DirtyDecrypt.exe ! Wie entfernen?

Etienne69 · 19.09.2013, 10:21

huhu ich habe schonmal den erste schritt getan und habe mit Frst einen Scan gemacht und poste hier mal das ...hoffe der Schrauber kann helfen zumindest den Trojaner zu entfernen dateien habe ich noch auf einer Externen Festpaltte gesichert gehabt.
FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013
Ran by Etienne (administrator) on ETIENNE-PC on 19-09-2013 11:09:24
Running from C:\Users\Etienne\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Systweak Inc., (www.systweak.com)) C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe
(Conduit) C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avant Force) C:\Program Files (x86)\Avant Browser\avant.exe
(Avant Force) C:\Program Files (x86)\Avant Browser\ybrowser.exe
(Avant Force) C:\Program Files (x86)\Avant Browser\ybrowser.exe
(Avant Force) C:\Program Files (x86)\Avant Browser\ybrowser.exe
(Avant Force) C:\Program Files (x86)\Avant Browser\ybrowser.exe
(Avant Force) C:\Program Files (x86)\Avant Browser\ybrowser.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(7Road) C:\Users\Etienne\Downloads\Demon_Slayer_Anmeldeclient(1).exe
(Woodtale Technology Inc) C:\Program Files (x86)\iSafe\iSafeSvc.exe
(Woodtale Technology Inc) C:\Program Files (x86)\iSafe\iSafeSvc2.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
() C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
(WebConnect) C:\Program Files (x86)\WebConnect\updateWebConnect.exe
(PC Utilities Pro) C:\Program Files (x86)\Optimizer Pro\OptProStart.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11780712 2011-02-24] (Realtek Semiconductor)
HKLM-x32\...\Runonce: [Del15821746] - cmd.exe /Q /D /c del "C:\Users\Etienne\AppData\Local\Temp\0.del" [x]
HKCU\...\Runonce: [Del15821746] - cmd.exe /Q /D /c del "C:\Users\Etienne\AppData\Local\Temp\0.del"
MountPoints2: {91bbb407-a499-11e0-8597-806e6f6e6963} - "D:\Diablo III Setup.exe"
MountPoints2: {baae8bb9-058e-11e2-92e5-806e6f6e6963} - D:\Autorun.exe
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-03] (Avira Operations GmbH & Co. KG)
AppInit_DLLs-x32: c:\progra~3\bitguard\261673~1.238\{c16c1~1\bitguard.dll  [2700768 2013-09-10] ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=DE&userid=f6b98525-17bf-42a7-92af-dcd9a33f66f8&searchtype=ds&q={searchTerms}&installDate=23/04/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=DE&userid=f6b98525-17bf-42a7-92af-dcd9a33f66f8&searchtype=ds&q={searchTerms}&installDate=23/04/2013
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www2.delta-search.com/?babsrc=HP_ss&mntrId=500500FF24B7BB6D&affID=119357&tt=160913_m3&tsp=5010
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: (No Name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} -  No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=342&systemid=406&v=u8708-71&apn_uid=2527234116744512&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=DE&userid=f6b98525-17bf-42a7-92af-dcd9a33f66f8&searchtype=ds&q={searchTerms}&installDate=23/04/2013
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=DE&userid=f6b98525-17bf-42a7-92af-dcd9a33f66f8&searchtype=ds&q={searchTerms}&installDate=23/04/2013
SearchScopes: HKCU - {73B21177-6525-45C6-B228-754D19EB9CD1} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552&CUI=UN72673359230902116&UM=2
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: ICQ Sparberater - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: No Name - {872b5b88-9db5-4310-bdd0-ac189557e5f5} -  No File
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
Toolbar: HKLM-x32 - ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
Toolbar: HKLM-x32 -  No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.)
Toolbar: HKCU -  No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} -  No File
Toolbar: HKCU -  No Name - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} -  No File
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Etienne\AppData\Roaming\Mozilla\Firefox\Profiles\8wf4o7tr.default
FF user.js: detected! => C:\Users\Etienne\AppData\Roaming\Mozilla\Firefox\Profiles\8wf4o7tr.default\user.js
FF NewTab: about:blank
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: about:blank
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3241949&SearchSource=2&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin - C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Etienne\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 - C:\Users\Etienne\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Etienne\AppData\Roaming\Mozilla\Firefox\Profiles\8wf4o7tr.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\Etienne\AppData\Roaming\Mozilla\Firefox\Profiles\8wf4o7tr.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: VideoDownloadConverter - C:\Users\Etienne\AppData\Roaming\Mozilla\Firefox\Profiles\8wf4o7tr.default\Extensions\4zffxtbr@VideoDownloadConverter_4z.com
FF Extension: No Name - C:\Users\Etienne\AppData\Roaming\Mozilla\Firefox\Profiles\8wf4o7tr.default\Extensions\ffxtlbr@babylon.com
FF Extension: No Name - C:\Users\Etienne\AppData\Roaming\Mozilla\Firefox\Profiles\8wf4o7tr.default\Extensions\ffxtlbr@delta.com
FF Extension: Movies Toolbar (Dist. by Koyote-Lab, Inc.) - C:\Users\Etienne\AppData\Roaming\Mozilla\Firefox\Profiles\8wf4o7tr.default\Extensions\{a3a8ba13-8b56-46e6-8bc6-2746089b6cb2}
FF Extension: Hotspot Shield  - C:\Users\Etienne\AppData\Roaming\Mozilla\Firefox\Profiles\8wf4o7tr.default\Extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
FF Extension: No Name - C:\Users\Etienne\AppData\Roaming\Mozilla\Firefox\Profiles\8wf4o7tr.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afurladvisor@anchorfree.com
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKCU\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] - C:\Users\Etienne\AppData\Roaming\11002
FF Extension: Java String Helper - C:\Users\Etienne\AppData\Roaming\11002

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (A Mystical Land Installer) - C:\Users\Etienne\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgbokbdciknlbddfbblcochmpkilgddb\1.0.0.10_0
CHR Extension: (PricePeep) - C:\Users\Etienne\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.3_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Etienne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (ICQ Sparberater) - C:\Users\Etienne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpllndkedbnmonoomepeeglghdelffo\1.4.9_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\Etienne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0
CHR HKLM-x32\...\Chrome\Extension: [nmpllndkedbnmonoomepeeglghdelffo] - C:\Program Files (x86)\icq\Chrome\icq-1.3.671.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-03] (Avira Operations GmbH & Co. KG)
S4 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88424 2013-08-10] (Perfect World Entertainment Inc)
R2 ASO3DiskOptimizer; C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [263520 2012-09-13] (Systweak Inc., (www.systweak.com))
R2 BitGuard; C:\ProgramData\BitGuard\2.6.1673.238\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [2845152 2013-09-10] ()
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [97056 2013-05-08] (Conduit)
S3 DAUpdaterSvc; C:\Program Files (x86)\Origin Games\Dragon Age Origins\\bin_ship\DAUpdaterSvc.Service.exe [25832 2011-02-24] (BioWare)
S4 Guard.Mail.ru; C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe [1564368 2012-05-02] ()
S4 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [853800 2013-07-25] (AnchorFree Inc.)
S4 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2013-07-24] ()
S4 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [548136 2013-07-25] ()
S4 ICQ Service; C:\PROGRA~2\ICQ6TO~1\ICQSER~1.EXE [247872 2012-03-20] ()
R2 iSafeService; C:\Program Files (x86)\iSafe\iSafeSvc.exe [359240 2013-09-18] (Woodtale Technology Inc)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-07-31] (Overwolf Ltd)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 Update WebConnect; C:\Program Files (x86)\WebConnect\updateWebConnect.exe [206632 2013-08-30] (WebConnect)

