| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: C:\Programme(x86)\Browser Updater\TBUpdater.dllWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.05.2013, 20:12
| #31 |
| /// TB-Ausbilder  |  C:\Programme(x86)\Browser Updater\TBUpdater.dll Was findest du im Startmenü unter "Autostart" ?
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
15.05.2013, 20:18
| #32 |
 | C:\Programme(x86)\Browser Updater\TBUpdater.dll Wie meinst du das?
__________________Also wenn du diesen Ordner meinst da ist nichts drin: <leer> |
|
15.05.2013, 20:43
| #33 |
| /// TB-Ausbilder | C:\Programme(x86)\Browser Updater\TBUpdater.dll Das ist ja echt unglaublich. Aber ich sehe in keinem Logfile etwas das es bewirken könnte ....
__________________So langsam gehen mir die Optionen aus  Scan mit ZOEK Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/
__________________ |
|
15.05.2013, 20:59
| #34 |
| | C:\Programme(x86)\Browser Updater\TBUpdater.dllCode:
ATTFilter Zoek.exe Version 4.0.0.2 Updated 15-May-2013
Tool run by Diton Shkreli on 15.05.2013 at 21:47:29,58.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
==== Running Processes ======================
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Users\Diton Shkreli\Desktop\zoek.exe
C:\Windows\system32\conhost.exe
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9312D118-6419-4C6A-A709-9AA0106B6E9C} deleted successfully
HKEY_USERS\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BE02333D-A334-4968-8C75-2CCAE540D285} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Files \ Folders ======================
"C:\Windows\Launcher.exe" deleted
"C:\Windows\Syswow64\sho1805.tmp" deleted
"C:\Windows\Syswow64\sho230C.tmp" deleted
"C:\Windows\Syswow64\sho23A8.tmp" deleted
"C:\Windows\Syswow64\sho258B.tmp" deleted
"C:\Windows\Syswow64\sho3287.tmp" deleted
"C:\Windows\Syswow64\sho3BF8.tmp" deleted
"C:\Windows\Syswow64\sho3CD2.tmp" deleted
"C:\Windows\Syswow64\sho4E02.tmp" deleted
"C:\Windows\Syswow64\sho533E.tmp" deleted
"C:\Windows\Syswow64\sho63B2.tmp" deleted
"C:\Windows\Syswow64\sho6400.tmp" deleted
"C:\Windows\Syswow64\sho6CF5.tmp" deleted
"C:\Windows\Syswow64\sho6E6C.tmp" deleted
"C:\Windows\Syswow64\sho6E8E.tmp" deleted
"C:\Windows\Syswow64\sho7762.tmp" deleted
"C:\Windows\Syswow64\sho87C6.tmp" deleted
"C:\Windows\Syswow64\sho895B.tmp" deleted
"C:\Windows\Syswow64\sho8D15.tmp" deleted
"C:\Windows\Syswow64\sho90E9.tmp" deleted
"C:\Windows\Syswow64\sho9658.tmp" deleted
"C:\Windows\Syswow64\sho9C9F.tmp" deleted
"C:\Windows\Syswow64\sho9D0D.tmp" deleted
"C:\Windows\Syswow64\sho9D96.tmp" deleted
"C:\Windows\Syswow64\shoA333.tmp" deleted
"C:\Windows\Syswow64\shoA86F.tmp" deleted
"C:\Windows\Syswow64\shoAE8D.tmp" deleted
"C:\Windows\Syswow64\shoBBA2.tmp" deleted
"C:\Windows\Syswow64\shoBE03.tmp" deleted
"C:\Windows\Syswow64\shoC758.tmp" deleted
"C:\Windows\Syswow64\shoD4C1.tmp" deleted
"C:\Windows\Syswow64\shoD74D.tmp" deleted
"C:\Windows\Syswow64\shoE85C.tmp" deleted
"C:\Windows\Syswow64\shoF25B.tmp" deleted
"C:\Windows\Syswow64\shoF8DF.tmp" deleted
"C:\Users\Diton Shkreli\AppData\Roaming\Flock" deleted
"C:\Program Files (x86)\HomeTab" deleted
"C:\Program Files (x86)\Ask.com" deleted
"C:\Users\Diton Shkreli\AppData\Roaming\GoforFiles" deleted
"C:\Users\Diton Shkreli\AppData\Roaming\eDownload" deleted
"C:\Users\Diton Shkreli\AppData\Local\CRE" deleted
"C:\Users\Diton Shkreli\AppData\Local\APN" deleted
"C:\Users\Diton Shkreli\AppData\Local\DownloadGuide" deleted
"C:\Users\Diton Shkreli\AppData\LocalLow\HomeTab" deleted
"C:\Users\Diton Shkreli\AppData\LocalLow\AskToolbar" deleted
"C:\Windows\SysWow64\searchplugins" deleted
"C:\Windows\SysWow64\Extensions" deleted
"C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}" deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2013-05-13 19:39:56 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe
2013-05-13 19:39:56 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe
2013-05-13 19:39:56 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe
2013-05-13 19:39:56 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe
2013-05-13 19:39:56 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe
====== C:\Users\DITONS~1\AppData\Local\Temp ====
====== C:\Windows\SysWOW64 =====
2013-05-15 13:10:39 26F30066B9FA78C97A0E92803D496211 12324864 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2013-05-15 13:10:37 BAC6BA11D60205F91797329817168B70 2382848 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2013-05-15 13:09:43 EB776FA63947CB30EC24A71EAFC2D618 73216 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
2013-05-15 13:09:43 4B185E9743BFF0DFC905911C4FABAB05 420864 ----a-w- C:\Windows\SysWOW64\vbscript.dll
2013-05-15 13:09:42 9649C970BFFA54F66E77FC18AC9B6BF4 176640 ----a-w- C:\Windows\SysWOW64\ieui.dll
2013-05-15 13:09:42 6B07400F62998EB6970807C0A69CF152 1796096 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2013-05-15 13:09:41 DFD966309C42287C731428258BCA997F 1427968 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
2013-05-15 13:09:41 B64259DE087A5FB227D50F476B466735 1104384 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2013-05-15 13:09:41 AFAF17FF419BA7E47412AD720ABBEC23 231936 ----a-w- C:\Windows\SysWOW64\url.dll
2013-05-15 13:09:41 61AE3CFCD6EFDA9EADAB6B87CD6BC7DC 142848 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2013-05-15 13:09:40 36AD48C975F88D302C1F824987D691CA 607744 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2013-05-15 13:09:40 2C96B3921B4CDE10DBAED5AAD760DB67 1129472 ----a-w- C:\Windows\SysWOW64\wininet.dll
2013-05-15 13:09:39 9E254EC51F63C38C3FE4DF83E5CE42CE 65024 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2013-05-15 13:09:39 5123EBB7008E8BC0F016CBECAE2A52C3 1800704 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2013-05-15 13:09:39 03CB321720B8607C9BF38B8057E1EE29 717824 ----a-w- C:\Windows\SysWOW64\jscript.dll
2013-05-15 13:09:35 054211C307009F31BAF47CF046D48D42 9738752 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2013-05-15 11:42:17 E904178851A6A44BFA97E064EF779E9D 1796096 ----a-w- C:\Windows\SysWOW64\authui.dll
2013-05-15 11:42:17 565D78187494FB5F08B5A52DEB2AEA7A 12872704 ----a-w- C:\Windows\SysWOW64\shell32.dll
2013-05-15 11:42:17 1F05F5A16881CD928C82D53CEFCF4477 180224 ----a-w- C:\Windows\SysWOW64\shdocvw.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2013-05-15 13:10:37 955A6E94C2728F2A647BAB24F2A0B0D6 2382848 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2013-05-15 13:10:37 7212340908E00AD2F28E58EA04CEB852 17818624 ----a-w- C:\Windows\Sysnative\mshtml.dll
2013-05-15 13:09:43 7A2E6DFEB8F800233FED8D5484306C7D 96768 ----a-w- C:\Windows\Sysnative\mshtmled.dll
2013-05-15 13:09:42 2801567C850F1696D53C5E2CD1AE569A 2147840 ----a-w- C:\Windows\Sysnative\iertutil.dll
2013-05-15 13:09:41 F28D84112B79212FE84366A4EA517C87 2312704 ----a-w- C:\Windows\Sysnative\jscript9.dll
2013-05-15 13:09:41 8FECD64E4FA72FE8A85731CD5E840297 248320 ----a-w- C:\Windows\Sysnative\ieui.dll
2013-05-15 13:09:41 4E468ED6298FA175A3F2EA7098D91225 237056 ----a-w- C:\Windows\Sysnative\url.dll
2013-05-15 13:09:41 47BC290F4400C1741B1F26429A352C60 173056 ----a-w- C:\Windows\Sysnative\ieUnatt.exe
2013-05-15 13:09:41 429597553FE585EECB03C8485D45FE7A 1494528 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
2013-05-15 13:09:41 420C9E418CECC3B0DBF5B9BB914F8D0D 1346560 ----a-w- C:\Windows\Sysnative\urlmon.dll
2013-05-15 13:09:40 C1B443AAB0FC3C98C868B4F804DFD520 729088 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2013-05-15 13:09:40 563C71A913CAC0C3DE5FFCD36EDB43A0 1392128 ----a-w- C:\Windows\Sysnative\wininet.dll
2013-05-15 13:09:40 05A140843C0A768AFAAF443238C6340C 85504 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2013-05-15 13:09:39 51BBFA26DA948738E64B23802E325E04 816640 ----a-w- C:\Windows\Sysnative\jscript.dll
2013-05-15 13:09:39 36A7EEDB4155B1EA04A53C0FFE93C2EE 599040 ----a-w- C:\Windows\Sysnative\vbscript.dll
2013-05-15 13:09:36 F5C9C0C541AE814AED6ED959C1F26423 10926080 ----a-w- C:\Windows\Sysnative\ieframe.dll
2013-05-15 11:42:26 943F527DF79E6B400104341AA7023C75 144384 ----a-w- C:\Windows\Sysnative\cdd.dll
2013-05-15 11:42:24 FE90B750AB808FB9DD8FBB428B5FF83B 230400 ----a-w- C:\Windows\Sysnative\wwansvc.dll
2013-05-15 11:42:24 A11523523B31086DD760C0189C763359 3153920 ----a-w- C:\Windows\Sysnative\win32k.sys
2013-05-15 11:42:24 30B1489F2DCD8DC1AB6BB60CA6093615 48640 ----a-w- C:\Windows\Sysnative\wwanprotdim.dll
2013-05-15 11:42:18 3EF480BFED1B5947A32585E30A58D4ED 1930752 ----a-w- C:\Windows\Sysnative\authui.dll
2013-05-15 11:42:18 1BFC94665BCA35F9001ADC7BFB167C63 14172672 ----a-w- C:\Windows\Sysnative\shell32.dll
2013-05-15 11:42:17 E948D1D42DC68923ABD75EEB5BCCD1D3 111448 ----a-w- C:\Windows\Sysnative\consent.exe
2013-05-15 11:42:17 9D2A2369AB4B08A4905FE72DB104498F 70144 ----a-w- C:\Windows\Sysnative\appinfo.dll
2013-05-15 11:42:17 22A0AE97360C1B146FDD9AA55AC0E989 197120 ----a-w- C:\Windows\Sysnative\shdocvw.dll
====== C:\Windows\Sysnative\drivers =====
2013-05-15 18:15:49 4BDDB42CB6BF46452FA7155EA5381576 83160 ----a-w- C:\Windows\Sysnative\drivers\avnetflt.sys
2013-05-15 18:14:42 490FA25161BF3E51993EB724ECF0ACEB 28600 ----a-w- C:\Windows\Sysnative\drivers\avkmgr.sys
2013-05-15 18:14:42 488486DAD09A5B6C6DBB8B990A8B2307 130016 ----a-w- C:\Windows\Sysnative\drivers\avipbb.sys
2013-05-15 18:14:42 09E6069EF94B345061B4BD3CEBD974C8 100712 ----a-w- C:\Windows\Sysnative\drivers\avgntflt.sys
2013-05-15 11:42:26 AF2E16242AA723F68F461B6EAE2EAD3D 983400 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys
2013-05-15 11:42:26 1F04CFB79DD5FB7694468CE3FB3DCC31 265064 ----a-w- C:\Windows\Sysnative\drivers\dxgmms1.sys
2013-04-24 11:40:16 B98F8C6E31CD07B2E6F71F7F648E38C0 1656680 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys
====== C:\Windows\Tasks ======
2013-05-15 13:23:18 FA7526FE1C96B6F6D26CEFD46A2DA101 1124 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-15 13:23:16 920870103160F2880FA0500B906FE2E4 1120 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\Program Files (x86) =====
