Certified-toolbar -Search Startseite Problem

Deathpirat · 07.02.2013, 17:36

Hallo,

Mein Problem ist, dass die Startseite in Firefox und EI, search.certified-toolbar.com?si=41460&shortcut=true&tid=2937 bleibt
ich glaube ich habe fast alles versucht um dieses Problem zu lösen, jedoch ohne Erfolg

was ich bis jetzt gemacht habe,

diese Programme gelöscht

Updater
Spyhunter
complitly
Hotspotshild

Ccleaner dürchgeführt , Firefox und IE auf dem anfangszustand gebracht, aber immer noch ohne Erfolg

ich hoffe, ich finde hier eine Lösung
Auf dem PC habe ich ein anders Datum als gewöhllich , ein arabisches Datum
Vielen Dank

HijackTHis

Code:

ATTFilter

Scan saved at 12:41:11 ص, on 04/02/13
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\VIA_XHCI\usb3Monitor.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\CaptureWiz\Pro\CaptureWiz.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\No-IP\DUC30.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlug in_11_5_502_146.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlug in_11_5_502_146.exe
C:\Users\Gigabyte\Downloads\Programs\HijackThis.ex e

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 119.187.148.34:8000
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \IE\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [Module Loader] C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe -StartUpRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - Startup: CaptureWiz.lnk = C:\Program Files (x86)\CaptureWiz\Pro\CaptureWiz.exe
O4 - Startup: No-IP DUC.lnk = C:\Program Files (x86)\No-IP\DUC30.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {2d8ee268-8d7a-4996-b80b-8999ce8c7fe2} - C:\Users\Gigabyte\AppData\Roaming\DownTangoFTToolb ar\DownTangoFTToolbar.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {625CA666-935A-EC18-CCEC-CCE04C544730} (Voice Helper Object) - hxxp://chatvoice.voicef.net/talkoknew.cab
O16 - DPF: {625CA666-935A-EC18-CCEC-CCE04C544777} (Sower Helper Object) - hxxp://serv3.7lavoice.net/tiktik.cab
O16 - DPF: {7253A666-804A-1108-A3DC-00E04C504788} (BMChat Control) - hxxp://5.10.68.82:1990/inc/bmchat.cab
O16 - DPF: {8855A666-683F-4D45-B6F1-549188BB79C1} (BMCVoice Control) - hxxp://floodserver19.ksavoice1.com/bmc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C6D67F2-E8BF-4709-BA39-238CCC9BF4A5}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208 .67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,15 6.154.71.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3C6D67F2-E8BF-4709-BA39-238CCC9BF4A5}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208 .67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,15 6.154.71.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3C6D67F2-E8BF-4709-BA39-238CCC9BF4A5}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208 .67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,15 6.154.71.1
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acunetix WVS Scheduler v8 (AcuWVSSchedulerv8) - Unknown owner - C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 8\WVSScheduler.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Hotspot Shield Service (hshld) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Unknown owner - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14892 bytes

ComboFix

Code:

ATTFilter

ComboFix 13-02-06.01 - Gigabyte 02/07/2013   4:49.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1256.966.1025.18.8154.6100 [GMT 3:00]
Running from: c:\users\Gigabyte\Downloads\Programs\ComboFix_2.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Gigabyte\AppData\Roaming\system32
c:\windows\system\VI30AUT.DLL
c:\windows\SysWow64\ftx32.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\tmp7F28.tmp
c:\windows\SysWow64\tmp7F29.tmp
c:\windows\SysWow64\wpcap.dll
D:\install.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
-------\Service_vcs
.
.
(((((((((((((((((((((((((   Files Created from 2013-01-07 to 2013-02-07  )))))))))))))))))))))))))))))))
.
.
2013-02-07 01:56 . 2013-02-07 01:56	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-02-06 02:51 . 2013-02-06 02:51	--------	d-----w-	c:\users\Gigabyte\AppData\Roaming\TuneUp Software
2013-02-06 02:47 . 2013-02-06 03:21	--------	d-----w-	c:\programdata\MFAData
2013-02-06 02:47 . 2013-02-06 03:19	--------	d-----w-	c:\users\Gigabyte\AppData\Local\Avg2013
2013-02-06 02:47 . 2013-02-06 02:47	--------	d--h--w-	c:\programdata\Common Files
2013-02-06 02:47 . 2013-02-06 02:47	--------	d-----w-	c:\users\Gigabyte\AppData\Local\MFAData
2013-02-06 01:42 . 2013-02-06 01:41	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-02 13:14 . 2013-02-02 13:14	--------	d-----w-	c:\users\Gigabyte\AppData\Roaming\Subversion
2013-02-02 12:55 . 2013-02-02 12:55	--------	d-----w-	c:\users\Gigabyte\AppData\Local\Embarcadero
2013-02-02 12:55 . 2013-02-02 12:55	--------	d-----w-	c:\users\Gigabyte\AppData\Roaming\DevJET
2013-02-02 12:53 . 2013-02-02 12:53	--------	d-----w-	c:\users\Gigabyte\AppData\Local\Raize
2013-02-02 09:58 . 2013-02-02 09:58	--------	d-----w-	c:\users\Gigabyte\AppData\Local\Apple Computer
2013-02-02 09:58 . 2013-02-02 10:38	--------	d-----w-	c:\users\Gigabyte\AppData\Roaming\Apple Computer
2013-02-02 09:58 . 2013-02-04 11:47	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-02-02 09:58 . 2013-02-02 09:58	--------	d-----w-	c:\programdata\Apple Computer
2013-02-02 09:58 . 2013-02-02 09:58	--------	d-----w-	c:\users\Gigabyte\AppData\Local\Apple
2013-02-02 09:57 . 2013-02-02 09:58	--------	d-----w-	c:\programdata\Apple
2013-02-02 09:51 . 2013-02-02 13:02	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-02 09:51 . 2012-12-14 13:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-02-01 21:24 . 2013-02-01 21:24	110080	----a-r-	c:\users\Gigabyte\AppData\Roaming\Microsoft\Installer\{46B04D53-4E34-4388-B6EE-80FAB66AEF9B}\IconF7A21AF7.exe
2013-02-01 21:24 . 2013-02-01 21:24	110080	----a-r-	c:\users\Gigabyte\AppData\Roaming\Microsoft\Installer\{46B04D53-4E34-4388-B6EE-80FAB66AEF9B}\IconD7F16134.exe
2013-02-01 21:24 . 2013-02-01 21:24	110080	----a-r-	c:\users\Gigabyte\AppData\Roaming\Microsoft\Installer\{46B04D53-4E34-4388-B6EE-80FAB66AEF9B}\IconCF33A0CE.exe
2013-02-01 21:24 . 2013-02-01 21:24	--------	d-----w-	c:\program files (x86)\Enigma Software Group
2013-02-01 21:23 . 2013-02-07 01:14	--------	d-----w-	c:\windows\46B04D534E344388B6EE80FAB66AEF9B.TMP
2013-02-01 20:49 . 2013-02-01 21:21	--------	d-----w-	c:\windows\CD6329998BB745B5918E011545F6BB1D.TMP
2013-02-01 20:45 . 2013-02-01 20:45	--------	d-----w-	c:\users\Gigabyte\AppData\Roaming\FinalBuilder7
2013-02-01 20:41 . 2013-02-01 20:41	--------	d-----w-	c:\programdata\SUPERSetup
2013-02-01 20:25 . 2011-08-28 02:00	506880	----a-w-	c:\windows\SysWow64\CodeSiteExpressPkg160.bpl
2013-02-01 20:25 . 2013-02-01 20:25	--------	d-----w-	c:\programdata\Raize
2013-02-01 20:25 . 2010-11-03 13:55	2457088	----a-w-	c:\windows\SysWow64\vcl150.bpl
2013-02-01 20:25 . 2011-08-28 02:00	36352	----a-w-	c:\windows\SysWow64\CodeSitePlugIns150.bpl
2013-02-01 20:25 . 2010-11-03 13:55	2150400	----a-w-	c:\windows\SysWow64\rtl150.bpl