==================== Drivers (Whitelisted) ====================

R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11904 2011-12-18] (Advanced Micro Devices Inc.)
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-25] (Avira Operations GmbH & Co. KG)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [46792 2013-07-24] (AnchorFree Inc.)
R3 iSafeKrnl; C:\Program Files (x86)\iSafe\iSafeKrnl.sys [190320 2013-09-18] (Woodtale Technology Inc)
R1 iSafeNetFilter; C:\Program Files (x86)\iSafe\iSafeNetFilter.sys [45936 2013-09-18] (NetFilterSDK.com)
R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [41488 2008-02-29] (Logicool, Inc.)
R3 MTsensor; C:\Windows\system32\drivers\ASACPI.sys [8192 2005-03-28] ()
S3 skfiltv; C:\Windows\System32\drivers\skfiltv.sys [24064 2008-08-14] (Creative Technology Ltd.)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)
S3 cpuz135; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-19 11:09 - 2013-09-19 11:09 - 00000000 ____D C:\Users\Etienne\AppData\Roaming\Optimizer Pro
2013-09-19 11:09 - 2013-09-19 11:09 - 00000000 ____D C:\FRST
2013-09-19 11:08 - 2013-09-19 11:08 - 01950594 _____ (Farbar) C:\Users\Etienne\Downloads\FRST64.exe
2013-09-19 11:04 - 2013-09-19 11:04 - 00003420 _____ C:\Windows\System32\Tasks\BitGuard
2013-09-19 11:04 - 2013-09-19 11:04 - 00001075 _____ C:\Users\Etienne\Desktop\Optimizer Pro.lnk
2013-09-19 11:04 - 2013-09-19 11:04 - 00000000 ____D C:\Users\Etienne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-09-19 11:04 - 2013-09-19 11:04 - 00000000 ____D C:\Users\Etienne\AppData\Roaming\Delta
2013-09-19 11:04 - 2013-09-19 11:04 - 00000000 ____D C:\ProgramData\BitGuard
2013-09-19 11:04 - 2013-09-19 11:04 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-09-19 11:04 - 2013-09-19 11:04 - 00000000 ____D C:\Program Files (x86)\Delta
2013-09-19 11:03 - 2013-09-19 11:07 - 00000000 ____D C:\Program Files (x86)\Image Converter
2013-09-19 11:03 - 2013-09-19 11:04 - 00000000 ____D C:\Program Files (x86)\WebConnect
2013-09-19 11:03 - 2013-09-19 11:03 - 00003248 _____ C:\Windows\System32\Tasks\DigitalSite
2013-09-19 11:03 - 2013-09-19 11:03 - 00001891 _____ C:\Users\Etienne\Desktop\Search.lnk
2013-09-19 11:03 - 2013-09-19 11:03 - 00000300 _____ C:\Windows\Tasks\DigitalSite.job
2013-09-19 11:03 - 2013-09-19 11:03 - 00000000 ____D C:\Users\Etienne\AppData\Roaming\DigitalSite
2013-09-19 11:03 - 2013-09-19 11:03 - 00000000 ____D C:\Users\Etienne\AppData\Roaming\Babylon
2013-09-19 11:03 - 2013-09-19 11:03 - 00000000 ____D C:\Users\Etienne\AppData\Roaming\BabSolution
2013-09-19 11:03 - 2013-09-19 11:03 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-19 11:03 - 2013-09-19 11:03 - 00000000 ____D C:\ProgramData\Babylon
2013-09-19 11:03 - 2013-09-19 11:03 - 00000000 ____D C:\Program Files (x86)\PricePeep
2013-09-19 10:38 - 2013-09-19 10:38 - 00000000 ____D C:\Users\Etienne\AppData\Roaming\eCyber
2013-09-19 10:36 - 2013-09-19 11:07 - 00000000 ____D C:\Users\Etienne\AppData\Roaming\iSafe
2013-09-19 10:36 - 2013-09-19 10:41 - 00000000 ____D C:\Program Files (x86)\iSafe
2013-09-19 10:36 - 2013-09-19 10:36 - 00633672 _____ (Woodtale Technology Inc) C:\Users\Etienne\Downloads\iSafedl.exe
2013-09-19 10:36 - 2013-09-19 10:36 - 00001793 _____ C:\Users\Public\Desktop\YAC.lnk
2013-09-19 10:36 - 2013-09-19 10:36 - 00000000 ____D C:\Windows\system32\log
2013-09-19 06:40 - 2013-09-19 06:40 - 98201083 _____ C:\Windows\SysWOW64\㵨䇧브7
2013-09-18 14:52 - 2013-09-18 14:52 - 00001492 _____ C:\Users\Etienne\Desktop\Star Wars - The Old Republic.lnk
2013-09-17 19:30 - 2013-09-17 19:31 - 00003619 _____ C:\Users\Etienne\Documents\Dragon Age Origins 1.05.log
2013-09-17 19:30 - 2013-09-17 19:30 - 00001129 _____ C:\Users\Etienne\Documents\Dragon Age Origins 1.02.log
2013-09-17 19:29 - 2013-09-17 19:29 - 00000000 ____D C:\ProgramData\BioWare
2013-09-17 18:27 - 2013-09-17 18:37 - 101553128 _____ (BioWare) C:\Users\Etienne\Downloads\DragonAge1.05.exe
2013-09-17 00:32 - 2013-09-17 00:32 - 00001373 _____ C:\Users\Etienne\Desktop\Dragon Age II.lnk
2013-09-16 22:29 - 2013-09-16 22:29 - 00001355 _____ C:\Users\Public\Desktop\Dragon Age II.lnk
2013-09-15 17:48 - 2013-09-15 17:52 - 00003081 _____ C:\Users\Etienne\Documents\Dragon Age Origins - dao_prc_drk.log
2013-09-15 17:47 - 2013-09-15 17:48 - 00002362 _____ C:\Users\Etienne\Documents\Dragon Age Origins - dao_prc_nrx_1.log
2013-09-15 15:28 - 2013-09-15 15:28 - 00000000 ____D C:\Program Files\7-Zip
2013-09-11 20:27 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 20:27 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 20:27 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-11 20:27 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-11 20:27 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-11 20:27 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-11 20:27 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-11 20:27 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 20:27 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-11 20:27 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 20:27 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 20:27 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-11 20:27 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-11 20:27 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-11 20:27 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-11 20:27 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-11 20:27 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-11 20:27 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 20:27 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-11 20:27 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 20:27 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 20:27 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-11 20:27 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-11 20:27 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-11 20:27 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-11 20:27 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-11 20:27 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 20:27 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 20:26 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 20:26 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 20:26 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-11 20:26 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-06 22:31 - 2013-09-06 22:31 - 00000000 ____D C:\Users\Etienne\AppData\Local\{356BD50C-FA4E-4311-BA8A-287A07E0E9C2}
2013-09-06 11:20 - 2013-09-06 11:20 - 00000000 ____D C:\Users\Etienne\AppData\Local\EA Core
2013-09-06 10:31 - 2013-09-06 10:31 - 00001494 _____ C:\Users\Etienne\Documents\DAO Addins Updater.log
2013-09-05 20:32 - 2013-09-05 20:32 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-09-05 20:32 - 2013-09-05 20:32 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-09-04 16:26 - 2013-09-04 18:28 - 00009024 _____ C:\Users\Etienne\Documents\Uninstall Dragon Age Origins.log
2013-09-04 12:28 - 2013-09-04 12:28 - 00000000 ____D C:\Windows\1C4551A64743409391E41477CD655043.TMP
2013-09-04 11:49 - 2013-09-04 12:30 - 00021927 _____ C:\Users\Etienne\Documents\Install Dragon Age Origins.log
2013-09-02 11:27 - 2013-09-02 11:27 - 00000000 ____D C:\Users\Etienne\AppData\Local\{40A151CE-44CF-40F2-ADDE-56D854330812}
2013-08-28 14:18 - 2013-08-28 14:18 - 00000000 ____D C:\Casino
2013-08-28 14:11 - 2013-08-28 14:19 - 00000000 ____D C:\Users\Etienne\AppData\Roaming\RBotPlus
2013-08-28 14:11 - 2013-08-28 14:16 - 00000000 ____D C:\Users\Etienne\AppData\Local\MigsUpdater
2013-08-28 14:11 - 2013-08-28 14:11 - 00004178 _____ C:\Windows\System32\Tasks\MigrationUpdateTask
2013-08-28 14:11 - 2013-08-28 14:11 - 00001016 _____ C:\Users\Public\Desktop\Roulette Bot Plus.lnk
2013-08-28 14:11 - 2013-08-28 14:11 - 00000000 ____D C:\Program Files (x86)\RBPlus
2013-08-28 13:43 - 2013-08-28 13:43 - 00000000 ____D C:\Users\Etienne\AppData\Local\{53B31DB3-AAFE-4B51-AE06-C3066A7BC1B9}