2013-05-15 18:14:41 -------- d-----w- C:\Program Files (x86)\Avira
2013-05-14 15:55:57 -------- d-----w- C:\Program Files (x86)\EA Games
2013-05-12 16:44:33 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2013-04-28 09:09:17 -------- d-----w- C:\Program Files (x86)\Common Files\soft Xpansion
2013-04-28 09:08:42 -------- d-----w- C:\Program Files (x86)\Common Files\Freemium
2013-04-27 06:00:27 -------- d-----w- C:\Program Files (x86)\Google
2013-04-20 10:03:23 -------- d-----w- C:\Program Files (x86)\SoftwareUpdater
======= C: =====
2013-05-15 11:32:35 F198354369DF18F3CEC485E97315E209 1013 ----a-w- C:\AdwCleaner[S2].txt
2013-05-15 11:32:16 5B0A6BA2B8CF8AA82B2DA6CBAEE0524A 952 ----a-w- C:\AdwCleaner[R1].txt
2013-05-13 17:55:04 EAFA01EC3EA13F3B03785C6F528021CC 34883 ----a-w- C:\AdwCleaner[S1].txt
====== C:\Users\Diton Shkreli\AppData\Roaming ======
2013-05-15 18:20:39 -------- d-----w- C:\users\Diton Shkreli\AppData\Roaming\Avira
2013-05-14 14:25:21 -------- d-----w- C:\users\Public\AppData\Local\temp
2013-05-14 14:25:21 -------- d-----w- C:\users\Default\AppData\Local\temp
2013-05-14 14:25:21 -------- d-----w- C:\users\Default User\AppData\Local\temp
2013-05-12 16:44:33 -------- d-----w- C:\users\Diton Shkreli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2013-05-09 10:09:11 -------- d-----w- C:\users\Diton Shkreli\AppData\Roaming\DriverCure
2013-05-03 17:06:38 -------- d-----w- C:\users\Diton Shkreli\AppData\Local\Microsoft Games
2013-05-01 15:54:11 -------- d-----w- C:\users\Diton Shkreli\AppData\Roaming\GoPlayer
====== C:\Users\Diton Shkreli ======
2013-05-15 18:15:02 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2013-05-15 18:14:41 -------- d-----w- C:\ProgramData\Avira
2013-05-15 13:24:55 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-05-13 19:59:03 -------- d-----w- C:\Users\Public\AppData
2013-05-13 12:51:36 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
2013-05-11 16:37:08 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tools
2013-04-28 09:08:40 -------- d-----w- C:\ProgramData\Freemium
====== C: exe-files ==
2013-05-15 18:55:46 F783EC309D42813F74319EB776153B2B 165376 ----a-w- C:\Users\Diton Shkreli\Downloads\SystemLook_x64.exe
2013-05-15 18:14:43 64140E3954710DD7CA9F097252E382CA 88288 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe
2013-05-15 18:14:42 F0096413AD44007EAF651171A625CEE9 181984 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avrestart.exe
2013-05-15 18:14:42 EDAE538F742A20D0E4DBEAD2FA6136F2 58080 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avupgsvc.exe
2013-05-15 18:14:42 D9A92E6DD41C5ADC045AE485026AA40C 86752 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
2013-05-15 18:14:42 C67EBE5C9DA7462D2FF6394979D06EA2 91872 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\setuppending.exe
2013-05-15 18:14:42 ADA0D1407E2C328FB95686E9D5AB88B5 111328 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\ccuac.exe
2013-05-15 18:14:42 AD74CCA501DA08EF395E520D9C258F81 5655248 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe
2013-05-15 18:14:42 9F5DEC0A6FB856A405567A662F9F3E0D 147512 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\guardgui.exe
2013-05-15 18:14:42 9EDAE2D1CA368E8D01BEE8BFBC9488E4 562744 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
2013-05-15 18:14:42 93A912072351DFEF975F12EFAD18BD9F 145096 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\apnstub.exe
2013-05-15 18:14:42 8C2C2E5119E844B43085CBC73106754B 597560 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe
2013-05-15 18:14:42 8431C70B4F671C3D95EDBDED05FAE755 456928 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\fact.exe
2013-05-15 18:14:42 7D9DA7DF9535859A4EFC16F69BFE4A8A 83680 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe
2013-05-15 18:14:42 79AC9425C345302914EC0DEF25C2DA94 764984 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe
2013-05-15 18:14:42 715A90A0E5FC7F59DCD4C233ED492F4A 98544 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\licmgr.exe
2013-05-15 18:14:42 6F2974248B974B6DE037A6C682B59414 248032 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
2013-05-15 18:14:42 6A510E9EC1684D05CC982636B14754CA 330976 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
2013-05-15 18:14:42 66A7A38F7C439153B758548375EB9E5E 110816 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
2013-05-15 18:14:42 63A5363103A02C654209E686EAF7F723 84704 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avadmin.exe
2013-05-15 18:14:42 5FF8FFD589DA25F43C4FE944A4B2AE0A 775224 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
2013-05-15 18:14:42 5A06D4AA070B80464A272D67FCC5D7AF 285408 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe
2013-05-15 18:14:42 51318B6FD70FEC60B3F51E6C8C6B720D 424504 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avconfig.exe
2013-05-15 18:14:42 366D042446928E2BE7F053766E631D7E 636984 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
2013-05-15 18:14:42 22DC787A09D2EC7E3F1138A26C41083C 46960 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\updrgui.exe
2013-05-15 18:14:42 14D4F782EF8E75C0785A093BE10F8FC6 232672 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebloader.exe
2013-05-15 18:14:42 14855274B4E742D704909C8F32734BA9 165512 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avwsc.exe
2013-05-15 18:14:42 12D4E394014C6A9EFB34D64AE4E64CE0 170864 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\inssda64.exe
2013-05-15 18:14:42 020D1DB5DFB5E03A35777950463383FF 345312 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
2013-05-15 18:11:38 71424EEA3BD5FE9D59A26678FBCEF601 102323272 ----a-w- C:\Users\Diton Shkreli\Downloads\avira_free3640_antivirus_de (1).exe
2013-05-15 18:08:55 94B4CCD762DD81910F3550AD57E326E5 49064248 ----a-w- C:\Users\Diton Shkreli\Downloads\avira_free3640_antivirus_de.exe
2013-05-15 17:13:55 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\Diton Shkreli\Downloads\OTL.exe
2013-05-15 14:19:05 0CB35FD6B686774EC36FD664A34DF9F7 2577776 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\pbsvc_heroes.exe
2013-05-15 14:18:50 E44DB89A8C72442BFE4A89966951B59D 880640 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\Uninstaller.exe
2013-05-15 14:18:31 09DDD983C900CF8A8F7E8FB1F7FD0FFC 17540096 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\BFHeroes.exe
2013-05-15 13:37:09 0CB35FD6B686774EC36FD664A34DF9F7 2577776 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\pb\pbsvc_heroes.exe
2013-05-15 13:33:40 9C675E39F7FD76535D8C82EBD1F465AA 1784224 ----a-w- C:\Users\Diton Shkreli\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh\5.0.203.0_0\BFHUpdater.exe
2013-05-15 13:24:40 88363B688206D0C89FB1DD926F074C42 33302880 ----a-w- C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\26.0.1410.64\26.0.1410.64_chrome_installer.exe
2013-05-15 13:23:12 8F11F0321ED84B1533FC1384AC71AC8D 59784 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleUpdateBroker.exe
2013-05-15 13:23:12 76B35CB0F3A4E69D6DFF27F542B9F856 216968 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
2013-05-15 13:23:12 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
2013-05-15 13:23:12 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleUpdate.exe
2013-05-15 13:23:12 4E252E85E5DC31BD645E809222AFAF27 287624 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
2013-05-15 13:23:12 322803CD2E33DEA06E1983C36B8E8D3F 781816 ----a-w- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleUpdateSetup.exe
2013-05-15 13:23:12 00F714CA28A01FACB709486D6DA306A8 59784 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleUpdateOnDemand.exe
2013-05-15 13:09:41 A1B0DEC3BB845C6369F97BC1A3542A07 763504 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2013-05-15 13:09:41 61AE3CFCD6EFDA9EADAB6B87CD6BC7DC 142848 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2013-05-15 13:09:41 47BC290F4400C1741B1F26429A352C60 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-05-15 13:09:41 3F00BE80B9CEA20B7FE7363D15EDDB94 757360 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2013-05-15 11:42:17 E948D1D42DC68923ABD75EEB5BCCD1D3 111448 ----a-w- C:\Windows\System32\consent.exe
2013-05-13 19:39:56 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe
2013-05-13 19:39:56 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe
2013-05-13 19:39:56 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe
2013-05-13 19:39:56 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe
2013-05-13 19:39:56 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe
2013-05-13 18:08:09 943236987A9346B8B9A5B649CD9059F2 700783 ----a-r- C:\Users\Diton Shkreli\Desktop\Cleans\dds+.exe
2013-05-13 17:54:38 A95866BA166A09E360BB88DA72D4531D 628743 ----a-w- C:\Users\Diton Shkreli\Desktop\Cleans\adwcleaner.exe
=== C: other files ==
2013-05-15 18:15:49 4BDDB42CB6BF46452FA7155EA5381576 83160 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2013-05-15 18:14:51 CE9E7F1EA07DCE9DF0BFE4A8B1B2EF78 196012 ----a-w- C:\Users\Diton Shkreli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MJGB3JJT\aaaaabfjnbeinlpljodiajipidiompfl_7.15.24.0[1].crx
2013-05-15 18:14:42 E310FCBA8884EEBD9017C3D01B6D0BCF 100680 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\sweb.zip
2013-05-15 18:14:42 4BDDB42CB6BF46452FA7155EA5381576 83160 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avnetflt.sys
2013-05-15 18:14:42 490FA25161BF3E51993EB724ECF0ACEB 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2013-05-15 18:14:42 490FA25161BF3E51993EB724ECF0ACEB 28600 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avkmgr.sys
2013-05-15 18:14:42 488486DAD09A5B6C6DBB8B990A8B2307 130016 ----a-w- C:\Windows\System32\drivers\avipbb.sys
2013-05-15 18:14:42 488486DAD09A5B6C6DBB8B990A8B2307 130016 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avipbb.sys