2013-02-01 20:25 . 2013-02-01 20:25	--------	d-----w-	c:\program files (x86)\Raize
2013-02-01 20:22 . 2013-02-01 20:22	--------	d-----w-	c:\programdata\VSoft
2013-02-01 20:22 . 2013-02-02 13:16	--------	d-----w-	c:\program files (x86)\FinalBuilder 7 XE2
2013-02-01 20:22 . 2013-02-01 20:22	--------	d-----w-	c:\program files (x86)\Common Files\VSoft
2013-02-01 19:49 . 2013-02-01 19:59	--------	dc-h--w-	c:\programdata\{EDA307AA-B5A4-4524-B840-2914497A9C3C}
2013-02-01 19:48 . 2011-08-15 06:10	1312768	----a-w-	c:\windows\SysWow64\Rave100VCL160.bpl
2013-02-01 19:48 . 2013-02-01 19:48	--------	d-----w-	c:\program files (x86)\CollabNet
2013-02-01 19:48 . 2013-02-01 19:48	--------	d-----w-	c:\program files (x86)\DevJet
2013-02-01 19:48 . 2013-02-01 19:48	--------	d-----w-	c:\program files (x86)\FastReports
2013-02-01 19:42 . 2013-02-04 10:17	--------	d-----w-	c:\programdata\Embarcadero
2013-02-01 19:42 . 2013-02-02 12:55	--------	d-----w-	c:\users\Gigabyte\AppData\Roaming\Embarcadero
2013-02-01 19:42 . 2013-02-01 19:42	--------	d-----w-	c:\program files (x86)\Common Files\CodeGear Shared
2013-02-01 19:42 . 2013-02-01 19:42	--------	d-----w-	c:\program files (x86)\Common Files\Borland Shared
2013-02-01 19:42 . 2013-02-01 19:42	--------	d-----w-	c:\program files (x86)\Embarcadero
2013-02-01 19:30 . 2013-02-01 20:45	--------	d-----w-	c:\users\Gigabyte\AppData\Roaming\Anvisoft
2013-02-01 19:30 . 2013-02-01 19:30	--------	d-----w-	c:\programdata\Anvisoft
2013-02-01 19:30 . 2013-02-01 19:30	--------	d-----w-	c:\program files (x86)\Anvisoft
2013-02-01 18:55 . 2013-02-01 20:21	--------	d--h--w-	c:\programdata\{46A13B26-D605-4DC3-8770-D0F4A0C3565D}
2013-02-01 18:54 . 2013-02-01 18:54	--------	d-----w-	c:\users\Gigabyte\AppData\Local\PackageAware
2013-02-01 17:41 . 2013-02-01 17:41	--------	d-----w-	c:\program files (x86)\Uniblue
2013-01-31 02:07 . 2013-01-31 02:07	--------	d-----w-	c:\program files (x86)\NTCore
2013-01-31 01:54 . 2013-01-31 01:54	--------	d-----w-	c:\programdata\IsolatedStorage
2013-01-29 05:20 . 2013-02-01 08:05	--------	d-----w-	c:\users\Gigabyte\AppData\Local\Remove Toolbar Buddy
2013-01-29 05:20 . 2011-09-08 16:08	587768	----a-w-	c:\windows\SysWow64\Codejock.SkinFramework.Unicode.v15.1.3.0908.ocx
2013-01-29 05:20 . 2011-09-08 16:08	509944	----a-w-	c:\windows\SysWow64\Codejock.ShortcutBar.Unicode.v15.1.3.0908.ocx
2013-01-29 05:20 . 2011-09-08 16:08	1140728	----a-w-	c:\windows\SysWow64\Codejock.PropertyGrid.Unicode.v15.1.3.0908.ocx
2013-01-29 05:20 . 2011-09-08 16:08	833528	----a-w-	c:\windows\SysWow64\Codejock.DockingPane.Unicode.v15.1.3.0908.ocx
2013-01-29 05:20 . 2011-09-08 16:08	1906680	----a-w-	c:\windows\SysWow64\Codejock.Controls.Unicode.v15.1.3.0908.ocx
2013-01-29 05:20 . 2013-01-29 05:20	--------	d-----w-	c:\program files (x86)\Scorpio Software
2013-01-29 05:20 . 2011-09-08 16:07	2717688	----a-w-	c:\windows\SysWow64\Codejock.CommandBars.Unicode.v15.1.3.0908.ocx
2013-01-29 04:55 . 2013-01-29 04:55	--------	d-----w-	c:\programdata\Adguard
2013-01-29 04:54 . 2013-01-29 05:01	--------	d-----w-	c:\program files (x86)\Adguard
2013-01-27 14:47 . 2013-01-27 15:20	--------	d-----w-	C:\Perl
2013-01-27 09:31 . 2013-01-27 09:31	--------	d-----w-	c:\program files (x86)\Acunetix
2013-01-27 09:31 . 2013-01-27 09:31	--------	d-----w-	c:\programdata\Acunetix WVS 8
2013-01-27 08:59 . 2013-01-27 08:59	--------	d-----w-	c:\users\Gigabyte\AppData\Roaming\URSoft
2013-01-27 08:59 . 2013-01-27 08:59	--------	d-----w-	c:\program files (x86)\Your Uninstaller! 7
2013-01-26 12:48 . 2013-01-27 07:49	--------	d-----w-	c:\users\Gigabyte\.zenmap
2013-01-26 12:47 . 2013-01-26 12:47	--------	d-----w-	c:\program files\WinPcap
2013-01-26 12:46 . 2013-01-26 12:47	--------	d-----w-	c:\program files (x86)\Nmap
2013-01-20 06:16 . 2013-01-20 06:16	42184	----a-w-	c:\windows\system32\drivers\taphss6.sys