==================== One Month Modified Files and Folders =======

2013-09-19 11:09 - 2013-09-19 11:09 - 00000000 ____D C:\Users\Etienne\AppData\Roaming\Optimizer Pro
2013-09-19 11:09 - 2013-09-19 11:09 - 00000000 ____D C:\FRST
2013-09-19 11:08 - 2013-09-19 11:08 - 01950594 _____ (Farbar) C:\Users\Etienne\Downloads\FRST64.exe
2013-09-19 11:07 - 2013-09-19 11:03 - 00000000 ____D C:\Program Files (x86)\Image Converter
2013-09-19 11:07 - 2013-09-19 10:36 - 00000000 ____D C:\Users\Etienne\AppData\Roaming\iSafe
2013-09-19 11:04 - 2013-09-19 11:04 - 00003420 _____ C:\Windows\System32\Tasks\BitGuard
2013-09-19 11:04 - 2013-09-19 11:04 - 00001075 _____ C:\Users\Etienne\Desktop\Optimizer Pro.lnk
2013-09-19 11:04 - 2013-09-19 11:04 - 00000000 ____D C:\Users\Etienne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-09-19 11:04 - 2013-09-19 11:04 - 00000000 ____D C:\Users\Etienne\AppData\Roaming\Delta
2013-09-19 11:04 - 2013-09-19 11:04 - 00000000 ____D C:\ProgramData\BitGuard
2013-09-19 11:04 - 2013-09-19 11:04 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-09-19 11:04 - 2013-09-19 11:04 - 00000000 ____D C:\Program Files (x86)\Delta
2013-09-19 11:04 - 2013-09-19 11:03 - 00000000 ____D C:\Program Files (x86)\WebConnect
2013-09-19 11:04 - 2013-08-17 13:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-19 11:03 - 2013-09-19 11:03 - 00003248 _____ C:\Windows\System32\Tasks\DigitalSite
2013-09-19 11:03 - 2013-09-19 11:03 - 00001891 _____ C:\Users\Etienne\Desktop\Search.lnk
2013-09-19 11:03 - 2013-09-19 11:03 - 00000300 _____ C:\Windows\Tasks\DigitalSite.job
2013-09-19 11:03 - 2013-09-19 11:03 - 00000000 ____D C:\Users\Etienne\AppData\Roaming\DigitalSite
2013-09-19 11:03 - 2013-09-19 11:03 - 00000000 ____D C:\Users\Etienne\AppData\Roaming\Babylon
2013-09-19 11:03 - 2013-09-19 11:03 - 00000000 ____D C:\Users\Etienne\AppData\Roaming\BabSolution
2013-09-19 11:03 - 2013-09-19 11:03 - 00000000 ____D C:\ProgramData\DSearchLink
2013-09-19 11:03 - 2013-09-19 11:03 - 00000000 ____D C:\ProgramData\Babylon
2013-09-19 11:03 - 2013-09-19 11:03 - 00000000 ____D C:\Program Files (x86)\PricePeep
2013-09-19 11:01 - 2011-08-04 01:06 - 00000000 ____D C:\Users\Etienne\AppData\Roaming\vlc
2013-09-19 10:52 - 2011-07-20 23:54 - 00001112 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-19 10:41 - 2013-09-19 10:36 - 00000000 ____D C:\Program Files (x86)\iSafe
2013-09-19 10:40 - 2011-07-19 23:37 - 00000000 ____D C:\Windows\Minidump
2013-09-19 10:38 - 2013-09-19 10:38 - 00000000 ____D C:\Users\Etienne\AppData\Roaming\eCyber
2013-09-19 10:36 - 2013-09-19 10:36 - 00633672 _____ (Woodtale Technology Inc) C:\Users\Etienne\Downloads\iSafedl.exe
2013-09-19 10:36 - 2013-09-19 10:36 - 00001793 _____ C:\Users\Public\Desktop\YAC.lnk
2013-09-19 10:36 - 2013-09-19 10:36 - 00000000 ____D C:\Windows\system32\log
2013-09-19 10:36 - 2013-03-05 17:30 - 00000870 _____ C:\Users\Etienne\Desktop\Demon Slayer - Anmeldeclient.lnk
2013-09-19 10:13 - 2012-04-02 10:28 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-19 10:08 - 2011-07-02 13:03 - 01665589 ____N C:\Windows\WindowsUpdate.log
2013-09-19 06:48 - 2009-07-14 06:45 - 00032080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-19 06:48 - 2009-07-14 06:45 - 00032080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-19 06:40 - 2013-09-19 06:40 - 98201083 _____ C:\Windows\SysWOW64\㵨䇧브7
2013-09-19 06:40 - 2011-07-20 23:54 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-19 06:39 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-18 22:37 - 2013-02-22 15:50 - 00000000 ____D C:\Program Files (x86)\Origin
2013-09-18 22:04 - 2013-07-30 10:20 - 00000000 ____D C:\Users\Etienne\Desktop\Neuer Ordner (4)
2013-09-18 15:02 - 2012-08-12 14:54 - 00000280 _____ C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2013-09-18 14:54 - 2012-08-12 14:54 - 00000288 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job
2013-09-18 14:52 - 2013-09-18 14:52 - 00001492 _____ C:\Users\Etienne\Desktop\Star Wars - The Old Republic.lnk
2013-09-18 14:52 - 2011-12-04 12:24 - 00000000 ____D C:\Users\Etienne\Desktop\Neuer Ordner
2013-09-17 19:31 - 2013-09-17 19:30 - 00003619 _____ C:\Users\Etienne\Documents\Dragon Age Origins 1.05.log
2013-09-17 19:31 - 2013-01-12 14:50 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-09-17 19:30 - 2013-09-17 19:30 - 00001129 _____ C:\Users\Etienne\Documents\Dragon Age Origins 1.02.log
2013-09-17 19:29 - 2013-09-17 19:29 - 00000000 ____D C:\ProgramData\BioWare
2013-09-17 18:37 - 2013-09-17 18:27 - 101553128 _____ (BioWare) C:\Users\Etienne\Downloads\DragonAge1.05.exe
2013-09-17 10:03 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-09-17 09:51 - 2010-11-21 08:49 - 00000000 ____D C:\Windows\system32\WCN
2013-09-17 09:51 - 2010-11-21 08:49 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2013-09-17 09:51 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\Dism
2013-09-17 09:51 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\com
2013-09-17 00:33 - 2013-08-07 17:16 - 00000000 ____D C:\Users\Etienne\Documents\BioWare
2013-09-17 00:32 - 2013-09-17 00:32 - 00001373 _____ C:\Users\Etienne\Desktop\Dragon Age II.lnk
2013-09-16 22:29 - 2013-09-16 22:29 - 00001355 _____ C:\Users\Public\Desktop\Dragon Age II.lnk
2013-09-15 23:03 - 2011-08-10 15:51 - 00000000 ____D C:\Users\Etienne\AppData\Roaming\TS3Client
2013-09-15 17:52 - 2013-09-15 17:48 - 00003081 _____ C:\Users\Etienne\Documents\Dragon Age Origins - dao_prc_drk.log
2013-09-15 17:48 - 2013-09-15 17:47 - 00002362 _____ C:\Users\Etienne\Documents\Dragon Age Origins - dao_prc_nrx_1.log
2013-09-15 16:19 - 2012-09-23 16:19 - 00000464 _____ C:\Windows\Tasks\ASO-AutoCheckUpdate7Days.job
2013-09-15 16:16 - 2011-07-02 14:06 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-09-15 15:34 - 2012-01-19 08:51 - 00000000 ____D C:\Program Files\WinZip
2013-09-15 15:34 - 2011-07-02 13:03 - 00000000 ____D C:\Users\Etienne
2013-09-15 15:33 - 2012-01-19 08:51 - 00000000 ____D C:\ProgramData\WinZip
2013-09-15 15:28 - 2013-09-15 15:28 - 00000000 ____D C:\Program Files\7-Zip
2013-09-15 14:36 - 2013-02-22 15:54 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-09-13 23:14 - 2012-04-02 10:28 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-13 23:14 - 2012-04-02 10:28 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-13 23:14 - 2011-07-02 15:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-13 10:40 - 2013-07-14 15:32 - 00000000 ____D C:\Users\Etienne\Desktop\Bilder
2013-09-12 10:21 - 2011-07-02 13:06 - 00000000 ___RD C:\Users\Etienne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-12 10:21 - 2011-07-02 13:06 - 00000000 ___RD C:\Users\Etienne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 10:19 - 2009-07-14 06:45 - 00280328 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 01:19 - 2011-07-02 15:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-09-12 01:19 - 2011-07-02 13:26 - 01670454 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-09-12 01:19 - 2010-11-21 08:50 - 00707768 _____ C:\Windows\system32\perfh007.dat
2013-09-12 01:19 - 2010-11-21 08:50 - 00153102 _____ C:\Windows\system32\perfc007.dat
2013-09-12 01:18 - 2013-07-12 00:24 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 01:15 - 2011-04-27 13:44 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-10 23:21 - 2011-07-02 15:24 - 00000000 ____D C:\Users\Etienne\AppData\Roaming\SoftGrid Client
2013-09-10 10:03 - 2012-01-03 22:34 - 00151040 _____ C:\Users\Etienne\Desktop\Mappe1d.xls
2013-09-06 22:31 - 2013-09-06 22:31 - 00000000 ____D C:\Users\Etienne\AppData\Local\{356BD50C-FA4E-4311-BA8A-287A07E0E9C2}
2013-09-06 11:20 - 2013-09-06 11:20 - 00000000 ____D C:\Users\Etienne\AppData\Local\EA Core
2013-09-06 10:31 - 2013-09-06 10:31 - 00001494 _____ C:\Users\Etienne\Documents\DAO Addins Updater.log
2013-09-05 20:32 - 2013-09-05 20:32 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-09-05 20:32 - 2013-09-05 20:32 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-09-05 20:32 - 2011-08-21 14:43 - 00000000 ____D C:\ProgramData\Adobe
2013-09-05 20:32 - 2011-07-02 15:51 - 00000000 ____D C:\Users\Etienne\AppData\Roaming\Adobe
2013-09-05 13:02 - 2011-07-02 14:06 - 00000000 ____D C:\Users\Etienne\AppData\Local\Turbine
2013-09-04 18:28 - 2013-09-04 16:26 - 00009024 _____ C:\Users\Etienne\Documents\Uninstall Dragon Age Origins.log
2013-09-04 16:27 - 2011-07-02 14:30 - 00000000 ____D C:\Games
2013-09-04 12:30 - 2013-09-04 11:49 - 00021927 _____ C:\Users\Etienne\Documents\Install Dragon Age Origins.log
2013-09-04 12:28 - 2013-09-04 12:28 - 00000000 ____D C:\Windows\1C4551A64743409391E41477CD655043.TMP
2013-09-04 11:53 - 2013-08-06 17:27 - 00000000 ____D C:\gamigo
2013-09-03 10:20 - 2013-05-07 12:52 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-03 10:20 - 2013-03-25 15:24 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-03 10:20 - 2013-03-25 15:24 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-02 11:27 - 2013-09-02 11:27 - 00000000 ____D C:\Users\Etienne\AppData\Local\{40A151CE-44CF-40F2-ADDE-56D854330812}
2013-08-28 14:19 - 2013-08-28 14:11 - 00000000 ____D C:\Users\Etienne\AppData\Roaming\RBotPlus
2013-08-28 14:18 - 2013-08-28 14:18 - 00000000 ____D C:\Casino
2013-08-28 14:16 - 2013-08-28 14:11 - 00000000 ____D C:\Users\Etienne\AppData\Local\MigsUpdater
2013-08-28 14:11 - 2013-08-28 14:11 - 00004178 _____ C:\Windows\System32\Tasks\MigrationUpdateTask
2013-08-28 14:11 - 2013-08-28 14:11 - 00001016 _____ C:\Users\Public\Desktop\Roulette Bot Plus.lnk
2013-08-28 14:11 - 2013-08-28 14:11 - 00000000 ____D C:\Program Files (x86)\RBPlus
2013-08-28 13:43 - 2013-08-28 13:43 - 00000000 ____D C:\Users\Etienne\AppData\Local\{53B31DB3-AAFE-4B51-AE06-C3066A7BC1B9}
2013-08-27 20:19 - 2013-03-08 01:39 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-08-26 10:51 - 2013-05-18 18:42 - 00000000 ____D C:\Users\Etienne\AppData\Local\Conduit
2013-08-26 10:45 - 2013-08-16 06:56 - 00000000 ____D C:\Users\Etienne\AppData\Local\Overwolf
2013-08-26 10:42 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-20 07:29 - 2013-08-16 10:49 - 00000858 _____ C:\Windows\client.config.ini
2013-08-20 06:50 - 2013-08-17 10:39 - 00000000 ____D C:\Users\Etienne\Documents\Neverwinter Nights 2