2013-05-15 18:14:42 09E6069EF94B345061B4BD3CEBD974C8 100712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2013-05-15 18:14:42 09E6069EF94B345061B4BD3CEBD974C8 100712 ----a-w- C:\Program Files (x86)\Avira\AntiVir Desktop\avgntflt.sys
2013-05-15 14:18:50 F423BE66828D391FC9BA81D7FB6C9B89 2872597 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\pylib-2.3.4.zip
2013-05-15 14:17:58 747EB481FF379E3F3853139E45E92A4B 52795611 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Menu_client.zip
2013-05-15 14:16:09 DB2AB98A87255F4C8E519157FDA67363 8693477 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Common_client.zip
2013-05-15 14:16:09 C7FEF9DBBBF60D900D776AB471F0AFE3 718895 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Shaders_client.zip
2013-05-15 14:16:09 508799FF4F331AFA629626C1EED86CDD 1414462 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Menu_server.zip
2013-05-15 14:16:09 29A750F3FFDBDDA0D41335357BF6F832 24604 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Sound_server.zip
2013-05-15 14:16:09 2499DB0C12D4A083D3369BA045542EB0 31312 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Fonts_server.zip
2013-05-15 14:15:43 CC89140390B618FF14835EC51DFD43BE 54452 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Common_server.zip
2013-05-15 14:15:43 C12C8E01852566476FE24AF32CE5E5C1 16419115 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Fonts_client.zip
2013-05-15 14:15:14 10229E04920D32E099FF544968B9FE2F 212131543 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Sound_client.zip
2013-05-15 14:09:52 3AD955980DEE15BD8448558A4A82FB49 126518058 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\StaticObjects_client.zip
2013-05-15 14:09:52 08A5E89FBF7E84C01AFCD13864CF01A8 5542600 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Vegitation_client.zip
2013-05-15 14:09:51 ED3CFC7B1A25F25717E4A8EB5D2C4FE7 468075 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Common_client.zip
2013-05-15 14:09:51 E8A054B7C39FED9190324F1E6FB11E53 19001 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Kits_server.zip
2013-05-15 14:09:51 E7F565E509CE1288466DB8019DAB4883 973 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Water_server.zip
2013-05-15 14:09:51 DF5B5B7A3FB9E1B27D0375CC35F42667 1049209 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Vehicles_server.zip
2013-05-15 14:09:51 25D9F4BEB5A89EDFC8C1C90AE6E012F8 2798899 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Items_server.zip
2013-05-15 14:04:59 F1D2B4686E6DC8FB2D061326E55B91AE 659 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Water_client.zip
2013-05-15 14:04:59 D3A2393AF7D087B5AB53B9F9EF4C2B72 5331 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Roads_server.zip
2013-05-15 14:04:59 B837591F063106DDA1D6B73BF002A279 377947008 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Items_client.zip
2013-05-15 14:04:59 03D5C7589453FA0D8B4F63892C7728DD 6726762 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\StaticObjects_server.zip
2013-05-15 13:55:07 F2CFB8248579CB9A8E21D5AF6815157B 7988467 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Vehicles_client.zip
2013-05-15 13:55:07 27E33DC6E79076B19A874EAF1B709BBD 1753649 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Weapons_server.zip
2013-05-15 13:55:06 4B6159DDFDF5764C25A4202D6D383030 3916876 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Effects_client.zip
2013-05-15 13:54:48 56D1BD9D0350C74A8CBB5C6F86B27290 16514084 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Weapons_client.zip
2013-05-15 13:54:48 4B53098321A42A5BF6A72D114F0353E2 117802 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Common_server.zip
2013-05-15 13:54:48 37754C87A5848000AD8C1C2C108FEB31 766992 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Soldiers_client.zip
2013-05-15 13:54:47 545D91DC3756B655ECB1C1314E3BD15B 1332614 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Roads_client.zip
2013-05-15 13:54:22 D2CF7CA03A7E7C785CD022769F34F687 827770 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Kits_client.zip
2013-05-15 13:54:22 A811D0AD0EE3AA312A5BEC71E7AB3B19 209001 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Vegitation_server.zip
2013-05-15 13:54:22 8FBF73270A4FE91D4E044EE99F3ED1E2 19354536 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Soldiers_server.zip
2013-05-15 13:54:22 55065A50A9CF4D74EAA22B6122999409 1276302 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Objects\Effects_server.zip
2013-05-15 13:54:22 4C4F8C0959EC4CAE52848422B5F6D64F 820256 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\Lunar\server.zip
2013-05-15 13:53:48 CC14CFC0E4F2084340AE4AB08972C8C1 42494427 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\Lunar\client.zip
2013-05-15 13:53:48 3592B1A5DEF92AA2E3363106525D94DA 190247 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\Mayhem\server.zip
2013-05-15 13:52:19 6AB09B4B836393AD6A640E78F97F89BD 415490 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\Dependant_Day_Night\server.zip
2013-05-15 13:52:19 33B0903D1D3A3306C7F63341410DCF35 16262628 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\Mayhem\client.zip
2013-05-15 13:51:37 A8F90D5090CFBEB4A1925532EEDC9CD6 19851560 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\Dependant_Day_Night\client.zip
2013-05-15 13:51:37 A3129E5F2F809CC9659C0F1FDEF961C9 93781 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\village\server.zip
2013-05-15 13:50:51 D7052DB31CC95404B0CCE1822C9D4D6C 204647 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\ruin_day\server.zip
2013-05-15 13:50:51 54CB3F751596133492E7E8556DFB3820 18060493 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\village\client.zip
2013-05-15 13:50:08 B108456F77628B401B82079D0F6944BE 26820 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\smack2_snow\server.zip
2013-05-15 13:50:08 AB3B4343E497D02ED71C31BF7F7A5FC6 16420263 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\ruin_day\client.zip
2013-05-15 13:49:24 F5E9F5FEC73CC2AB8C680046AAA64541 28346 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\heat_snow\server.zip
2013-05-15 13:49:24 0F1463C60B60A3862AB5DE36D2860BF2 14968474 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\smack2_snow\client.zip
2013-05-15 13:48:43 99EE41C55DB6CE88C76EA72AF52001E5 41525 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\seaside_skirmish_night\server.zip
2013-05-15 13:48:43 1C71C52B1A7C2918265B4955170EB022 5263375 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\heat_snow\client.zip
2013-05-15 13:48:42 5138DE2F6FDF6298C3031C0304308C87 7054117 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\seaside_skirmish_night\client.zip
2013-05-15 13:48:42 1B0E3E64A2060970FAA3092EA0289B7D 434161 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\seaside_skirmish\server.zip
2013-05-15 13:48:13 F819C2112C2EEAC0A04118A33700CCE0 24567164 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\seaside_skirmish\client.zip
2013-05-15 13:48:13 A25AF7133CE9730335F81EC889410AD2 34618 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\village_snow\server.zip
2013-05-15 13:47:26 FE4DBA50287042EA06845C7821548D92 16494889 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\village_snow\client.zip
2013-05-15 13:47:26 2A239362302D4FE4B8D78D1A527820B0 416774 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\Dependant_Day\server.zip
2013-05-15 13:46:53 FC245FBB7865AB8A826D23D860FA18E4 29843566 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\Dependant_Day\client.zip
2013-05-15 13:46:53 E2A8ED972ED29572F2FFA65CA4F0A430 320900 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\lake\server.zip
2013-05-15 13:45:45 60BA9D5110CDF3EBF5D9D9219B230A80 22481239 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\lake\client.zip
2013-05-15 13:45:45 0AD9EA12D64DF9B79AF5B5092108427D 111119 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\Smack2\server.zip
2013-05-15 13:44:52 A657F2DF17F0D16E391267EB53CAEA3A 15743250 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\Smack2\client.zip
2013-05-15 13:44:52 1379C638556D5B34913C4BEFD7582F89 35538 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\smack2_night\server.zip
2013-05-15 13:44:51 B18EC13DC42FAA9ED02D3FC1177EC412 2601451 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\smack2_night\client.zip
2013-05-15 13:44:51 65007DFB14A53CDE079289116FD21B8E 392002 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\woodlands\server.zip
2013-05-15 13:44:02 A196CDEAE45A1B61163AF312BF7681AC 26261332 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\woodlands\client.zip
2013-05-15 13:44:02 868719D979EF246E35948153D6B08924 207086 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\ruin\server.zip
2013-05-15 13:42:52 875798E12D638352334C2EAA448F4967 15256257 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\ruin\client.zip
2013-05-15 13:42:52 50E6DD519669A679936F77D05D51FCE7 114549 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\royal_rumble\server.zip
2013-05-15 13:42:22 84D57914A68F047785A4D4820B180AF2 24768888 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\royal_rumble\client.zip
2013-05-15 13:42:22 6B1DAD970C6AA29D2DB3C16DBE10A927 21708 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\royal_rumble_snow\server.zip
2013-05-15 13:41:34 E74CAB546A73815C61581DC789A194FE 22558659 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\royal_rumble_snow\client.zip
2013-05-15 13:41:34 3D9049B049F042A4B2D1631FD2929C28 259705 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\heat\server.zip
2013-05-15 13:40:52 ABE4EBD3969CEEBD10B335F5377EADB4 51272 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\woodlands_snow\server.zip
2013-05-15 13:40:52 942612301C7D96E7EFA982D2C0F53DD8 17830826 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\heat\client.zip
2013-05-15 13:40:20 C6AA1B75F4FE37FDC9D823005E174596 107377 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\royal_rumble_day\server.zip
2013-05-15 13:40:20 B2C1B454EF969A3A49A4C4A239B6739E 11155609 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\woodlands_snow\client.zip
