\Extender        d------        [07:16 21/11/2010]

C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic        d------        [04:53 14/07/2009]
CorruptionDetector        --a---- 3304 bytes        [04:53 14/07/2009]        [04:53 14/07/2009]
DecompressionFailureDetector        --a---- 3510 bytes        [04:53 14/07/2009]        [04:53 14/07/2009]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC        d------        [09:12 25/07/2011]
HotStart        --a---- 3576 bytes        [09:12 25/07/2011]        [09:12 25/07/2011]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI        d------        [04:54 14/07/2009]
LPRemove        --a---- 3168 bytes        [04:54 14/07/2009]        [04:54 14/07/2009]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia        d------        [04:55 14/07/2009]
SystemSoundsService        --a---- 2602 bytes        [04:55 14/07/2009]        [04:57 14/07/2009]

C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace        d------        [04:54 14/07/2009]
GatherNetworkInfo        --a---- 2044 bytes        [04:54 14/07/2009]        [04:54 14/07/2009]

C:\Windows\System32\Tasks\Microsoft\Windows\NetworkAccessProtection        d------        [04:54 14/07/2009]

C:\Windows\System32\Tasks\Microsoft\Windows\PerfTrack        d------        [04:55 14/07/2009]
BackgroundConfigSurveyor        --a---- 2832 bytes        [04:55 14/07/2009]        [04:55 14/07/2009]

C:\Windows\System32\Tasks\Microsoft\Windows\PLA        d------        [03:20 14/07/2009]

C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System        d------        [03:20 14/07/2009]

C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics        d------        [04:53 14/07/2009]
AnalyzeSystem        --a---- 3752 bytes        [04:53 14/07/2009]        [04:53 14/07/2009]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC        d------        [04:55 14/07/2009]
RacTask        --a---- 4370 bytes        [04:55 14/07/2009]        [04:57 14/07/2009]

C:\Windows\System32\Tasks\Microsoft\Windows\Ras        d------        [04:49 14/07/2009]
MobilityManager        --a---- 3052 bytes        [04:49 14/07/2009]        [04:49 14/07/2009]

C:\Windows\System32\Tasks\Microsoft\Windows\Registry        d------        [04:54 14/07/2009]
RegIdleBackup        --a---- 3956 bytes        [04:54 14/07/2009]        [04:54 14/07/2009]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update        d------        [03:20 14/07/2009]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance        d------        [04:57 14/07/2009]
RemoteAssistanceTask        --a---- 4596 bytes        [04:57 14/07/2009]        [04:57 14/07/2009]

C:\Windows\System32\Tasks\Microsoft\Windows\RemovalTools        d------        [20:03 13/03/2013]

C:\Windows\System32\Tasks\Microsoft\Windows\Shell        d------        [04:54 14/07/2009]
WindowsParentalControls        --a---- 3616 bytes        [04:57 14/07/2009]        [04:57 14/07/2009]
WindowsParentalControlsMigration        --a---- 3912 bytes        [04:57 14/07/2009]        [05:09 14/07/2009]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow        d------        [09:12 25/07/2011]
AutoWake        --a---- 3784 bytes        [09:12 25/07/2011]        [09:12 25/07/2011]
GadgetManager        --a---- 3612 bytes        [09:12 25/07/2011]        [09:12 25/07/2011]
SessionAgent        --a---- 3698 bytes        [09:12 25/07/2011]        [02:55 27/08/2011]
SystemDataProviders        --a---- 3792 bytes        [09:12 25/07/2011]        [02:56 27/08/2011]

C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform        d------        [04:49 14/07/2009]
SvcRestartTask        --a---- 3942 bytes        [04:49 14/07/2009]        [04:49 14/07/2009]

C:\Windows\System32\Tasks\Microsoft\Windows\SyncCenter        d------        [05:32 14/07/2009]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore        d------        [05:01 14/07/2009]
SR        --a---- 3506 bytes        [05:01 14/07/2009]        [05:01 14/07/2009]