Files to move or delete:
====================
C:\ProgramData\dsgsdgdsgdsgw.pad
C:\ProgramData\lsass.exe


Some content of TEMP:
====================
C:\Users\Etienne\AppData\Local\Temp\Optimizer_Pro.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-13 15:36

==================== End Of Log ============================

--- --- ---

--- --- ---

Application errors:
==================
Error: (09/19/2013 11:02:02 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (09/19/2013 11:01:57 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/19/2013 06:40:07 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/18/2013 09:37:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/18/2013 09:38:28 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/17/2013 09:55:39 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/17/2013 09:52:01 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/17/2013 01:14:50 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (09/16/2013 02:49:02 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (09/16/2013 06:51:15 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (09/17/2013 09:59:00 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.

Error: (09/17/2013 09:54:01 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007045b

Error: (09/17/2013 01:20:31 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet:
%%6701

Error: (09/16/2013 06:54:36 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.

Error: (09/16/2013 06:54:05 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.

Error: (09/14/2013 01:26:22 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet:
%%6701

Error: (09/13/2013 05:50:17 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (09/12/2013 10:17:51 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%109

Error: (09/12/2013 10:17:22 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x80080005

Error: (09/12/2013 10:17:22 AM) (Source: DCOM) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Microsoft Office Sessions:
=========================
Error: (09/19/2013 11:02:02 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\Etienne\Downloads\SoftonicDownloader_fuer_avira-antivir.exe

Error: (09/19/2013 11:01:57 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Etienne\Downloads\SoftonicDownloader_fuer_star-trek-online.exe

Error: (09/19/2013 06:40:07 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/18/2013 09:37:55 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/18/2013 09:38:28 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/17/2013 09:55:39 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/17/2013 09:52:01 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/17/2013 01:14:50 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\Etienne\Downloads\SoftonicDownloader_fuer_avira-antivir.exe

Error: (09/16/2013 02:49:02 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (09/16/2013 06:51:15 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Percentage of memory in use: 32%
Total physical RAM: 8190.16 MB
Available physical RAM: 5560.64 MB
Total Pagefile: 16378.5 MB
Available Pagefile: 12457.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Windows 7) (Fixed) (Total:465.76 GB) (Free:11.67 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (NWN2) (CDROM) (Total:6.29 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: A7666C95)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================

smeenk · 19.09.2013, 10:40

Ich bin smeenk und ich werde versuchen dir zu helfen

Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/

Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen
Starte Zoek.exe mit einem Doppelklick.
Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.

Kopiere den Text der folgenden Box in das Skriptfenster von Zoek:

Code:

ATTFilter

firefoxlook;
filesrcm;
installedprogs;
conduit;ff
iSafeKrnl;s
iSafeNetFilter;s
C:\Users\Etienne\AppData\Roaming\Optimizer Pro;fs
C:\Windows\System32\Tasks\BitGuard;fs
C:\Users\Etienne\Desktop\Optimizer Pro.lnk;f
C:\Users\Etienne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard;fs
C:\Users\Etienne\AppData\Roaming\Delta;fs
C:\Program Files (x86)\Delta;fs
C:\Users\Etienne\AppData\Local\Conduit;fs
C:\Windows\System32\Tasks\DigitalSite;fs
C:\Users\Etienne\Desktop\Search.lnk;f
C:\Windows\Tasks\DigitalSite.job;f
C:\Users\Etienne\AppData\Roaming\DigitalSite;fs
C:\Users\Etienne\AppData\Roaming\Babylon;fs
C:\Users\Etienne\AppData\Roaming\BabSolution;fs
C:\ProgramData\DSearchLink;fs
C:\ProgramData\Babylon;fs
C:\Program Files (x86)\PricePeep;fs
C:\Users\Etienne\AppData\Roaming\eCyber
C:\Users\Etienne\AppData\Roaming\iSafe
{c95a4e8e-816d-4655-8c79-d736da1adb6d};c
{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406};c
{006ee092-9658-4fd6-bd8e-a21a348e59f5};c
{ae07101b-46d4-4a98-af68-0333ea26e113};c
{02478D38-C3F9-4efb-9B51-7695ECA05670};c
{73B21177-6525-45C6-B228-754D19EB9CD1};c
C:\Program Files (x86)\ICQ6Toolbar;fs
C:\Program Files (x86)\Optimizer Pro;fs
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows];r
"AppInit_DLLs"=-;r
skipstartpage-iedefaults;
hshld;s
licjnkifamhpbaefhdpacpmihicfbomb;chr
BitGuard;s
HssTrayService;s
HssWd;s
C:\Program Files (x86)\Hotspot Shield;fs
iSafeService;s
ASO3DiskOptimizer;s
Update WebConnect;s
C:\Program Files (x86)\WebConnect;fs
C:\ProgramData\BitGuard;fs
C:\Program Files (x86)\iSafe;fs
C:\Program Files (x86)\SearchProtect;fs
C:\Program Files (x86)\Advanced System Optimizer 3;fs
chromelook;
startupall;

Nun klicke auf "Run script" und sei geduldig bis das Skript durchläuft.
Wenn das Tool fertig ist wird sich Notepad mit dem Logfile öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)

Etienne69 · 19.09.2013, 11:27

danke für die schnelle antwort hier der scan..

==== System Restore Info ======================

19.09.2013 12:08:46 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3144317847-3515440974-1342239808-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c95a4e8e-816d-4655-8c79-d736da1adb6d} deleted successfully
HKEY_USERS\S-1-5-21-3144317847-3515440974-1342239808-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{c95a4e8e-816d-4655-8c79-d736da1adb6d} deleted successfully
HKEY_USERS\S-1-5-21-3144317847-3515440974-1342239808-1002\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} deleted successfully
HKEY_USERS\S-1-5-21-3144317847-3515440974-1342239808-1002\Software\Microsoft\Internet Explorer\SearchScopes\{73B21177-6525-45C6-B228-754D19EB9CD1} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{c95a4e8e-816d-4655-8c79-d736da1adb6d} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3144317847-3515440974-1342239808-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{c95a4e8e-816d-4655-8c79-d736da1adb6d} deleted successfully
HKEY_USERS\S-1-5-21-3144317847-3515440974-1342239808-1002\Software\Microsoft\Internet Explorer\URLSearchHooks\{c95a4e8e-816d-4655-8c79-d736da1adb6d} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{c95a4e8e-816d-4655-8c79-d736da1adb6d} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\hshld deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hshld deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\hshld deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\hshld deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HssTrayService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\HssTrayService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssWd deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HssWd deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\HssWd deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\HssWd deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ASO3DiskOptimizer deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ASO3DiskOptimizer deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\Etienne\AppData\Roaming\Mozilla\Firefox\Profiles\8wf4o7tr.default

---- Lines conduit removed from prefs.js ----

user_pref("CT1561552.installId", "conduitinstaller.exe");
user_pref("CT1561552.installType", "conduitnsisintegration");
user_pref("CT1561552.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT1561552&octid=CT1561552&SearchSource=15&CUI=UN94098258532469122&SSPV=&Lay=1&UM=1\"}");
user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=");
user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
user_pref("CT2269050.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13");
user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCityToolbar.com,MyCollegeToolbar.com,MyFamilyToolbar.com,MyForum Toolbar.com,MyLibraryToolbar.com,MyRadioToolbar.com,MyStoreToolbar.com,MyTownToolbar.com,MyUniversityToolbar.com,OurChurchToolbar.com,MyXangaToolbar.c om,Media-Toolbar.com,LoyaltyToolbar.com,MyTeamToolbar.com,GreatToolbars.com,OurOrganizationToolbar.com,OurBusinessToolbar.com,Toolbar.fm");
user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdownload.conduit.com/\",\"RevertSettingsEnabled\":\"TRUE\",\"urlBarHiddenEnabled\":\"TRUE\",\"notFoundHiddenEnabled\":\"TRUE\",\"searchInNewTabHiddenEnabled\":\"TRUE\",\"W orkingAppsWhenHiddenList\":\"[\\\"6cfe5439-68c4-4541-859e-cf72ae454b3e\\\"]\",\"ChInterval\":\"24\"}");
user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT3241949.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3241949&SearchSource=2&q=");
user_pref("CT3241949.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3241949&octid=CT3241949&SearchSource=15&CUI=UN78937636493027633&SSPV=EB_SSPV&UM=\"}");
user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050", "\"70fc3dd5ca2fc474b195903ac0394fcb3\"");
user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3106777/CT3106777", "\"b1f20aa632f27d7377a909e519ffcf793\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", "\"1365594729\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3106777", "\"1359634418\"");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE", "wVmmvqqOMqrv5xct1cJIHg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "C5ZJe6gL80JBW5CuLy+wkg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE", "V3ke+ogt4ejn0sB1xPR3nw==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "V3ke+ogt4ejn0sB1xPR3nw==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE", "ktZKgREPsk5m13TY9rsX+A==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "k9un27OkAvkwB2ZmvXxTnA==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE", "cTVrc75U9YwdI74PAhUYFw==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "FqddrIU7eyJgaaLyHDeVMQ==");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.100", "\"0343677cfb1cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:15a3\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"0343677cfb1cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050", "\"22fbb080012e14eb6885b7d6bba87d24\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3106777", "\"f37920d9b1c98697d4d3d176616327e0\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"d539fd000f39e44a38a0a187507c791e\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"38b0bce16ee5dcbfd787b74c7f69bf3e\"");
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Etienne\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8wf4o7tr.default\\conduitCommon\\modules\\3.12.2.3");
user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("Smartbar.ConduitSearchEngineList", "FileConverter 1.3 Customized Web Search");
user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3241949&SearchSource=2&q=");
user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3241949&SearchSource=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3241949&SearchSource=2&CUI=UN78937636493027633&q=,hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=2&CUI=UN94098258532469122&UM=1&q=");
user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3241949&SearchSource=2&q=");