2013-05-15 13:40:20 836428EB445E7EE960A3468D78C1DF28 37361 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\lake_snow\server.zip
2013-05-15 13:40:20 1F2A8E7E3CE6FC3A3F76D6F4C9570269 6588412 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\lake_snow\client.zip
2013-05-15 13:39:49 F1F7ECE183F00EF3B57805F58115DDED 24290 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\ruin_snow\server.zip
2013-05-15 13:39:49 EBCA16214BA105C714D6EE5C7D520289 25049823 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\royal_rumble_day\client.zip
2013-05-15 13:38:54 AC762412FC8AD686B620BE3C7850251F 11833650 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\ruin_snow\client.zip
2013-05-15 13:38:53 CCD2294B54ED42D52B69948FA6CE3DBF 33998 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\lake_night\server.zip
2013-05-15 13:38:53 C12D94B072E2C4651BA07D6FEE8CF553 5671153 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\lake_night\client.zip
2013-05-15 13:38:53 1E99B10E29D803A534554718ADF34172 251916 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\wicked_wake\server.zip
2013-05-15 13:38:16 DD74460E70D4C949976DF3CD0D76B70E 14875285 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\wicked_wake\client.zip
2013-05-15 13:38:16 CDF39A5C90F180F757C4B2E10CD59C66 242798 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\river\server.zip
2013-05-15 13:37:11 ED6DEBF9DE01E89634AA41A77307418A 22507213 ----a-w- C:\Program Files (x86)\EA Games\Battlefield Heroes\mods\bfheroes\Levels\river\client.zip
2013-05-15 11:42:26 AF2E16242AA723F68F461B6EAE2EAD3D 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-15 11:42:26 1F04CFB79DD5FB7694468CE3FB3DCC31 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-05-15 11:42:24 A11523523B31086DD760C0189C763359 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-05-12 16:56:00 9D9B0A6E6ADBDBF10822BE4E08FCD26B 886409 ----a-w- C:\Users\Diton Shkreli\Desktop\Sachen\Sachen\pbsetup.zip
==== Startup Registry Enabled ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min"
"ApnUpdater"="C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
==== Startup Registry Disabled ======================
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]
"Google Update"="\"C:\\Users\\Diton Shkreli\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ETDCtrl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ETDCtrl"
"hkey"="HKLM"
"command"="%ProgramFiles%\\Elantech\\ETDCtrl.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IntelliPoint]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IntelliPoint"
"hkey"="HKLM"
"command"="\"c:\\Program Files\\Microsoft Device Center\\ipoint.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IntelliType Pro]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IntelliType Pro"
"hkey"="HKLM"
"command"="\"c:\\Program Files\\Microsoft Device Center\\itype.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LManager]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LManager"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Launch Manager\\LManager.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StartCCC"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun"
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [15.05.2013 13:44]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [15.05.2013 15:23]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [15.05.2013 15:23]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Diton Shkreli\AppData\Roaming\Mozilla\Firefox\Profiles\0
- HomeTab - %ProfilePath%\extensions\{aa9cc3fa-a5e4-449b-aab5-1ebdbc7314ee}
- Online HD TV - %ProfilePath%\extensions\onlinehdtv@onlinehd.tv.xpi
ProfilePath: C:\Users\Diton Shkreli\AppData\Roaming\Mozilla\Firefox\Profiles\4tept9sc.default
- Battlefield Heroes Updater - %ProfilePath%\extensions\battlefieldheroespatcher@ea.com
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Diton Shkreli\AppData\Roaming\Mozilla\Firefox\Profiles\4tept9sc.default
D4BD9F86123C87ECA570418B69326F99 - C:\Windows\SysWOW64\npdeployJava1.dll - Java Deployment Toolkit 7.0.170.2
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System
==== Deleting Files \ Folders ======================
"C:\Users\Diton Shkreli\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\onlinehdtv@onlinehd.tv.xpi" deleted
"C:\Users\Diton Shkreli\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\{aa9cc3fa-a5e4-449b-aab5-1ebdbc7314ee}" deleted
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aaaaabfjnbeinlpljodiajipidiompfl - C:\Users\Diton Shkreli\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.24.0.crx[]
cgiaikfpllchefojlnehlmpekeogihnm - C:\Users\Diton Shkreli\AppData\Local\CRE\cgiaikfpllchefojlnehlmpekeogihnm.crx[]
djbdlklldbflagkkpaljamjfbpefcbpf - C:\Program Files (x86)\HomeTab\chrome\HomeTab.crx[]
dkinklhnkmkhkhofcnapakaoehijaoih - C:\Program Files (x86)\OnlineHD.TV\onhd11.crx[]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
cgiaikfpllchefojlnehlmpekeogihnm - C:\Users\Diton Shkreli\AppData\Local\CRE\cgiaikfpllchefojlnehlmpekeogihnm.crx[]
Battlefield Heroes - Diton Shkreli - Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh
WiseConvert - Diton Shkreli - Default\Extensions\cgiaikfpllchefojlnehlmpekeogihnm
==== Chrome Fix ======================
C:\Users\Diton Shkreli\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgiaikfpllchefojlnehlmpekeogihnm deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
"Default_Search_URL"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
"Search Bar"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
"Search Bar"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&st=chrome&q="
"Search Bar"="hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&st=chrome&q="
"Search Page"="hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&st=chrome&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&st=chrome&q="
"Search Bar"="hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&st=chrome&q="
"Search Page"="hxxp://search.certified-toolbar.com?si=43169&tid=3580&ts=1366452227540&tguid=43169-3580-1366452220498-653202&st=chrome&q="
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://www.google.com"
"Search Bar"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
"CustomizeSearch"="hxxp://www.google.com"
"SearchAssistant"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://www.google.com"
"Search Bar"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
"CustomizeSearch"="hxxp://www.google.com"
"SearchAssistant"="hxxp://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://www.google.com"
"Search Bar"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
"CustomizeSearch"="hxxp://www.google.com"
"SearchAssistant"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{BE02333D-A334-4968-8C75-2CCAE540D285}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BE02333D-A334-4968-8C75-2CCAE540D285}] not found
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"CustomizeSearch"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"CustomizeSearch"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"CustomizeSearch"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{96edaac7-6183-4cb5-8823-b8b12d94f967} deleted successfully
HKEY_USERS\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{96edaac7-6183-4cb5-8823-b8b12d94f967} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{96edaac7-6183-4cb5-8823-b8b12d94f967} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96edaac7-6183-4cb5-8823-b8b12d94f967} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{96edaac7-6183-4cb5-8823-b8b12d94f967} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\aaaaabfjnbeinlpljodiajipidiompfl deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cgiaikfpllchefojlnehlmpekeogihnm deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\djbdlklldbflagkkpaljamjfbpefcbpf deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dkinklhnkmkhkhofcnapakaoehijaoih deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cgiaikfpllchefojlnehlmpekeogihnm deleted successfully
==== Silent Runners ======================
"Silent Runners.vbs", revision 69.2, hxxp://www.silentrunners.org/
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
RtHDVCpl = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [Realtek Semiconductor]
IgfxTray = C:\Windows\system32\igfxtray.exe [Intel Corporation]
HotKeysCmds = C:\Windows\system32\hkcmd.exe [Intel Corporation]
Persistence = C:\Windows\system32\igfxpers.exe [Intel Corporation]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
(Default) = (empty string) [file not found]
avgnt = "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [Avira Operations GmbH & Co. KG]
ApnUpdater = "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [file not found]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO
-> {HKLM...CLSID} = Office Document Cache Handler
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [MS]
-> {HKLM...Wow...CLSID} = Office Document Cache Handler
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL [MS]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub
-> {HKLM...Wow...CLSID} = Adobe PDF Link Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...Wow...CLSID} = Java(tm) Plug-In SSV Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\ssv.dll [Oracle Corporation]
{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO
-> {HKLM...CLSID} = Office Document Cache Handler
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [MS]
-> {HKLM...Wow...CLSID} = Office Document Cache Handler
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL [MS]
{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...Wow...CLSID} = Java(tm) Plug-In 2 SSV Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [Oracle Corporation]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} = Display CPL Extension
-> {HKLM...CLSID} = DisplayCplExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiama64.dll [Advanced Micro Devices, Inc.]