2013-01-20 06:07 . 2013-01-20 06:07	42696	----a-w-	c:\windows\system32\drivers\hssdrv6.sys
2013-01-19 12:39 . 2013-01-19 12:39	--------	dc----w-	c:\users\Gigabyte\AppData\Local\MigWiz
2013-01-15 22:39 . 2013-01-15 22:39	--------	d-----w-	c:\program files\ComPlus Applications
2013-01-15 06:19 . 2013-01-15 06:19	--------	d-----w-	c:\program files (x86)\VideoDownloadConverter_4zEI
2013-01-15 06:08 . 2013-01-15 07:40	--------	d-----w-	c:\program files (x86)\Twitter Hacker Pro
2013-01-15 04:03 . 2013-01-15 04:03	--------	d-----w-	c:\program files (x86)\Web Publish
2013-01-15 04:02 . 2013-01-15 04:02	--------	d-----w-	c:\windows\msapps
2013-01-15 01:09 . 2013-01-15 01:09	--------	d-----w-	c:\program files\BreakPoint Software
2013-01-14 23:39 . 2013-01-14 23:39	--------	d-----w-	c:\program files\Enigma Software Group
2013-01-14 23:39 . 2013-02-01 20:50	--------	d-----w-	c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2013-01-14 23:39 . 2013-02-01 21:23	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2013-01-14 23:09 . 2012-02-23 11:24	24408	----a-w-	c:\windows\system32\RegistryDefragBootTime.exe
2013-01-13 20:45 . 2013-01-13 20:45	--------	d-----w-	c:\users\Gigabyte\AppData\Local\Vitalwerks
2013-01-13 20:45 . 2013-01-15 00:24	--------	d-----w-	c:\program files (x86)\No-IP
2013-01-13 18:01 . 2009-07-22 08:17	78872	----a-w-	c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2013-01-13 18:01 . 2009-07-22 08:17	50200	----a-w-	c:\windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2013-01-13 18:01 . 2009-07-22 08:17	79896	----a-w-	c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2013-01-13 18:01 . 2009-07-22 08:17	111640	----a-w-	c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2013-01-13 18:00 . 2013-01-13 18:00	--------	d-----w-	c:\windows\system32\RsFx
2013-01-13 18:00 . 2013-01-13 18:00	--------	d-----w-	c:\program files\Microsoft Visual Studio 9.0
2013-01-13 17:59 . 2013-01-13 17:59	--------	d-----w-	c:\program files\Microsoft.NET
2013-01-13 17:57 . 2013-01-13 17:57	--------	d-----w-	c:\program files\Microsoft Sync Framework
2013-01-13 17:57 . 2013-01-13 17:57	--------	d-----w-	c:\program files\Microsoft Synchronization Services
2013-01-13 17:57 . 2013-01-13 17:57	--------	d-----w-	c:\program files (x86)\Microsoft Synchronization Services
2013-01-13 17:57 . 2013-01-13 17:57	--------	d-----w-	c:\programdata\PreEmptive Solutions
2013-01-13 17:54 . 2013-01-13 18:02	2371296	----a-w-	c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2013-01-13 17:51 . 2013-01-13 17:57	--------	d-----w-	c:\program files (x86)\Microsoft Visual Studio 10.0
2013-01-13 17:51 . 2013-01-13 17:53	--------	d-----w-	c:\program files (x86)\Microsoft F#
2013-01-13 17:51 . 2013-01-13 17:52	--------	d-----w-	c:\program files (x86)\Common Files\Merge Modules
2013-01-13 17:51 . 2013-01-13 17:52	--------	d-----w-	c:\program files (x86)\HTML Help Workshop
2013-01-13 17:49 . 2013-01-13 17:49	--------	d-----w-	c:\program files (x86)\Microsoft Visual Studio 9.0
2013-01-13 17:49 . 2013-01-13 17:49	--------	d-----w-	c:\windows\symbols
2013-01-13 17:49 . 2013-01-13 17:49	--------	d-----w-	c:\program files\Microsoft Visual Studio 10.0
2013-01-13 17:49 . 2013-01-13 17:49	--------	d-----w-	c:\program files\Microsoft Help Viewer
2013-01-12 19:54 . 2013-01-12 19:54	--------	d-----w-	c:\program files (x86)\DownTangoFTToolbar
2013-01-12 19:54 . 2013-01-12 19:54	--------	d-----w-	c:\users\Gigabyte\AppData\Roaming\DownTangoFTToolbar
2013-01-12 19:54 . 2013-01-03 04:18	15360	----a-w-	c:\windows\Launcher.exe
2013-01-12 19:53 . 2013-01-12 19:53	--------	d-----w-	c:\users\Gigabyte\AppData\Local\DownTango
2013-01-12 19:53 . 2013-01-12 19:57	--------	d-----w-	c:\program files (x86)\Red Sky