---- Lines conduit modified from prefs.js ----

---- Lines conduit removed from user.js ----

---- Lines {c95a4e8e-816d-4655-8c79-d736da1adb6d} removed from prefs.js ----

---- Lines {c95a4e8e-816d-4655-8c79-d736da1adb6d} modified from prefs.js ----

---- Lines {c95a4e8e-816d-4655-8c79-d736da1adb6d} removed from user.js ----

---- FireFox user.js and prefs.js backups ----

user__1209_.backup
prefs__1209_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=-

==== Deleting Files \ Folders ======================

"C:\Program Files (x86)\WebConnect" not found
"C:\ProgramData\BitGuard" not found
"C:\Program Files (x86)\iSafe" not found
"C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe" deleted
"C:\Program Files (x86)\SearchProtect\bin\msvcp100.dll" deleted
"C:\Program Files (x86)\SearchProtect\bin\msvcr100.dll" not deleted
"C:\Program Files (x86)\ICQ6Toolbar" deleted
"C:\Program Files (x86)\Optimizer Pro" deleted
"C:\Program Files (x86)\Hotspot Shield" deleted
"C:\Program Files (x86)\SearchProtect" not deleted
"C:\Program Files (x86)\Advanced System Optimizer 3" deleted
"C:\Users\Etienne\AppData\Roaming\Mozilla\Firefox\Profiles\8wf4o7tr.default\conduitCommon" deleted
"C:\Users\Etienne\AppData\Roaming\Mozilla\Firefox\Profiles\8wf4o7tr.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}" deleted
"C:\Program Files (x86)\SearchProtect\bin" not deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Etienne\AppData\Local\Temp ====
2013-09-19 09:51:32 47239EB4A793EA0DC7C283A71F401493 112352 ----a-w- C:\Users\Etienne\AppData\Local\Temp\UnityWebPlayer\UnityWebPlayerUpdate.exe
2013-09-19 09:35:16 3C74C26999F2060BC6302448F173A342 340464 ----a-w- C:\Users\Etienne\AppData\Local\Temp\uninst1.exe
2013-09-19 09:04:08 7991EE8D980458D2B1B9BB9D01540D87 4593424 ----a-w- C:\Users\Etienne\AppData\Local\Temp\Optimizer_Pro.exe
2013-09-19 09:03:29 B212865E7E478A28A97268F960079A8D 132096 ----a-w- C:\Users\Etienne\AppData\Local\Temp\8471A2BB-BAB0-7891-A5F9-CEC7E90A1F46\Latest\BExternal.dll
2013-09-19 09:03:29 A21DE5067618D4F2DF261416315ED120 6144 ----a-w- C:\Users\Etienne\AppData\Local\Temp\8471A2BB-BAB0-7891-A5F9-CEC7E90A1F46\Latest\IEHelper.dll
2013-09-19 09:03:29 0F66E8E2340569FB17E774DAC2010E31 520234 ----a-w- C:\Users\Etienne\AppData\Local\Temp\8471A2BB-BAB0-7891-A5F9-CEC7E90A1F46\Latest\sqlite3.dll
2013-09-19 09:02:55 6B63730B76228FCC8E9AC324A2313290 589752 ----a-w- C:\Users\Etienne\AppData\Local\Temp\is357113909\15807222_stp.EXE
2013-09-19 09:02:54 4A52F8EC82606B543B54E452C40FDFD3 4730440 ----a-w- C:\Users\Etienne\AppData\Local\Temp\is357113909\15807216_stp.EXE
2013-09-11 05:45:16 3CF41C057D007D55ED1F142F1254CE96 245624 ----a-w- C:\Users\Etienne\AppData\Local\Temp\8471A2BB-BAB0-7891-A5F9-CEC7E90A1F46\Latest\ccp.exe
====== Java Cache =====
2013-09-13 09:46:46 E8264AF9EDC45C16271261A89BE04EA9 39742 ----a-w- C:\Users\Etienne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\3b0deba3-75e09fb4
====== C:\Windows\SysWOW64 =====
2013-09-11 18:27:14 1A9E4EE88B31750E5CA207424143F99C 3968960 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-11 18:27:13 5D0325AEF9DE48330908EC2E2DB0359F 3913664 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-11 18:27:13 0184CC60AB10C8124D69AFB332C6AF1C 1292192 ----a-w- C:\Windows\SysWOW64\ntdll.dll
2013-09-11 18:27:12 73EF27E157855E3CB18B021BC9622E4C 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll
2013-09-11 18:27:12 57EC6102661E0E1D156C1EC251E7CAF8 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll
2013-09-11 18:27:12 365A5034093AD9E04F433046C4CDF6AB 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll
2013-09-11 18:27:12 1B7343C3765638D4D17CB925F84F8ABE 274944 ----a-w- C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 18:27:11 B83592F532FB320F0001F8099ECC192B 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe
2013-09-11 18:27:11 8489D083E46BFD2096A6CECFF6C7C227 2048 ----a-w- C:\Windows\SysWOW64\user.exe
2013-09-11 18:27:11 812A161FC470FA832C3F0CC3D7ACA2F9 6656 ----a-w- C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 18:27:11 3808FD7522646BEB1CCEA94C45D4228C 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe
2013-09-11 18:26:52 E02781D4871844DCD30DF1D69A650F78 12872704 ----a-w- C:\Windows\SysWOW64\shell32.dll
2013-09-11 18:26:51 2C4A87CA8C00E98EFDCFA2E8EC9A3503 180224 ----a-w- C:\Windows\SysWOW64\shdocvw.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2013-09-11 18:27:13 B22C00ED0491FD7B8803D7DDE2849F4C 424448 ----a-w- C:\Windows\Sysnative\KernelBase.dll
2013-09-11 18:27:13 63B563F1FC047AB3E21530DBBE773260 5550528 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe
2013-09-11 18:27:13 5B79D52A0388D8DEC5BF68411EA05A02 1732032 ----a-w- C:\Windows\Sysnative\ntdll.dll
2013-09-11 18:27:12 F0970A4BC8395659C22BF53D0FADF16F 112640 ----a-w- C:\Windows\Sysnative\smss.exe
2013-09-11 18:27:12 D8973E71F1B35CD3F3DEA7C12D49D0F0 1161216 ----a-w- C:\Windows\Sysnative\kernel32.dll
2013-09-11 18:27:12 BF95EA5809E3BBF55370F7CB309FEBD0 338432 ----a-w- C:\Windows\Sysnative\conhost.exe
2013-09-11 18:27:12 AA913C4E63B6F3F52E20BC9932205BCC 243712 ----a-w- C:\Windows\Sysnative\wow64.dll
2013-09-11 18:27:12 9209EA3F29DFC339A87EFD604E035FE4 362496 ----a-w- C:\Windows\Sysnative\wow64win.dll
2013-09-11 18:27:12 88EDD0B34EED542745931E581AD21A32 215040 ----a-w- C:\Windows\Sysnative\winsrv.dll
2013-09-11 18:27:12 659D71E315FB40FFE9AD46CB0588BEB1 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll
2013-09-11 18:27:12 49CEA3942A2B99A906EAFC94B853EDBD 16384 ----a-w- C:\Windows\Sysnative\ntvdm64.dll
2013-09-11 18:27:12 216BABD555BC550952320EEA89C25DDF 43520 ----a-w- C:\Windows\Sysnative\csrsrv.dll
2013-09-11 18:27:11 70A1D465390C393AA118D9764E065B06 6656 ----a-w- C:\Windows\Sysnative\apisetschema.dll
2013-09-11 18:27:06 42A88ECF903BFE11411D188DCE830E84 3155456 ----a-w- C:\Windows\Sysnative\win32k.sys
2013-09-11 18:26:53 AD662B34B161198B9D66A564EDDA7D43 14172672 ----a-w- C:\Windows\Sysnative\shell32.dll
2013-09-11 18:26:50 23B001185B7C3CB1F4BDEB143E6B45B7 197120 ----a-w- C:\Windows\Sysnative\shdocvw.dll
====== C:\Windows\Sysnative\drivers =====
2013-09-11 18:27:16 059F00DEF82BF41E433B7ED465847726 155584 ----a-w- C:\Windows\Sysnative\drivers\ataport.sys
====== C:\Windows\Tasks ======
2013-09-19 09:03:00 FE5442EB977BA7690DE8E85C976B0CD8 300 ----a-w- C:\Windows\Tasks\DigitalSite.job
2013-09-19 09:03:00 C088862BFD3E773A9C1871A78DC4DDF7 3248 ----a-w- C:\Windows\Sysnative\Tasks\DigitalSite
2013-08-28 12:11:58 FE618EB781997463E34BB064298AFACB 4178 ----a-w- C:\Windows\Sysnative\Tasks\MigrationUpdateTask
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-09-15 13:28:49 -------- d-----w- C:\Program Files\7-Zip
======= C:\Program Files (x86) =====
2013-09-19 09:03:34 -------- d-----w- C:\Program Files (x86)\Image Converter
2013-09-05 18:32:01 -------- d-----w- C:\Program Files (x86)\Common Files\Adobe AIR
2013-09-04 10:28:19 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
======= C: =====
====== C:\Users\Etienne\AppData\Roaming ======
2013-09-19 09:03:17 -------- d-----w- C:\Users\Etienne\AppData\Roaming\Babylon
2013-09-19 09:03:00 -------- d-----w- C:\Users\Etienne\AppData\Roaming\DigitalSite
2013-09-19 08:38:13 -------- d-----w- C:\Users\Etienne\AppData\Roaming\eCyber
2013-09-19 08:36:43 -------- d-----w- C:\Users\Etienne\AppData\Roaming\iSafe
2013-09-06 09:20:19 -------- d-----w- C:\Users\Etienne\AppData\Local\EA Core
2013-08-28 12:11:56 -------- d-----w- C:\Users\Etienne\AppData\Roaming\RBotPlus
2013-08-28 12:11:46 -------- d-----w- C:\Users\Etienne\AppData\Local\MigsUpdater
====== C:\Users\Etienne ======
2013-09-19 09:08:14 E756964E218462A54B79D8D2FADB2F4B 1950594 ----a-w- C:\Users\Etienne\Downloads\FRST64.exe
2013-09-19 09:03:45 -------- d-----w- C:\ProgramData\DSearchLink
2013-09-19 09:03:17 -------- d-----w- C:\ProgramData\Babylon
2013-09-19 08:36:05 7B5352BFFAEE7856A2A9182A57F9D881 633672 ----a-w- C:\Users\Etienne\Downloads\iSafedl.exe
2013-09-17 17:29:49 -------- d-----w- C:\ProgramData\BioWare
2013-09-17 16:27:34 240A94492A6CE007BC421A278BC39214 101553128 ----a-w- C:\Users\Etienne\Downloads\DragonAge1.05.exe
2013-09-16 20:29:21 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon Age II
2013-09-15 13:28:51 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