{5E2121EE-0300-11D4-8D3B-444553540000} = Catalyst Context Menu extension
-> {HKLM...CLSID} = SimpleShlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.]
{0066D4B3-8DE0-4D08-AA83-EDD50E2431F0} = ELAN Control Panel
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\Elantech\ETDMcpl.dll [ELAN Microelectronics Corp.]
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = Shell Extension for Malware scanning
-> {HKLM...CLSID} = Shell Extension for Malware scanning
\InProcServer32\(Default) = C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [Avira Operations GmbH & Co. KG]
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
-> {HKLM...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL [MS]
{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL [MS]
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
-> {HKLM...CLSID} = Microsoft Office Metadata Handler
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
-> {HKLM...CLSID} = Microsoft Office Thumbnail Handler
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
-> {HKLM...CLSID} = ImageExtractorShellExt Class
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS]
{D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}
-> {HKLM...CLSID} = CInfoTipShellExt Class
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS]
{7CCA70DB-DE7A-4FB7-9B2B-52E2335A3B5A} = Nameext
-> {HKLM...CLSID} = Enterprise-Projekte
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL [MS]
{0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL [MS]
{ACEF9F57-4DEF-4CC9-A2C0-7A158D967E63} = Device Center Control Panel Property Page
-> {HKLM...CLSID} = Device Center Property Page
\InProcServer32\(Default) = c:\Program Files\Microsoft Device Center\cplredirector.dll [MS]
{653DCCC2-13DB-45B2-A389-427885776CFE} = Activities Control Panel Property Page
-> {HKLM...CLSID} = Activities Property Page
\InProcServer32\(Default) = c:\Program Files\Microsoft Device Center\ipcplact.dll [MS]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{F764812A-132C-4013-9960-5CBBEB408A0E} = Nero Shell Extension
-> {HKLM...Wow...CLSID} = NeroShellExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Nero\NeroShellExt\\NeroShellExt.dll [Nero AG]
{23170F69-40C1-278A-1000-000100020000} = 7-Zip Shell Extension
-> {HKLM...Wow...CLSID} = 7-Zip Shell Extension
\InProcServer32\(Default) = C:\Program Files (x86)\7-Zip\7-zip.dll [Igor Pavlov]
{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
-> {HKLM...Wow...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll [MS]
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0}
-> {HKLM...Wow...CLSID} = ImageExtractorShellExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL [MS]
{D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF}
-> {HKLM...Wow...CLSID} = CInfoTipShellExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL [MS]
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search
-> {HKLM...Wow...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL [MS]
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
-> {HKLM...Wow...CLSID} = Microsoft Office Metadata Handler
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
-> {HKLM...Wow...CLSID} = Microsoft Office Thumbnail Handler
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = {807573E5-5146-11D5-A672-00B0D022E945}
-> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL [MS]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
-> {HKLM...Wow...CLSID} = 7-Zip Shell Extension
\InProcServer32\(Default) = C:\Program Files (x86)\7-Zip\7-zip.dll [Igor Pavlov]
Shell Extension for Malware scanning\(Default) = {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
-> {HKLM...CLSID} = Shell Extension for Malware scanning
\InProcServer32\(Default) = C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [Avira Operations GmbH & Co. KG]
{A4FD8DDB-5800-4414-97F9-7457AC8EE4F0}\(Default) = (no title provided)
-> {HKLM...Wow...CLSID} = NBShellHook Class
\InProcServer32\(Default) = C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBShell.dll [Nero AG]
{F764812A-132C-4013-9960-5CBBEB408A0E}\(Default) = (no title provided)
-> {HKLM...Wow...CLSID} = NeroShellExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Nero\NeroShellExt\\NeroShellExt.dll [Nero AG]
HKLM\SOFTWARE\Classes\*\shellex\DragDropHandlers\
NBShellHook\(Default) = {A4FD8DDB-5800-4414-97F9-7457AC8EE4F0}
-> {HKLM...Wow...CLSID} = NBShellHook Class
\InProcServer32\(Default) = C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBShell.dll [Nero AG]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
-> {HKLM...Wow...CLSID} = 7-Zip Shell Extension
\InProcServer32\(Default) = C:\Program Files (x86)\7-Zip\7-zip.dll [Igor Pavlov]
{F764812A-132C-4013-9960-5CBBEB408A0E}\(Default) = (no title provided)
-> {HKLM...Wow...CLSID} = NeroShellExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Nero\NeroShellExt\\NeroShellExt.dll [Nero AG]
HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\
7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
-> {HKLM...Wow...CLSID} = 7-Zip Shell Extension
\InProcServer32\(Default) = C:\Program Files (x86)\7-Zip\7-zip.dll [Igor Pavlov]
HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\
ACE\(Default) = {5E2121EE-0300-11D4-8D3B-444553540000}
-> {HKLM...CLSID} = SimpleShlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [Advanced Micro Devices, Inc.]
igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
-> {HKLM...CLSID} = GraphicsShellExt Class
\InProcServer32\(Default) = C:\Windows\system32\igfxpph.dll [Intel Corporation]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
-> {HKLM...Wow...CLSID} = PDF Shell Extension
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Shell Extension for Malware scanning\(Default) = {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
-> {HKLM...CLSID} = Shell Extension for Malware scanning
\InProcServer32\(Default) = C:\Program Files (x86)\Avira\AntiVir Desktop\shlext64.dll [Avira Operations GmbH & Co. KG]
{A4FD8DDB-5800-4414-97F9-7457AC8EE4F0}\(Default) = (no title provided)
-> {HKLM...Wow...CLSID} = NBShellHook Class
\InProcServer32\(Default) = C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBShell.dll [Nero AG]
HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\
NBShellHook\(Default) = {A4FD8DDB-5800-4414-97F9-7457AC8EE4F0}
-> {HKLM...Wow...CLSID} = NBShellHook Class
\InProcServer32\(Default) = C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBShell.dll [Nero AG]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoDrives = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
EnableLinkedConnections = (REG_DWORD) dword:0x00000001
{unrecognized setting}
DisableRegistryTools = (REG_DWORD) dword:0x00000000
{unrecognized setting}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Users\Diton Shkreli\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
MSPlayCDAudioOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.AudioCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]
MSPlayDVDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]
MSPlaySuperVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]
MSPlayVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]
MSWMPBurnCDOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnCD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]
NeroExpress10CopyCD\
Provider = Nero Express 10
InvokeProgID = Nero.Express.10.AutoPlay
InvokeVerb = CopyCD
HKLM\SOFTWARE\Classes\Nero.Express.10.AutoPlay\shell\CopyCD\command\(Default) = C:\Program Files (x86)\Nero\Nero 10\Nero Express\NeroExpress.exe -w /Dialog:DiscCopy [Nero AG]
NeroExpress10LaunchNE\
Provider = Nero Express 10
InvokeProgID = Nero.Express.10.AutoPlay
InvokeVerb = LanchNE
HKLM\SOFTWARE\Classes\Nero.Express.10.AutoPlay\shell\LanchNE\command\(Default) = C:\Program Files (x86)\Nero\Nero 10\Nero Express\NeroExpress.exe /Media:AUTO /Drive:%L [Nero AG]
WIA_{D31F5BA7-4DD3-4484-9EB5-CC2491EC9D79}\
Provider = WinZip
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine = /WiaCmd;C:\Program Files (x86)\WinZip\WINZIP32.EXE /wia;
-> {HKLM...CLSID} = WPDShextAutoplay
\LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]
Non-disabled Scheduled Tasks: {++}
-----------------------------
C:\Windows\System32\Tasks
Adobe ARM -> launches: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]
Adobe Flash Player Updater -> launches: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]
Adobe Reader Speed Launcher -> launches: "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [Adobe Systems Incorporated]
Adobe-Online-Aktualisierungsprogramm -> launches: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [Adobe Systems Incorporated]
Desk 365 RunAsStdUser -> launches: C:\Program Files (x86)\Desk 365\desk365.exe /autorun [file not found]
DeviceDetector -> (HIDDEN!) launches: C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [CyberLink]
Go for FilesUpdate -> launches: C:\Program Files (x86)\GoforFiles\GFFUpdater.exe [file not found]
Google Updater and Installer -> launches: C:\Users\Diton Shkreli\AppData\Local\Google\Update\GoogleUpdate.exe /c [file not found]
GoogleUpdateTaskMachineCore -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskMachineUA -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
Java Update Scheduler -> launches: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [Sun Microsystems, Inc.]