C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager        d------        [04:53 14/07/2009]
Interactive        --a---- 2614 bytes        [04:53 14/07/2009]        [04:53 14/07/2009]

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip        d------        [04:53 14/07/2009]
IpAddressConflict1        --a---- 3950 bytes        [04:53 14/07/2009]        [04:53 14/07/2009]
IpAddressConflict2        --a---- 4066 bytes        [04:53 14/07/2009]        [04:53 14/07/2009]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework        d------        [04:53 14/07/2009]
MsCtfMonitor        --a---- 2978 bytes        [04:53 14/07/2009]        [04:53 14/07/2009]

C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization        d------        [04:49 14/07/2009]
SynchronizeTime        --a---- 3388 bytes        [04:49 14/07/2009]        [04:49 14/07/2009]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP        d------        [04:49 14/07/2009]
UPnPHostConfig        --a---- 1730 bytes        [04:49 14/07/2009]        [04:49 14/07/2009]

C:\Windows\System32\Tasks\Microsoft\Windows\User Profile Service        d------        [04:53 14/07/2009]
HiveUploadTask        --a---- 3420 bytes        [04:53 14/07/2009]        [04:53 14/07/2009]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI        d------        [04:49 14/07/2009]
ResolutionHost        --a---- 2682 bytes        [04:49 14/07/2009]        [04:49 14/07/2009]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting        d------        [04:49 14/07/2009]
QueueReporting        --a---- 3048 bytes        [04:49 14/07/2009]        [04:49 14/07/2009]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform        d------        [04:49 14/07/2009]
BfeOnServiceStartTypeChange        --a---- 3290 bytes        [04:49 14/07/2009]        [04:49 14/07/2009]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing        d------        [04:57 14/07/2009]
UpdateLibrary        --a---- 3304 bytes        [04:57 14/07/2009]        [04:57 14/07/2009]

C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup        d------        [04:54 14/07/2009]
ConfigNotification        --a---- 4330 bytes        [04:54 14/07/2009]        [02:53 21/11/2010]

C:\Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem        d------        [04:57 14/07/2009]
Calibration Loader        --a---- 3532 bytes        [04:57 14/07/2009]        [05:09 14/07/2009]

C:\Windows\System32\Tasks\Microsoft\Windows Defender        d------        [04:57 14/07/2009]

C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform        d------        [11:47 26/12/2011]
SvcRestartTask        --a---- 4392 bytes        [11:47 26/12/2011]        [11:47 26/12/2011]

C:\Windows\System32\Tasks\ProtectedSearch        d------        [10:04 20/04/2013]
Protected Search        --a---- 3186 bytes        [10:04 20/04/2013]        [10:04 20/04/2013]

C:\Windows\System32\Tasks\WPD        d------        [05:09 14/07/2009]
SqmUpload_S-1-5-21-3844378849-2479913660-30988051-1000        --a---- 4500 bytes        [08:30 15/10/2011]        [08:30 15/10/2011]

 - Unable to find folder.

-= EOF =-

ryder 16.05.2013 17:24
Wir werden mal härtere Bandagen anlegen :)

Lade dir bitte BlitzBlank (von Emsisoft) herunter und speichere es auf den Desktop.
  • Starte die BlitzBlank.exe und bestätige die Warnung mit OK.
  • Wechsle in den Reiter Script.
  • Kopiere nun folgenden Inhalt aus der Codebox und füge ihn ins Textfeld von BlitzBlank ein:
    (Wichtig: Falls du deinen Benutzernamen unkenntlich gemacht hast (z.B. durch ***), dann mach das hier im Skript wieder rückgängig.)
    Code:
    DeleteFolder:
    C:\Windows\System32\Tasks\Browser Updater
  • Schließe jetzt alle anderen laufenden Programme und Anwendungen.
  • Drücke dann auf Jetzt ausführen.
  • Bestätige die Warnung und den Neustart jeweils mit OK. Der Rechner wird neu gestartet.
  • Nach dem Neustart findest du ein Logfile unter C:\blitzblank.log. Poste dessen Inhalt bitte hier in deinen Thread.