====== C: exe-files ==
2013-09-19 09:55:59 0329A45C849C9D77901094B8FFE8BBB9 118680 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe
2013-09-17 17:31:10 510A5E72E1951B35AF31BD16F65C1781 27648 ----a-w- C:\Program Files (x86)\Electronic Arts\activation\activation.exe
2013-09-16 20:29:10 AC6E354F1666446F19AA6F370417EF7E 853824 ----a-w- C:\Program Files (x86)\Common Files\EAInstaller\Dragon Age 2\Cleanup.exe
=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Browser Infrastructure Helper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Browser Infrastructure Helper"
"hkey"="HKCU"
"command"="C:\\Users\\Etienne\\AppData\\Local\\Smartbar\\Application\\SnapDo.exe startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXMediaServer]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DivXMediaServer"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\DivX\\DivX Media Server\\DivXMediaServer.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXUpdate]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DivXUpdate"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\DivX\\DivX Update\\DivXUpdate.exe\" /CHECKNOW"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DQZPqgbe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DQZPqgbe"
"hkey"="HKCU"
"command"="C:\\Users\\Etienne\\AppData\\Local\\Conduit\\KfqacGqw.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DriverBoost]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DriverBoost"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\DriverBoost\\DriverBoost\\DriverBoost.exe /applicationMode:systemTray /showWelcome:false"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DriverScanner]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DriverScanner"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Uniblue\\DriverScanner\\launcher.exe\" delay 20000 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EADM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EADM"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Origin\\Origin.exe\" -AutoStart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Guard.Mail.ru.gui]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Guard.Mail.ru.gui"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Guard-ICQ\\GuardICQ.exe\" /gui"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ICQ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICQ"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\ICQ7M\\ICQ.exe\" silent loginmode=4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Messenger (Yahoo!)]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Messenger (Yahoo!)"
"hkey"="HKCU"
"command"="\"C:\\PROGRA~2\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Overwolf]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Overwolf"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Overwolf\\Overwolf.exe -silent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PCSpeedUp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PCSpeedUp"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\PC Speed Up\\PCSUNotifier.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SDTray]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SDTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Search Protection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Search Protection"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Yahoo!\\Search Protection\\SearchProtection.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtect]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SearchProtect"
"hkey"="HKCU"
"command"="C:\\Users\\Etienne\\AppData\\Roaming\\SearchProtect\\bin\\cltmng.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtectAll]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SearchProtectAll"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\SearchProtect\\bin\\cltmng.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpeedUpMyPC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpeedUpMyPC"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Uniblue\\SpeedUpMyPC\\launcher.exe\" -d 20000 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SPIRunE]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SPIRunE"
"hkey"="HKLM"
"command"="Rundll32 SPIRunE.dll,RunDLLEntry"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StartCCC"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe\" MSRun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Steam\\Steam.exe\" -silent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""
"hkey"="HKLM"
"item"="SunJavaUpdateSched"
"key"="Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Userinit]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Userinit"
"hkey"="HKCU"
"command"="C:\\Users\\Etienne\\AppData\\Roaming\\appconf32.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YSearchProtection]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YSearchProtection"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Yahoo!\\Search Protection\\SearchProtection.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Etienne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ctfmon.lnk]
"path"="C:\\Users\\Etienne\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\ctfmon.lnk"
"backup"="C:\\Windows\\pss\\ctfmon.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\Windows\\System32\\rundll32.exe C:\\Users\\Etienne\\AppData\\Local\\Temp\\wgsdgsdgdsgsd.exe,FQ10"
"item"="ctfmon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Etienne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^vJcJIBDZ.exe]
"path"="C:\\Users\\Etienne\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\vJcJIBDZ.exe"
"backup"="C:\\Windows\\pss\\vJcJIBDZ.exe.Startup"
"backupExtension"=".Startup"
"command"="C:\\Users\\Etienne\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\vJcJIBDZ.exe"
"item"="vJcJIBDZ"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ArcService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\FDResPub]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\FontCache]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Guard.Mail.ru]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\hshld]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\HssTrayService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\HssWd]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ICQ Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\YahooAUService]

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [13.09.2013 23:14]
C:\Windows\tasks\ASO-AutoCheckUpdate7Days.job --a------ C:\Program Files (x86)\Advanced System Optimizer 3\CheckUpdate.exe []
C:\Windows\tasks\DigitalSite.job --a------ C:\Users\Etienne\AppData\Roaming\DIGITA1\UPDATE1\UPDATE1.exe []
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [20.07.2011 23:54]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [20.07.2011 23:54]
C:\Windows\tasks\RegClean Pro_DEFAULT.job --a------ [Undetermined Task]
C:\Windows\tasks\RegClean Pro_UPDATES.job --a------ C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe [16.07.2012 14:25]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Etienne\AppData\Roaming\Mozilla\Firefox\Profiles\8wf4o7tr.default
- Java String Helper - C:\Users\Etienne\AppData\Roaming\11002
- VideoDownloadConverter - %ProfilePath%\extensions\4zffxtbr@VideoDownloadConverter_4z.com
- Movies Toolbar Dist. by Koyote-Lab Inc. - %ProfilePath%\extensions\{a3a8ba13-8b56-46e6-8bc6-2746089b6cb2}
- DVDVideoSoft YouTube MP3 and Video Download - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Hotspot Shield Helper Please allow this installation - %AppDir%\extensions\afurladvisor@anchorfree.com

==== Firefox Plugins ======================

Profilepath: C:\Users\Etienne\AppData\Roaming\Mozilla\Firefox\Profiles\8wf4o7tr.default
E5AF72B7353FF8D431A7C463A4229524 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll - Shockwave Flash
D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17
09B4E13D25623D879D35286E2D29FF13 - C:\Users\Etienne\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
nmpllndkedbnmonoomepeeglghdelffo - C:\Program Files (x86)\icq\Chrome\icq-1.3.671.crx[28.12.2011 14:18]
nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[06.05.2013 10:12]

Chrome In-App Payments service - Etienne - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
en - Etienne - Default\Extensions\nmpllndkedbnmonoomepeeglghdelffo
DivX Plus Web Player HTML5 \u003Cvideo\u003E - Etienne - Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=DE&userid=f6b98525-17bf-42a7-92af-dcd9a33f66f8&searchtype=ds&q={searchTerms}&installDate=23/04/2013"
"ICQ Search"="hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd"
"Search Bar"="hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=DE&userid=f6b98525-17bf-42a7-92af-dcd9a33f66f8&searchtype=ds&q={searchTerms}&installDate=23/04/2013"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=DE&userid=f6b98525-17bf-42a7-92af-dcd9a33f66f8&searchtype=ds&q={searchTerms}&installDate=23/04/2013"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=DE&userid=f6b98525-17bf-42a7-92af-dcd9a33f66f8&searchtype=ds&q={searchTerms}&installDate=23/04/2013"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=DE&userid=f6b98525-17bf-42a7-92af-dcd9a33f66f8&searchtype=ds&q={searchTerms}&installDate=23/04/2013"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=DE&userid=f6b98525-17bf-42a7-92af-dcd9a33f66f8&searchtype=ds&q={searchTerms}&installDate=23/04/2013"
"SearchAssistant"="hxxp://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=DE&userid=f6b98525-17bf-42a7-92af-dcd9a33f66f8&searchtype=ds&q={searchTerms}&installDate=23/04/2013"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0191A6B0-1154-4C22-9182-23A95BBE92D9}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0191A6B0-1154-4C22-9182-23A95BBE92D9} Google Url="hxxp://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3144317847-3515440974-1342239808-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully
HKEY_USERS\S-1-5-21-3144317847-3515440974-1342239808-1002\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully
HKEY_USERS\S-1-5-21-3144317847-3515440974-1342239808-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully
HKEY_USERS\S-1-5-21-3144317847-3515440974-1342239808-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} deleted successfully
HKEY_USERS\S-1-5-21-3144317847-3515440974-1342239808-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\internet explorer\urlsearchhooks\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully

==== After Reboot ======================

==== Deleting Files / Folders ======================

"C:\Program Files (x86)\SearchProtect\bin\msvcr100.dll" not found
"C:\Program Files (x86)\SearchProtect" not found

==== EOF on 19.09.2013 at 12:21:39,22 ======================

smeenk · 19.09.2013, 12:22

Wir machen weiter

Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen
Starte Zoek.exe mit einem Doppelklick.
Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.