Microsoft_Hardware_Launch_devicecenter_exe -> (HIDDEN!) launches: c:\Program Files\Microsoft Device Center\devicecenter.exe [null data]
Microsoft_Hardware_Launch_ipoint_exe -> (HIDDEN!) launches: c:\Program Files\Microsoft Device Center\ipoint.exe [MS]
Microsoft_Hardware_Launch_itype_exe -> (HIDDEN!) launches: c:\Program Files\Microsoft Device Center\itype.exe [MS]
NBAgent -> launches: C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe /WinStart [Nero AG]
Scheduled Update for Ask Toolbar -> launches: C:\Program Files (x86)\Ask.com\UpdateTask.exe [file not found]
Software Updater -> launches: C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [null data]
Software Updater Ui -> launches: C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Ui.exe [null data]
{44C18F0B-4A96-4F98-9CEC-25E8E21C77DE} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Users\Diton Shkreli\Downloads\Age-of-Empires.exe" -d "C:\Users\Diton Shkreli\Downloads" [MS]
{8760E898-A2E3-47DF-93BD-0458BBCAC0F8} -> launches: C:\Windows\system32\pcalua.exe -a "C:\Users\Diton Shkreli\Desktop\Age of Empire\age\setup.exe" -d "C:\Users\Diton Shkreli\Desktop\Age of Empire\age" [MS]
C:\Windows\System32\Tasks\Browser Updater
Browser Updater -> launches: "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\Browser Updater\TBUpdater.dll",TBCheckForUpdate [MS]
C:\Windows\System32\Tasks\Games
UpdateCheck_S-1-5-21-3844378849-2479913660-30988051-1000 -> (HIDDEN!) launches: {CA22F5B1-E06F-4A2B-94FC-21E87FE53781}
-> {HKLM...CLSID} = GameUpdateTask Class
\InProcServer32\(Default) = C:\Windows\System32\gameux.dll [MS]
-> {HKLM...Wow...CLSID} = GameUpdateTask Class
\InProcServer32\(Default) = C:\Windows\SysWOW64\gameux.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}
-> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
\InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
-> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
\InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
AitAgent -> launches: aitagent [MS]
ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
-> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
-> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS]
KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}
-> {HKLM...CLSID} = KernelCeipCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS]
UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}
-> {HKLM...CLSID} = UsbCeip
\InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
-> {HKLM...Wow...CLSID} = UsbCeip
\InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}
-> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Location
Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D}
-> {HKLM...CLSID} = WinSAT Task Manger Task
\InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]
-> {HKLM...Wow...CLSID} = WinSAT Task Manger Task
\InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS]
ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS]
DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS]
ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS]
InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS]
mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS]
MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS]
ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS]
OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS]
OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS]
PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS]
PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS]
PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS]
PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS]
PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS]
RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS]
ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS]
SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS]
StartRecording -> launches: %SystemRoot%\ehome\ehrec /StartRecording [MS]
UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
-> {HKLM...CLSID} = MemoryDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]
DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
-> {HKLM...CLSID} = MemoryDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
-> {HKLM...CLSID} = HotStart User Agent
\InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MUI
LPRemove -> launches: %windir%\system32\lpremove.exe [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
-> {HKLM...CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
-> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data]
C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\RAC
RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}
-> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler
\InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]
-> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler
\InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Ras
MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}
-> {HKLM...CLSID} = RasMobilityManager
\InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Registry
RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}
-> {HKLM...CLSID} = RegistryIdleBackupHandler
\InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}
-> {HKLM...CLSID} = GadgetsManager Class
\InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}
-> {HKLM...CLSID} = RunTask
\InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
-> {HKLM...Wow...CLSID} = RunTask
\InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]
IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
-> {HKLM...CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
-> {HKLM...Wow...CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\WDI
ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
-> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
-> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
ConfigNotification -> launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS]
C:\Windows\System32\Tasks\ProtectedSearch
Protected Search -> launches: "C:\Program Files (x86)\Protected Search\ProtectedSearch.exe" [file not found]
C:\Windows\System32\Tasks\WPD
SqmUpload_S-1-5-21-3844378849-2479913660-30988051-1000 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll [Avira Operations GmbH & Co. KG], 01 - 08, 19
%SystemRoot%\system32\mswsock.dll [MS], 09 - 18
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll [Avira Operations GmbH & Co. KG], 01 - 08, 19
%SystemRoot%\system32\mswsock.dll [MS], 09 - 18
Toolbars, Explorer Bars, Extensions:
------------------------------------
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = An OneNote senden
MenuText = An OneNote s&enden
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
-> {HKLM...CLSID} = Send to OneNote from Internet Explorer button
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll [MS]
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\
ButtonText = Verknpfte &OneNote-Notizen
MenuText = Verknpfte &OneNote-Notizen
CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}
-> {HKLM...CLSID} = Linked Notes button
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = An OneNote senden
MenuText = An OneNote s&enden
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
-> {HKLM...Wow...CLSID} = Send to OneNote from Internet Explorer button
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll [MS]
{6E80943C-847C-4447-B830-F94E7DCBBD4E}\
BandCLSID = {96edaac7-6183-4cb5-8823-b8b12d94f967}
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\
ButtonText = Verknpfte &OneNote-Notizen
MenuText = Verknpfte &OneNote-Notizen
CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52}
-> {HKLM...Wow...CLSID} = Linked Notes button
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated]
AMD External Events Utility, AMD External Events Utility, C:\Windows\system32\atiesrxx.exe [AMD]
Application Virtualization Client, sftlist, "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe" [MS]
Application Virtualization Service Agent, sftvsa, "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe" [MS]
Avira Browser-Schutz, AntiVirWebService, "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [Avira Operations GmbH & Co. KG]
Avira Echtzeit-Scanner, AntiVirService, "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [Avira Operations GmbH & Co. KG]
Avira Planer, AntiVirSchedulerService, "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [Avira Operations GmbH & Co. KG]
Client Virtualization Handler, cvhsvc, "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE" [MS]
Dritek WMI Service, DsiWMIService, C:\Program Files (x86)\Launch Manager\dsiwmis.exe [Dritek System Inc.]
Intel(R) Management and Security Application Local Management Service, LMS, C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [Intel Corporation]
Intel(R) Management and Security Application User Notification Service, UNS, "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [Intel Corporation]
Intel(R) Rapid Storage Technology, IAStorDataMgrSvc, "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe" [null data]
Microsoft .NET Framework NGEN v4.0.30319_X64, clr_optimization_v4.0.30319_64, C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [MS]
Nero Update, NAUpdate, "C:\Program Files (x86)\Nero\Update\NASvc.exe" [Nero AG]
PnkBstrA, PnkBstrA, C:\Windows\system32\PnkBstrA.exe [file not found]
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Diton Shkreli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Diton Shkreli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\users\Diton Shkreli\AppData\Local\Mozilla\Firefox\Profiles\4tept9sc.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\users\Diton Shkreli\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
After Reboot
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\DITONS~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
|
|
15.05.2013, 21:23
| #35 |
| /// TB-Ausbilder | C:\Programme(x86)\Browser Updater\TBUpdater.dll So das müßte es sein: Combofix-Skript
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
15.05.2013, 21:43
| #36 |
| | C:\Programme(x86)\Browser Updater\TBUpdater.dllCode:
ATTFilter ComboFix 13-05-15.01 - Diton Shkreli 15.05.2013 22:35:55.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3948.2427 [GMT 2:00]
ausgeführt von:: c:\users\Diton Shkreli\Downloads\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Diton Shkreli\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Diton Shkreli\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\Diton Shkreli\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-04-15 bis 2013-05-15 ))))))))))))))))))))))))))))))
.
.
2013-05-15 20:41 . 2013-05-15 20:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-15 19:56 . 2013-05-15 20:41 -------- d-----w- c:\users\Diton Shkreli\AppData\Local\Temp
2013-05-15 19:56 . 2013-05-15 19:47 24064 ----a-w- c:\windows\zoek-delete.exe
2013-05-15 18:20 . 2013-05-15 18:20 -------- d-----w- c:\users\Diton Shkreli\AppData\Roaming\Avira
2013-05-15 18:15 . 2013-05-15 18:15 83160 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-05-15 18:14 . 2013-03-06 14:13 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-05-15 18:14 . 2013-02-26 14:56 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-05-15 18:14 . 2013-02-26 14:56 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-05-15 18:14 . 2013-05-15 18:15 -------- d-----w- c:\programdata\Avira
2013-05-15 18:14 . 2013-05-15 18:14 -------- d-----w- c:\program files (x86)\Avira
2013-05-15 14:19 . 2013-05-15 14:19 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{11ECCF02-92C3-48E6-AC7C-158E90C9E52C}\offreg.dll
2013-05-15 13:10 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll
2013-05-15 13:10 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-15 13:10 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-05-15 11:42 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{11ECCF02-92C3-48E6-AC7C-158E90C9E52C}\mpengine.dll
2013-05-14 15:55 . 2013-05-14 15:55 -------- d-----w- c:\program files (x86)\EA Games
2013-05-12 16:44 . 2013-05-12 16:44 -------- d-----w- c:\program files (x86)\VS Revo Group
2013-05-12 14:37 . 2013-05-12 14:37 -------- d-----w- c:\windows\system32\IO
2013-05-11 15:33 . 2013-05-11 15:33 -------- d-----w- c:\users\Diton Shkreli\AppData\Roaming\Malwarebytes
2013-05-11 15:33 . 2013-05-13 14:26 -------- d-----w- c:\programdata\Malwarebytes
2013-05-09 10:09 . 2013-05-09 10:09 -------- d-----w- c:\users\Diton Shkreli\AppData\Roaming\ParetoLogic
2013-05-09 10:09 . 2013-05-09 10:09 -------- d-----w- c:\users\Diton Shkreli\AppData\Roaming\DriverCure
2013-05-09 10:09 . 2013-05-09 10:11 -------- d-----w- c:\programdata\ParetoLogic
2013-05-07 17:01 . 2013-05-13 19:47 -------- d-----w- c:\users\Diton Shkreli\AppData\Local\assembly
2013-05-03 17:06 . 2013-05-13 14:40 -------- d-----w- c:\users\Diton Shkreli\AppData\Local\Microsoft Games
2013-05-01 15:54 . 2013-05-01 15:54 -------- d-----w- c:\users\Diton Shkreli\AppData\Roaming\GoPlayer
2013-04-28 09:09 . 2013-05-13 14:41 -------- d-----w- c:\program files (x86)\Common Files\soft Xpansion
2013-04-28 09:08 . 2013-05-13 14:41 -------- d-----w- c:\program files (x86)\Common Files\Freemium
2013-04-28 09:08 . 2013-05-01 10:34 -------- d-----w- c:\programdata\Freemium
2013-04-27 06:00 . 2013-05-15 13:24 -------- d-----w- c:\program files (x86)\Google
2013-04-24 11:40 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-20 10:03 . 2013-05-13 14:42 -------- d-----w- c:\program files (x86)\SoftwareUpdater
2013-04-16 08:04 . 2013-05-15 18:35 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-04-16 08:04 . 2013-05-15 18:33 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-04-16 08:04 . 2013-05-15 17:34 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 18:35 . 2012-03-25 18:40 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-05-15 13:15 . 2012-08-08 11:33 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-15 11:44 . 2012-04-13 10:19 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 11:44 . 2011-07-25 10:15 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 00:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 15:54 . 2011-06-10 23:58 420944 ----a-w- c:\windows\SysWow64\msvcp100.dll
2013-04-13 05:49 . 2013-05-15 11:42 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 11:42 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 11:42 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 11:42 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 11:42 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 11:42 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-03-26 10:30 . 2013-03-26 10:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-26 10:30 . 2012-05-12 18:19 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-03-26 10:30 . 2012-01-26 18:52 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-19 06:04 . 2013-04-10 11:54 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 11:54 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 11:54 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 11:54 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 11:54 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 11:54 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-11 12:48 . 2012-12-15 17:51 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
2013-02-15 06:08 . 2013-04-10 11:54 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-02-15 06:06 . 2013-04-10 11:54 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-02-15 06:02 . 2013-04-10 11:54 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-02-15 04:37 . 2013-04-10 11:54 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-02-15 04:34 . 2013-04-10 11:54 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-02-15 03:25 . 2013-04-10 11:54 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-04-04 345312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SystemStoreService;System Store;c:\program files (x86)\SoftwareUpdater\SystemStore.exe -displayname System Store -servicename SystemStoreService [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 SXDS10;soft Xpansion Dispatch Service;c:\program files (x86)\Common Files\soft Xpansion\sxds10.exe \Service [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-06 28600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-24 204288]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-02-25 86752]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2013-04-09 562744]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-24 52320]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-12 138024]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-04-15 12228128]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-09-27 76912]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-26 46176]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2011-03-09 1222248]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-15 13:24 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 11:44]
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-15 13:23]
.