notiD 16.05.2013 17:31
Ehm... es kommt eine Fehlermeldung..: Syntaxfehler in Zeile 2, ungültiger Ordnerpfad :(

ryder 16.05.2013 18:01
Ja. Zurecht ... so bitte:

Code:
DeleteFolder:
"C:\Windows\System32\Tasks\Browser Updater"
:heulen:

notiD 16.05.2013 18:06
Geht auch nicht :(

ryder 16.05.2013 19:15
Es ist zum heulen. Probiere folgende Schritte:
  • Startmenü
  • Rechtsklick auf "Computer"
  • Verwaltung
  • System > Aufgabenplanung
  • Suche den "Browser Updater"
  • Rechtsklick und "Lösche Ordner"
  • Danach .... alles zu .... Neustart

Bitte berichte :)

notiD 16.05.2013 19:29
Dort ist keine Aufgabe vorhanden :( :( :( :(

ryder 16.05.2013 19:30
Aber der Fehler tritt doch immer noch auf? (Nach einem Neustart?)

notiD 16.05.2013 19:34
Ich habs!!!
Vielen vielen vielen Dank ryder ohne dich wäre ich immernoch am Anfang!
Danke Danke Danke :)

ryder 16.05.2013 19:39
Gut! :daumenhoc

Soweit ich das sehe haben wir damit alles Schädliche entfernt. Um sicher sein zu können müssen jetzt noch ein paar Kontrollen machen und werden dann deinen Computer noch auf einen sicheren Stand bringen. Da diese Scans jetzt sehr lange dauern können bitte ich dich mir erst wieder zu schreiben, wenn du auch wirklich alles erledigt hast oder Probleme auftreten sollten.

Schritt 1:
Quick-Scan mit Malwarebytes
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 2:

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte poste das Logfile hier oder teile mir mit, dass nichts gefunden wurde.
Hinweis: Der Scan kann sehr lange (einige Stunden) dauern! :kaffee:

Schritt 3:
Scan mit SecurityCheck

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

notiD 16.05.2013 19:50
Also bei Malwarebytes wurde nichts gefunden.

Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.16.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Diton Shkreli :: DITONS-LAPTOP [Administrator]

Schutz: Deaktiviert

16.05.2013 20:44:28
mbam-log-2013-05-16 (20-44-28).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 217662
Laufzeit: 4 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

ryder 16.05.2013 19:53
Lesen?

Zitat:
Da diese Scans jetzt sehr lange dauern können bitte ich dich mir erst wieder zu schreiben, wenn du auch wirklich alles erledigt hast oder Probleme auftreten sollten.

notiD 16.05.2013 21:05
Bei Eset wurde ebenfalls nichts gefunden.

Security Check:

Code:
Results of screen317's Security Check version 0.99.63 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 17 
 Java version out of Date!
 Adobe Flash Player 11.7.700.202 
 Adobe Reader 10.1.7 Adobe Reader out of Date! 
 Google Chrome 26.0.1410.64 
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

ryder 17.05.2013 15:04
Prima! :daumenhoc

Damit wären wir fertig. Wir räumen jetzt noch ein wenig auf und dann habe ich am Ende etwas Lesestoff für dich.

Schritt 1:
Tools deinstallieren

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde:
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall delfix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Schritt 2:
ESET deinstallieren (Optional)

Ich empfehle dir dein System einmal pro Woche mit ESET zu scannen. Möchtest du ESET aber entfernen:
Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und kopiere folgenden Text in das Ausführen-Fenster und klicke OK.
Code:
"%ProgramFiles%\Eset\Eset Online Scanner\OnlineScannerUninstaller.exe"



Schritt 3:
Java Update (Windows XP, Vista, 7)
Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können. Wenn die Installation beendet wurde:
  • Start > Systemsteuerung > Programme und deinstalliere alle älteren Java Versionen, falls vorhanden, und starte deinen Rechner neu.
Nach dem Neustart:
  • Öffne erneut die Systemsteuerung > Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen...
  • Gehe sicher, dass überall ein Haken gesetzt ist und klicke zweimal OK.