Kopiere den Text der folgenden Box in das Skriptfenster von Zoek:

Code:

ATTFilter

installedprogs;
iSafeKrnl;s
iSafeNetFilter;s
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Browser Infrastructure Helper];r64
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DQZPqgbe];r64
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DriverBoost];r64
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PCSpeedUp];r64
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DriverScanner];r64
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Search Protection];r64
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\hshld];r64
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\HssTrayService];r64
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\HssWd];r64
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ICQ Service];r64
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\YahooAUService];r64
C:\Program Files (x86)\RegClean Pro;fs
VideoDownloadConverter;firefoxlook;
C:\Windows\tasks\ASO-AutoCheckUpdate7Days.job;f
C:\Windows\tasks\RegClean Pro*;f
Movies Toolbar Dist. by Koyote-Lab Inc.;firefoxlook;
C:\Users\Etienne\AppData\Roaming\11002;f
Hotspot Shield Helper Please allow this installation;firefoxlook;
C:\Windows\pss\ctfmon.lnk.Startup;f
C:\Windows\pss\vJcJIBDZ.exe.Startup;f
rd /s /q "C:\Program Files (x86)\Yahoo~1;b
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Etienne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^vJcJIBDZ.exe];r64
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtect];r64
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpeedUpMyPC];r64
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Etienne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ctfmon.lnk];r64
C:\Program Files (x86)\Uniblue\SpeedUpMyPC;fs
C:\Users\Etienne\AppData\Roaming\SearchProtect;fs
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtectAll];r64
C:\Program Files (x86)\Uniblue\DriverScanner;fs
C:\Program Files (x86)\PC Speed Up;fs
C:\Program Files (x86)\DriverBoost;fs
C:\Users\Etienne\AppData\Local\Smartbar;fs
C:\Users\Etienne\AppData\Roaming\Optimizer Pro;fs
C:\Windows\System32\Tasks\BitGuard;fs
C:\Users\Etienne\Desktop\Optimizer Pro.lnk;f
C:\Users\Etienne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard;fs
C:\Users\Etienne\AppData\Roaming\Delta;fs
C:\Program Files (x86)\Delta;fs
C:\Users\Etienne\AppData\Local\Conduit;fs
C:\Windows\System32\Tasks\DigitalSite;fs
C:\Users\Etienne\Desktop\Search.lnk;f
C:\Windows\Tasks\DigitalSite.job;f
C:\Users\Etienne\AppData\Roaming\DigitalSite;fs
C:\Users\Etienne\AppData\Roaming\Babylon;fs
C:\Users\Etienne\AppData\Roaming\BabSolution;fs
C:\ProgramData\DSearchLink;fs
C:\ProgramData\Babylon;fs
C:\Program Files (x86)\PricePeep;fs
C:\Users\Etienne\AppData\Roaming\eCyber;fs
C:\Users\Etienne\AppData\Roaming\iSafe;fs
C:\Users\Etienne\Downloads\iSafedl.exe;f

Nun klicke auf "Run script" und sei geduldig bis das Skript durchläuft.
Wenn das Tool fertig ist wird sich Notepad mit dem Logfile öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)

Etienne69 · 19.09.2013, 12:27

ähm mein post oben war doch schon das ergebniss von zoek^^

smeenk · 19.09.2013, 12:29

Ich habe eine neue Code fuer dich erstellt

Etienne69 · 19.09.2013, 12:41

ok dann werde ich es nochmal machen danke^^

smeenk · 19.09.2013, 12:42

Gerne gemacht

Etienne69 · 19.09.2013, 12:47

:\zoek-results19.09.2013-1221.log 38175 bytes

==== Installed Programs ======================

7-Zip 9.20 (x64 edition)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4) - Deutsch
Advanced System Optimizer
Age of Conan: Unchained
Amazon MP3-Downloader 1.0.17
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD VISION Engine Control Center
Arc
Avant Browser (remove only)
Avira Free Antivirus
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Control ActiveX de Windows Live Mesh para conexiones remotas
Creative Media Toolbox 6 (Shared Components)
Creative Sound Blaster Properties x64 Edition
Crysis©3
D3DX10
DER HERR DER RINGE ONLINE: Die Minen Von Moria v02.01.03.4020
Der Herr der Ringe OnlineT: Reiter von RohanT v03.08.00.1107
Deus Ex: Human Revolution
Diablo III
DivX-Setup
Dragon Age: Origins
Dragon AgeT II
Drakensang Online
EA Installer
EA Shared Game Component: Activation
Easy CD-DA Extractor 4.6.0
Easy CD-DA Extractor Free 2010
Europa Casino
Free YouTube to MP3 Converter version 3.12.9.725
Galer¡a fotogr*fica de Windows Live
Gameforge Live 1.6.0 \"Legend\"
Google Chrome
Google Update Helper
Guard.ICQ
HiJackThis
Hotspot Shield 3.11
Hotspot Shield Toolbar
ICQ Sparberater
ICQ Toolbar
ICQ7M
Java 7 Update 11 (64-bit)
Java 7 Update 25
Java Auto Updater
Java(TM) 6 Update 29
JavaFX 2.1.1
Junk Mail filter update
Magic: The Gathering - Duels of the Planeswalkers 2013
Mass Effect
Mass EffectT
Mass EffectT 2
Mass EffectT 3
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office Klick-und-Los 2010
Microsoft Office Starter 2010 - Deutsch
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Migration System Updater RBP
Mozilla Firefox 24.0 (x86 de)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Neverwinter Nights 2
NVIDIA PhysX
Origin
Overwolf
Pando Media Booster
Realtek High Definition Audio Driver
RegClean Pro
Runes of Magic
Search Protect by conduit
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Spybot - Search & Destroy
Star Trek Online
Star Wars: The Old Republic
Steam
TeamSpeak 3 Client
The Elder Scrolls V: Skyrim
The Lord of the Rings FREE Trial
The Witcher 2
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
VC80CRTRedist - 8.0.50727.6195
VLC media player 2.0.6
Win7codecs
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Fotogalerie
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Mesh ActiveX control for remote connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo BrowserPlus 2.9.8
Yahoo Messenger
Yahoo Software Update
Yahoo Suche Schutzvorkehrung

==== Deleting Services ======================

==== Registry Fix Code x64 ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Browser Infrastructure Helper]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DQZPqgbe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DriverBoost]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PCSpeedUp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DriverScanner]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Search Protection]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\hshld]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\HssTrayService]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\HssWd]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ICQ Service]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\YahooAUService]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Etienne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^vJcJIBDZ.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtect]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpeedUpMyPC]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Etienne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ctfmon.lnk]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtectAll]