2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-15 13:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-10 11785832]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-15 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-15 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-15 416024]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: {{6e80943c-847c-4447-b830-f94e7dcbbd4e} - {96edaac7-6183-4cb5-8823-b8b12d94f967} -
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-ApnUpdater - c:\program files (x86)\Ask.com\Updater\Updater.exe
AddRemove-{c5eac06d-16a7-4836-866d-ebf3ecfdcdaa}_is1 - c:\program files (x86)\HomeTab\unins000.exe
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files (x86)\Ask.com\Updater\Updater.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-3844378849-2479913660-30988051-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-3844378849-2479913660-30988051-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-3844378849-2479913660-30988051-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (S-1-5-21-3844378849-2479913660-30988051-1000)
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-3844378849-2479913660-30988051-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-3844378849-2479913660-30988051-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3844378849-2479913660-30988051-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (S-1-5-21-3844378849-2479913660-30988051-1000)
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-15 22:42:45
ComboFix-quarantined-files.txt 2013-05-15 20:42
ComboFix2.txt 2013-05-14 14:25
ComboFix3.txt 2013-05-13 19:58
.
Vor Suchlauf: 14 Verzeichnis(se), 419.613.872.128 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 419.321.647.104 Bytes frei
.
- - End Of File - - 04130107D8958EA3F7D6C95B6726E154
|
|
15.05.2013, 21:44
| #37 |
| /// TB-Ausbilder | C:\Programme(x86)\Browser Updater\TBUpdater.dll Yo. Von der Lösung sieht man nix .... aber tritt es noch auf?
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
15.05.2013, 21:50
| #38 |
| | C:\Programme(x86)\Browser Updater\TBUpdater.dll Ja habe den pc grad neugestartet... Was kannste mir noch raten? |
|
16.05.2013, 17:14
| #39 |
| /// TB-Ausbilder | C:\Programme(x86)\Browser Updater\TBUpdater.dll Und du bist sicher, dass das mit dem Skript richtig lief? Wir schauen einfach nochmal genauer hin: Scan mit SystemLook
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
16.05.2013, 17:18
| #40 |
| | C:\Programme(x86)\Browser Updater\TBUpdater.dllCode:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 18:18 on 16/05/2013 by Diton Shkreli
Administrator - Elevation successful
========== dir ==========
C:\Windows\System32\Tasks - Parameters: "/s"
---Files---
Adobe ARM --a---- 2732 bytes [10:15 25/07/2011] [10:15 25/07/2011]
Adobe Flash Player Updater --a---- 3822 bytes [10:19 13/04/2012] [11:45 15/05/2013]
Adobe Reader Speed Launcher --a---- 2730 bytes [10:15 25/07/2011] [10:15 25/07/2011]
Adobe-Online-Aktualisierungsprogramm --a---- 3694 bytes [13:42 13/04/2013] [13:42 13/04/2013]
Desk 365 RunAsStdUser --a---- 3410 bytes [15:54 01/05/2013] [15:54 01/05/2013]
DeviceDetector --a---- 3200 bytes [10:20 25/07/2011] [10:20 25/07/2011]
Go for FilesUpdate --a---- 3100 bytes [11:49 27/01/2013] [11:49 27/01/2013]
Google Updater and Installer --a---- 3892 bytes [13:42 13/04/2013] [13:42 13/04/2013]
GoogleUpdateTaskMachineCore --a---- 3868 bytes [13:23 15/05/2013] [13:23 15/05/2013]
GoogleUpdateTaskMachineUA --a---- 4120 bytes [13:23 15/05/2013] [13:23 15/05/2013]
Java Update Scheduler --a---- 3704 bytes [13:42 13/04/2013] [13:42 13/04/2013]
Microsoft_Hardware_Launch_devicecenter_exe --a---- 3056 bytes [16:10 23/11/2012] [16:10 23/11/2012]
Microsoft_Hardware_Launch_ipoint_exe --a---- 3044 bytes [16:10 23/11/2012] [16:10 23/11/2012]
Microsoft_Hardware_Launch_itype_exe --a---- 3042 bytes [16:10 23/11/2012] [16:10 23/11/2012]
NBAgent --a---- 2806 bytes [10:11 25/07/2011] [10:11 25/07/2011]
Scheduled Update for Ask Toolbar --a---- 3844 bytes [18:14 15/05/2013] [18:14 15/05/2013]
Software Updater --a---- 4130 bytes [10:03 20/04/2013] [14:59 16/05/2013]
Software Updater Ui --a---- 4160 bytes [10:04 20/04/2013] [14:59 16/05/2013]
{44C18F0B-4A96-4F98-9CEC-25E8E21C77DE} --a---- 3202 bytes [11:31 27/05/2012] [11:31 27/05/2012]
{8760E898-A2E3-47DF-93BD-0458BBCAC0F8} --a---- 3248 bytes [22:29 03/01/2012] [22:29 03/01/2012]
C:\Windows\System32\Tasks\Browser Updater d------ [10:03 20/04/2013]
Browser Updater --a---- 4066 bytes [10:03 20/04/2013] [10:03 20/04/2013]
C:\Windows\System32\Tasks\Games d------ [16:57 19/01/2013]
UpdateCheck_S-1-5-21-3844378849-2479913660-30988051-1000 --a---- 4788 bytes [17:06 03/05/2013] [17:06 03/05/2013]
C:\Windows\System32\Tasks\Microsoft d------ [03:20 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows d------ [03:20 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client d------ [04:53 14/07/2009]
AD RMS Rights Policy Template Management (Automated) --a---- 4472 bytes [04:53 14/07/2009] [04:53 14/07/2009]
AD RMS Rights Policy Template Management (Manual) --a---- 3854 bytes [04:53 14/07/2009] [04:53 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows\AppID d------ [04:54 14/07/2009]
PolicyConverter --a---- 2900 bytes [04:54 14/07/2009] [04:54 14/07/2009]
VerifiedPublisherCertStoreCheck --a---- 3790 bytes [04:54 14/07/2009] [04:54 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience d------ [04:54 14/07/2009]
AitAgent --a---- 3458 bytes [04:54 14/07/2009] [04:54 14/07/2009]
ProgramDataUpdater --a---- 3614 bytes [04:54 14/07/2009] [04:54 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows\Autochk d------ [04:49 14/07/2009]
Proxy --a---- 3026 bytes [04:49 14/07/2009] [04:49 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth d------ [04:57 14/07/2009]
UninstallDeviceTask --a---- 1862 bytes [04:57 14/07/2009] [04:57 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient d------ [04:53 14/07/2009]
SystemTask --a---- 4130 bytes [04:53 14/07/2009] [04:53 14/07/2009]
UserTask --a---- 3868 bytes [04:53 14/07/2009] [04:53 14/07/2009]
UserTask-Roam --a---- 3134 bytes [04:53 14/07/2009] [05:09 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program d------ [04:53 14/07/2009]
Consolidator --a---- 4192 bytes [04:57 14/07/2009] [13:42 13/04/2013]
KernelCeipTask --a---- 3946 bytes [04:53 14/07/2009] [04:53 14/07/2009]
UsbCeip --a---- 3598 bytes [04:54 14/07/2009] [04:54 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows\Defrag d------ [04:57 14/07/2009]
ScheduledDefrag --a---- 3886 bytes [04:57 14/07/2009] [04:57 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis d------ [04:57 14/07/2009]
Scheduled --a---- 4018 bytes [04:57 14/07/2009] [04:57 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic d------ [09:12 25/07/2011]
Microsoft-Windows-DiskDiagnosticDataCollector --a---- 3760 bytes [09:12 25/07/2011] [18:51 13/11/2011]
Microsoft-Windows-DiskDiagnosticResolver --a---- 2538 bytes [09:12 25/07/2011] [09:12 25/07/2011]
C:\Windows\System32\Tasks\Microsoft\Windows\Location d------ [04:55 14/07/2009]
Notifications --a---- 3554 bytes [04:55 14/07/2009] [04:57 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance d------ [04:55 14/07/2009]
WinSAT --a---- 4084 bytes [04:55 14/07/2009] [11:31 25/11/2011]
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center d------ [07:16 21/11/2010]
ActivateWindowsSearch --a---- 2420 bytes [09:12 25/07/2011] [09:12 25/07/2011]
ConfigureInternetTimeService --a---- 2448 bytes [09:12 25/07/2011] [09:12 25/07/2011]
DispatchRecoveryTasks --a---- 3650 bytes [09:12 25/07/2011] [18:27 24/06/2012]
ehDRMInit --a---- 2400 bytes [09:12 25/07/2011] [09:12 25/07/2011]
InstallPlayReady --a---- 2546 bytes [09:12 25/07/2011] [09:12 25/07/2011]
mcupdate --a---- 2790 bytes [09:12 25/07/2011] [09:12 25/07/2011]
MediaCenterRecoveryTask --a---- 2954 bytes [09:12 25/07/2011] [09:12 25/07/2011]
ObjectStoreRecoveryTask --a---- 2958 bytes [09:12 25/07/2011] [09:12 25/07/2011]