Abschließend noch Tipps zu folgenden Themen:
  • Systemupdates
  • Softwareupdates
  • Sicherheitssoftware
  • Sicheres Surfen
Lesestoff:
Systemupdates
Man kann es gar nicht oft genug erwähnen, wie wichtig es ist, sein System aktuell zu halten. Dein Auto bringst du ja auch regelmässig zur Inspektion in die Werkstatt. Stelle also bitte sicher, dass die Systemupdates aktiviert sind:
  • Bitte überprüfe, ob dein System Windows Updates automatisch herunter lädt:
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.


Lesestoff:
Softwareupdates
Ebenso wichtig wie die Systemprogramme ist auch die Software, die du täglich nutzt. Die folgende Liste gibt dir einen kleinen Überblick mit Links zu den Updates, welche Programme dringend aktuell gehalten werden müssen (falls du sie überhaupt installiert hast und nutzt), weil durch deren Sicherheitslücken oft Malware auf die Computer gelangen kann:Auch nicht gelistete Programme sind natürlich wichtig. Ob es für diese eine neue Version gibt, kannst du auf deren Herstellerwebseite oder ganz bequem mit diesen Tools überprüfen:


Lesestoff:
Sicherheitssoftware
Würde dich jemand nackt auf dem Motorrad auf der Autobahn überholen würdest du auch den Kopf schütteln. Dein Computer braucht auch einen Schutz vor den täglichen kleinen Angriffen durch Schädlinge. Neben hervorragenden kommerziellen Anti-Viren-Lösungen gibt es auch durchaus gute Schutzprogramme, die kostenfrei mit reduziertem Funktionsumfang erhältlich sind. Aber vorsicht, hier gilt nicht "je mehr desto besser". Was du brauchst ist genau einen Virenscanner mit Hintergrundwächter. Nicht mehr und nicht weniger. Es gibt hier viele Produkte auf dem Markt, die einem gute Dienste leisten. Ich persönlich empfehle dir Avast Free Antivirus. Es bietet relativ guten Schutz, bei wenig nerviger Werbung und installiert dir ein Browserplugin, das dich vor gefährlichen Webseiten warnt.
  • Wenn du deine Antivirenlösung wechseln solltest, findest du hier Tools mit denen du die Überreste nach der Deinstallation deines alten Scanners entfernen kannst.
  • Installiere niemals mehr als einen Virenscanner. Deren Hintergrundwächter würden sich gegenseitig behindern und dein System ausbremsen.
  • Ein Browserplugin, das dich vor betrügerischen Webseiten schützt, kann dir gute Dienste leisten, wenn du dich nicht gut auskennst (siehe oben).
  • Sorge dafür, dass deine Sicherheitslösung ständig up-to-date ist und sich automatisch Updates besorgt. Wenn du auf manuelle Updates setzt bist du meistens zu spät, da die Virendatenbanken oft täglich sogar mehrfach erneuert werden.
  • Einen zusätzlichen Schutz (und dieser wäre auch erlaubt) bietet ein spezieller Malwarescanner. Hier empfehle ich dir dringend Malwarebytes und einmal wöchentlich damit zu scannen. In der kostenpflichtigen Version hat es sogar einen Hintergrundwächter. Hierfür haben wir eine Anleitung für dich.
Zuletzt empfehle ich dir deine Daten regelmässig (am besten automatisch) zu sichern. Dies kann eine professionelle Backuplösung, externe Festplatten, Brennen auf DVDs oder Überspielen auf ein Online-Laufwerk wie z.B. Dropbox sein. Erzeuge so viele Kopien wie möglich und halte sie aktuell. Nur so bist du auf den schlimmsten Fall vorbereitet, wenn dein Computer - wodurch auch immer - unbrauchbar werden sollte. Leider passiert das ja immer unangekündigt und immer dann wenn man ihn am Nötigsten braucht. Also sorge vor! :)