==== Batch Command(s) Run By Tool======================

==== Deleting Files \ Folders ======================

"C:\Users\Etienne\Desktop\Optimizer Pro.lnk" not found
"C:\Program Files (x86)\Uniblue\SpeedUpMyPC" not found
"C:\Program Files (x86)\Uniblue\DriverScanner" not found
"C:\Program Files (x86)\PC Speed Up" not found
"C:\Users\Etienne\AppData\Local\Smartbar" not found
"C:\Users\Etienne\AppData\Roaming\Optimizer Pro" not found
"C:\windows\SysNative\Tasks\BitGuard" not found
"C:\Users\Etienne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard" not found
"C:\Users\Etienne\AppData\Roaming\Delta" not found
"C:\Program Files (x86)\Delta" not found
"C:\Users\Etienne\AppData\Roaming\BabSolution" not found
"C:\Program Files (x86)\PricePeep" not found
"C:\Windows\tasks\ASO-AutoCheckUpdate7Days.job" deleted
"C:\Windows\tasks\RegClean Pro_DEFAULT.job" deleted
"C:\Windows\tasks\RegClean Pro_UPDATES.job" deleted
"C:\Windows\pss\ctfmon.lnk.Startup" deleted
"C:\Windows\pss\vJcJIBDZ.exe.Startup" deleted
"C:\Users\Etienne\Desktop\Search.lnk" deleted
"C:\Windows\Tasks\DigitalSite.job" deleted
"C:\Users\Etienne\Downloads\iSafedl.exe" deleted
"C:\windows\SysNative\Tasks\DigitalSite" deleted
"C:\Users\Etienne\AppData\Roaming\11002\chrome.manifest" deleted
"C:\Users\Etienne\AppData\Roaming\11002\install.rdf" deleted
"C:\Users\Etienne\AppData\Roaming\11002\components\AcroFF.txt" deleted
"C:\Users\Etienne\AppData\Roaming\11002" deleted
"C:\Users\Etienne\AppData\Roaming\11002\components" deleted
"C:\Program Files (x86)\RegClean Pro" deleted
"C:\Users\Etienne\AppData\Roaming\SearchProtect" deleted
"C:\Program Files (x86)\DriverBoost" deleted
"C:\Users\Etienne\AppData\Local\Conduit" deleted
"C:\Users\Etienne\AppData\Roaming\DigitalSite" deleted
"C:\Users\Etienne\AppData\Roaming\Babylon" deleted
"C:\ProgramData\DSearchLink" deleted
"C:\ProgramData\Babylon" deleted
"C:\Users\Etienne\AppData\Roaming\eCyber" deleted
"C:\Users\Etienne\AppData\Roaming\iSafe" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\Etienne\AppData\Roaming\Mozilla\Firefox\Profiles\8wf4o7tr.default
- Undetermined - C:\Users\Etienne\AppData\Roaming\11002
- VideoDownloadConverter - %ProfilePath%\extensions\4zffxtbr@VideoDownloadConverter_4z.com
- Movies Toolbar Dist. by Koyote-Lab Inc. - %ProfilePath%\extensions\{a3a8ba13-8b56-46e6-8bc6-2746089b6cb2}
- DVDVideoSoft YouTube MP3 and Video Download - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Hotspot Shield Helper Please allow this installation - %AppDir%\extensions\afurladvisor@anchorfree.com

==== Firefox Plugins ======================

Profilepath: C:\Users\Etienne\AppData\Roaming\Mozilla\Firefox\Profiles\8wf4o7tr.default
E5AF72B7353FF8D431A7C463A4229524 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll - Shockwave Flash
D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17
09B4E13D25623D879D35286E2D29FF13 - C:\Users\Etienne\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System

==== Deleting Files \ Folders ======================

"C:\Users\Etienne\AppData\Roaming\Mozilla\Firefox\Profiles\8wf4o7tr.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com" deleted
"C:\Users\Etienne\AppData\Roaming\Mozilla\Firefox\Profiles\8wf4o7tr.default\extensions\{a3a8ba13-8b56-46e6-8bc6-2746089b6cb2}" deleted
"C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com" deleted

==== EOF on 19.09.2013 at 13:46:02,92 ======================

smeenk · 19.09.2013, 12:54

War ziemlich viel drin

Aber jetzt sieht es schon besser aus

Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen
Starte Zoek.exe mit einem Doppelklick.
Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und könnte andere Computer beschädigen.

Kopiere den Text der folgenden Box in das Skriptfenster von Zoek:

Code:

ATTFilter

Advanced System Optimizer;u
Hotspot Shield 3.11;u
Hotspot Shield Toolbar;u
autoclean;
ICQ Toolbar;u
RegClean Pro;u
Search Protect by conduit;u

Nun klicke auf "Run script" und sei geduldig bis das Skript durchläuft.
Wenn das Tool fertig ist wird sich Notepad mit dem Logfile öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Etienne69 · 19.09.2013, 13:35

der AdwCleaner machte mir gleich 3 texte welchen willst du den haben ich habe
AdwCleaner[R0].txt dann R1 und noch S0?

hier aber noch der Zoek

==== Older Logs ======================

C:\zoek-results19.09.2013-1221.log 38175 bytes
C:\zoek-results19.09.2013-1346.log 13654 bytes
C:\zoek-results19.09.2013-1406.log 16499 bytes

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

ProfilePath: C:\Users\Etienne\AppData\Roaming\Mozilla\Firefox\Profiles\8wf4o7tr.default

user.js not found
---- Lines yahoo removed from prefs.js ----

---- Lines yahoo modified from prefs.js ----

---- FireFox user.js and prefs.js backups ----

user__1209_.backup
user__1401_.backup
prefs__1209_.backup
prefs__1401_.backup
prefs__1422_.backup

==== Deleting Files \ Folders ======================

"C:\Users\Etienne\AppData\Roaming\Mozilla\Firefox\Profiles\8wf4o7tr.default\Yahoo Inc" not found

==== Firefox Extensions ======================

ProfilePath: C:\Users\Etienne\AppData\Roaming\Mozilla\Firefox\Profiles\8wf4o7tr.default
- DVDVideoSoft YouTube MP3 and Video Download - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Etienne\AppData\Roaming\Mozilla\Firefox\Profiles\8wf4o7tr.default
E5AF72B7353FF8D431A7C463A4229524 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll - Shockwave Flash
D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17
09B4E13D25623D879D35286E2D29FF13 - C:\Users\Etienne\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
nmpllndkedbnmonoomepeeglghdelffo - C:\Program Files (x86)\icq\Chrome\icq-1.3.671.crx[28.12.2011 14:18]
nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[06.05.2013 10:12]

Chrome In-App Payments service - Etienne - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{defaultscope REG_SZ } Unknown Url="Not_Found"
{HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes} Unknown Url="Not_Found"
{defaultscope REG_SZ } Unknown Url="Not_Found"
{0191A6B0-1154-4C22-9182-23A95BBE92D9} Google Url="hxxp://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Etienne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Etienne\AppData\Local\Mozilla\Firefox\Profiles\8wf4o7tr.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Etienne\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Etienne\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 19.09.2013 at 14:27:02,40 ======================

Ps...kann es sein das mir das Programm den Flashplayer etwas verwirrt hat einige dinge laufen nun langsamer als vorher?

Vielen dank aber für das helfen

smeenk · 19.09.2013, 13:38

Poste mir den S0 von Adwcleaner

Etienne69 · 19.09.2013, 13:44

***** [ Dateien / Ordner ] *****

[x] Nicht Gelöscht : C:\ProgramData\Hotspot Shield
[x] Nicht Gelöscht : C:\Windows\SysWOW64\Hotspot Shield
[x] Nicht Gelöscht : C:\Users\Etienne\AppData\LocalLow\Hotspot_Shield
[x] Nicht Gelöscht : C:\Users\Etienne\AppData\LocalLow\Hotspot_Shield
[x] Nicht Gelöscht : C:\Users\Etienne\AppData\Roaming\Hotspot Shield
Datei Gelöscht : C:\Users\Etienne\AppData\Roaming\speedanalysis.ico
Datei Gelöscht : C:\Users\Etienne\Desktop\SpeedAnalysis.lnk
Datei Gelöscht : C:\Users\Etienne\AppData\Roaming\Mozilla\Firefox\Profiles\8wf4o7tr.default\user.js
Datei Gelöscht : C:\Users\Etienne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
Datei Gelöscht : C:\Users\Etienne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage

***** [ Verknüpfungen ] *****

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\PricePeep.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DEALPL~1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DEALPL~1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DVDVideoSoftTBToolbarHelper_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DVDVideoSoftTBToolbarHelper_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\5e6dedcb33fed15
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT1561552
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_avira-antivir_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_avira-antivir_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0BDD649D-1E81-4587-9A43-76B038610247}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AD099EE-FF9B-4448-B725-FD3C26830403}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}]
Schlüssel Gelöscht : HKCU\Software\APN DTX
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr
[#] Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\Headlight
Schlüssel Gelöscht : HKCU\Software\Hotspot_Shield
Schlüssel Gelöscht : HKCU\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\SearchProtect
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Hotspot_Shield
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\Hotspot_Shield
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\SearchProtect
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Uniblue\DriverScanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16537

-\\ Mozilla Firefox v24.0 (de)

[ Datei : C:\Users\Etienne\AppData\Roaming\Mozilla\Firefox\Profiles\8wf4o7tr.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", "");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2013091912");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "^HJ^xpi000^YYA^");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", false);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", false);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", false);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", false);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", false);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.weather.location", "10001");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark.lastInstalled", "videodownloadconverter@mindspark.com");

-\\ Google Chrome v29.0.1547.66

[ Datei : C:\Users\Etienne\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [21508 octets] - [19/09/2013 13:59:55]
AdwCleaner[R1].txt - [16702 octets] - [19/09/2013 14:18:54]
AdwCleaner[S0].txt - [14855 octets] - [19/09/2013 14:20:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14916 octets] ##########

Meine Frage ist was ist mit meinen Flashplayer da er nun so lahm ist hat das mit dem suchen zutun^^

smeenk · 19.09.2013, 14:02

Kannst du Flash Player erneut installieren, vielleicht ist er beschädigt worden?

Mach auch mal folgendes:

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Etienne69 · 19.09.2013, 14:32

So TFC auch durch und nun müsste mein Prob vielleicht behoben sein^^? Zumindest ist einiges an platz wieder da sehe ich gerade^^

19.09.2013, 12:29	#6
smeenk /// Malwareteam / Visitor	DirtyDecrypt.exe ! Wie entfernen? Ich habe eine neue Code fuer dich erstellt

19.09.2013, 12:42	#8
smeenk /// Malwareteam / Visitor	DirtyDecrypt.exe ! Wie entfernen? Gerne gemacht

19.09.2013, 13:38	#12
smeenk /// Malwareteam / Visitor	DirtyDecrypt.exe ! Wie entfernen? Poste mir den S0 von Adwcleaner

DirtyDecrypt.exe ! Wie entfernen?

Plagegeister aller Art und deren Bekämpfung: DirtyDecrypt.exe ! Wie entfernen?