OCURActivate --a---- 2380 bytes [09:12 25/07/2011] [09:12 25/07/2011]
OCURDiscovery --a---- 2400 bytes [09:12 25/07/2011] [09:12 25/07/2011]
PBDADiscovery --a---- 2384 bytes [09:12 25/07/2011] [09:12 25/07/2011]
PBDADiscoveryW1 --a---- 3226 bytes [09:13 25/07/2011] [09:13 25/07/2011]
PBDADiscoveryW2 --a---- 3228 bytes [09:13 25/07/2011] [09:13 25/07/2011]
PeriodicScanRetry --a---- 3822 bytes [09:12 25/07/2011] [09:12 25/07/2011]
PvrRecoveryTask --a---- 2926 bytes [09:12 25/07/2011] [09:12 25/07/2011]
PvrScheduleTask --a---- 2918 bytes [09:12 25/07/2011] [09:12 25/07/2011]
RecordingRestart --a---- 3078 bytes [09:12 25/07/2011] [09:12 25/07/2011]
RegisterSearch --a---- 2408 bytes [09:12 25/07/2011] [09:12 25/07/2011]
ReindexSearchRoot --a---- 2432 bytes [09:12 25/07/2011] [09:12 25/07/2011]
SqlLiteRecoveryTask --a---- 2942 bytes [09:12 25/07/2011] [09:12 25/07/2011]
StartRecording --a---- 3418 bytes [18:50 29/12/2011] [18:27 24/06/2012]
UpdateRecordPath --a---- 2736 bytes [09:12 25/07/2011] [09:12 25/07/2011]
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\Extender d------ [07:16 21/11/2010]
C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic d------ [04:53 14/07/2009]
CorruptionDetector --a---- 3304 bytes [04:53 14/07/2009] [04:53 14/07/2009]
DecompressionFailureDetector --a---- 3510 bytes [04:53 14/07/2009] [04:53 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC d------ [09:12 25/07/2011]
HotStart --a---- 3576 bytes [09:12 25/07/2011] [09:12 25/07/2011]
C:\Windows\System32\Tasks\Microsoft\Windows\MUI d------ [04:54 14/07/2009]
LPRemove --a---- 3168 bytes [04:54 14/07/2009] [04:54 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia d------ [04:55 14/07/2009]
SystemSoundsService --a---- 2602 bytes [04:55 14/07/2009] [04:57 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace d------ [04:54 14/07/2009]
GatherNetworkInfo --a---- 2044 bytes [04:54 14/07/2009] [04:54 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows\NetworkAccessProtection d------ [04:54 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows\PerfTrack d------ [04:55 14/07/2009]
BackgroundConfigSurveyor --a---- 2832 bytes [04:55 14/07/2009] [04:55 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows\PLA d------ [03:20 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System d------ [03:20 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics d------ [04:53 14/07/2009]
AnalyzeSystem --a---- 3752 bytes [04:53 14/07/2009] [04:53 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows\RAC d------ [04:55 14/07/2009]
RacTask --a---- 4370 bytes [04:55 14/07/2009] [04:57 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows\Ras d------ [04:49 14/07/2009]
MobilityManager --a---- 3052 bytes [04:49 14/07/2009] [04:49 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows\Registry d------ [04:54 14/07/2009]
RegIdleBackup --a---- 3956 bytes [04:54 14/07/2009] [04:54 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update d------ [03:20 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance d------ [04:57 14/07/2009]
RemoteAssistanceTask --a---- 4596 bytes [04:57 14/07/2009] [04:57 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows\RemovalTools d------ [20:03 13/03/2013]
C:\Windows\System32\Tasks\Microsoft\Windows\Shell d------ [04:54 14/07/2009]
WindowsParentalControls --a---- 3616 bytes [04:57 14/07/2009] [04:57 14/07/2009]
WindowsParentalControlsMigration --a---- 3912 bytes [04:57 14/07/2009] [05:09 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows\SideShow d------ [09:12 25/07/2011]
AutoWake --a---- 3784 bytes [09:12 25/07/2011] [09:12 25/07/2011]
GadgetManager --a---- 3612 bytes [09:12 25/07/2011] [09:12 25/07/2011]
SessionAgent --a---- 3698 bytes [09:12 25/07/2011] [02:55 27/08/2011]
SystemDataProviders --a---- 3792 bytes [09:12 25/07/2011] [02:56 27/08/2011]
C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform d------ [04:49 14/07/2009]
SvcRestartTask --a---- 3942 bytes [04:49 14/07/2009] [04:49 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows\SyncCenter d------ [05:32 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore d------ [05:01 14/07/2009]
SR --a---- 3506 bytes [05:01 14/07/2009] [05:01 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager d------ [04:53 14/07/2009]
Interactive --a---- 2614 bytes [04:53 14/07/2009] [04:53 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip d------ [04:53 14/07/2009]
IpAddressConflict1 --a---- 3950 bytes [04:53 14/07/2009] [04:53 14/07/2009]
IpAddressConflict2 --a---- 4066 bytes [04:53 14/07/2009] [04:53 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework d------ [04:53 14/07/2009]
MsCtfMonitor --a---- 2978 bytes [04:53 14/07/2009] [04:53 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization d------ [04:49 14/07/2009]
SynchronizeTime --a---- 3388 bytes [04:49 14/07/2009] [04:49 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows\UPnP d------ [04:49 14/07/2009]
UPnPHostConfig --a---- 1730 bytes [04:49 14/07/2009] [04:49 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows\User Profile Service d------ [04:53 14/07/2009]
HiveUploadTask --a---- 3420 bytes [04:53 14/07/2009] [04:53 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows\WDI d------ [04:49 14/07/2009]
ResolutionHost --a---- 2682 bytes [04:49 14/07/2009] [04:49 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting d------ [04:49 14/07/2009]
QueueReporting --a---- 3048 bytes [04:49 14/07/2009] [04:49 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform d------ [04:49 14/07/2009]
BfeOnServiceStartTypeChange --a---- 3290 bytes [04:49 14/07/2009] [04:49 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing d------ [04:57 14/07/2009]
UpdateLibrary --a---- 3304 bytes [04:57 14/07/2009] [04:57 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup d------ [04:54 14/07/2009]
ConfigNotification --a---- 4330 bytes [04:54 14/07/2009] [02:53 21/11/2010]
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem d------ [04:57 14/07/2009]
Calibration Loader --a---- 3532 bytes [04:57 14/07/2009] [05:09 14/07/2009]
C:\Windows\System32\Tasks\Microsoft\Windows Defender d------ [04:57 14/07/2009]
C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform d------ [11:47 26/12/2011]
SvcRestartTask --a---- 4392 bytes [11:47 26/12/2011] [11:47 26/12/2011]
C:\Windows\System32\Tasks\ProtectedSearch d------ [10:04 20/04/2013]
Protected Search --a---- 3186 bytes [10:04 20/04/2013] [10:04 20/04/2013]
C:\Windows\System32\Tasks\WPD d------ [05:09 14/07/2009]
SqmUpload_S-1-5-21-3844378849-2479913660-30988051-1000 --a---- 4500 bytes [08:30 15/10/2011] [08:30 15/10/2011]
- Unable to find folder.
-= EOF =-
|
|
16.05.2013, 17:24
| #41 |
| /// TB-Ausbilder | C:\Programme(x86)\Browser Updater\TBUpdater.dll Wir werden mal härtere Bandagen anlegen  Lade dir bitte BlitzBlank (von Emsisoft) herunter und speichere es auf den Desktop.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
16.05.2013, 17:31
| #42 |
| | C:\Programme(x86)\Browser Updater\TBUpdater.dll Ehm... es kommt eine Fehlermeldung..: Syntaxfehler in Zeile 2, ungültiger Ordnerpfad |
|
16.05.2013, 18:01
| #43 |
| /// TB-Ausbilder | C:\Programme(x86)\Browser Updater\TBUpdater.dll Ja. Zurecht ... so bitte: Code:
ATTFilter DeleteFolder:
"C:\Windows\System32\Tasks\Browser Updater"
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
16.05.2013, 18:06
| #44 |
| | C:\Programme(x86)\Browser Updater\TBUpdater.dll Geht auch nicht |
|
16.05.2013, 19:15
| #45 |
| /// TB-Ausbilder | C:\Programme(x86)\Browser Updater\TBUpdater.dll Es ist zum heulen. Probiere folgende Schritte:
Bitte berichte
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
| Themen zu C:\Programme(x86)\Browser Updater\TBUpdater.dll |
| angemeldet, browser, community, computer, datei, desktop, dll, erschein, erscheint, fenster, gefunde, gemeldet, hoffe, hängt, konnte, manager, meldung, min, modul, programme, rundll, sobald, starte, task manager, tbupdater.dll, öffnet |
WARNUNG für die MITLESER: 
Linear-Darstellung