Lesestoff:
Sicheres Surfen
Zunächst muss man sagen, dass es üblicherweise immer der menschliche Faktor ist, der es Malware ermöglicht auf einen Computer zu gelangen. Kaufst du Leuten, die an deiner Haustür klingeln, auch sofort ohne nachzudenken irgendwelches Zeug ab? Gewöhne dir daher zunächst einige Verhaltensregeln beim Surfen im Internet an:
  • Klicke nicht irgendwo hin, nur weil es bunt ist und leuchtet, in einer Ecke aufpoppt oder so aussieht, als wäre es eine Systemmeldung.
  • Lade dir keine illegale Software, keine Cracks, keine Keygens, keine Gametrainer usw ... die Webseiten, die so etwas anbieten, sind meist nicht seriös und die angeblichen Helfer sind meist verseuchter als du es dir ausmalen würdest. Es spielt dabei keine Rolle, ob du diese Dateien über einen Browser oder Filesharingprogramme beziehst.
  • Öffne keine Emailanhänge von Leuten, die du nicht kennst, Emails mit seltsamen Rechtschreibfehlern oder starte Dateien, die dir eine Webseite anbietet, ohne dass du sie wolltest.
  • Lasse niemand an deinem Computer surfen, der diese Regeln nicht auch befolgt.
  • Verlasse dich nicht darauf, dass dein Virenscanner schon alles findet. Keine Sicherheitslösung ist 100% sicher!

Aber selbst bei der peinlichen Einhaltung dieser Regeln kann es dennoch zu einer sogenannten Drive-By-Infektion kommen, bei der ein Schädling aus dem Schutzmechanismus des Webbrowsers ausbricht. Um die Sicherheit noch weiter zu erhöhen gibt es spezielle Schutzsoftware, die deinen Browser noch weiter absichert.
  • WOT (Web of trust) Dieses Add-On warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst. Hinweis: Avast enthält ein solches Plugin bereits.
  • Sandboxie schafft eine zusätzliche isolierte Programmumgebung, damit dein Browser wie ein Kleinkind im Sandkasten sicher ist. (Anleitung: Sandboxie)
  • Securebanking ist ein Software, die Verbindungen untersucht und dir meldet, wenn jemand "mithört". Wie der Name sagt, wurde es entwickelt, damit Onlinebanking wirklich sicher ist. Mehr Infos auf der Homepage: Secure Banking

Zuletzt denke bitte über die Benutzung eines alternativen Browsers nach. Programme, die nicht so oft verwendet werden, sind auch nicht so sehr im Focus der "bösen Jungs". D.h. du bist mit einem exotischen Browser eher auf der sicheren Seite. Grundsätzlich bist du erst einmal deutlich sicherer, wenn du nicht den Internet Explorer benutzt.



Damit wünsche ich dir noch viel Spaß beim Surfen im Internet :daumenhoc

... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Eine Bitte: Gib mir eine kurze Rückmeldung, wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.

notiD 17.05.2013 16:05
Vielen vielen Dank ryder!
Alles lief perfekt und ich weiß jetzt auch wir ich meinen PC besser schützen kann.
Du kannst den Thread nun löschen :) :)
Ich hoffe du kannst noch vielen Leuten weiterhelfen :D

ryder 17.05.2013 17:56
Schön, dass wir helfen konnten :abklatsch:

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen

Falls du noch Lob oder Kritik loswerden möchtest, dann gibt es diesen Bereich hier: http://www.trojaner-board.de/lob-kritik-wuensche/


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:39 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130