2013-01-11 11:47 . 2013-02-06 01:41	861088	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2013-01-11 11:47 . 2013-02-06 01:41	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-01-11 11:46 . 2013-01-11 11:46	--------	d-----w-	c:\programdata\McAfee
2013-01-10 14:47 . 2008-06-24 10:45	1414440	----a-w-	c:\windows\SysWow64\ShellManager310E2D762.dll
2013-01-10 13:36 . 2013-01-10 13:36	--------	d-----w-	c:\programdata\IObit
2013-01-10 13:36 . 2013-01-11 11:53	--------	d-----w-	c:\users\Gigabyte\AppData\Roaming\IObit
2013-01-10 13:36 . 2013-02-02 13:13	--------	d-----w-	c:\program files (x86)\IObit
2013-01-10 13:34 . 2013-01-10 13:34	--------	d-----w-	c:\programdata\BlueSprig
2013-01-10 13:34 . 2013-01-10 13:34	--------	d-----w-	c:\program files (x86)\BlueSprig
2013-01-10 13:20 . 2013-01-10 13:20	--------	d-----w-	c:\users\Gigabyte\AppData\Local\Programs
2013-01-10 13:15 . 2013-01-10 13:15	--------	d-----w-	c:\users\Gigabyte\AppData\Roaming\Malwarebytes
2013-01-10 13:15 . 2013-01-10 13:15	--------	d-----w-	c:\programdata\Malwarebytes
2013-01-09 12:09 . 2013-01-09 12:09	--------	d-----w-	c:\users\Gigabyte\AppData\Roaming\Composer
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-02 09:42 . 2012-07-14 22:01	30528	----a-w-	c:\windows\GVTDrv64.sys
2013-02-02 09:42 . 2012-07-14 22:01	25640	----a-w-	c:\windows\gdrv.sys
2013-01-09 12:26 . 2012-07-14 17:19	74248	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 12:26 . 2012-07-14 17:19	697864	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-11 13:53 . 2012-11-16 20:44	99912	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-12-11 13:53 . 2012-11-16 20:44	129216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-12-09 20:34 . 2012-12-09 20:34	419840	----a-w-	c:\windows\system32\wrap_oal.dll
2012-12-09 20:34 . 2012-12-09 20:34	413696	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2012-12-09 20:34 . 2012-12-09 20:34	133632	----a-w-	c:\windows\system32\OpenAL32.dll
2012-12-09 20:34 . 2012-12-09 20:34	110592	----a-w-	c:\windows\SysWow64\OpenAL32.dll
2012-11-29 19:20 . 2012-11-29 19:20	106000	----a-w-	c:\windows\system32\Packet.dll
2012-11-29 19:20 . 2012-11-29 19:20	369168	----a-w-	c:\windows\system32\wpcap.dll
2012-11-29 19:20 . 2012-11-29 19:20	35344	----a-w-	c:\windows\system32\drivers\npf.sys
2012-11-16 18:55 . 2012-11-16 18:55	2549120	----a-w-	c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-02-20 3425688]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-12-08 969104]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-01-12 5028464]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-27 291608]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-01 90448]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-10-29 1573584]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe" [2008-11-24 237693]
"Module Loader"="c:\program files (x86)\Creative\Shared Files\Module Loader\DLLML.exe" [2007-07-23 57344]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Gigabyte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CaptureWiz.lnk - c:\program files (x86)\CaptureWiz\Pro\CaptureWiz.exe [2012-11-9 3074688]
No-IP DUC.lnk - c:\program files (x86)\No-IP\DUC30.exe [2010-6-19 1423520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-12-09 79360]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 esgiguard;esgiguard; [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-08-13 25640]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2013-02-02 30528]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
R3 MSICDSetup;MSICDSetup;E:\CDriver64.sys [x]
R3 Pcouffin64;Low level access layer for CD devices;c:\windows\system32\Drivers\pcouffin64a.sys [2012-07-14 82048]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2010-01-07 448512]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2013-01-20 42184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;ÎÏãÉ Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-20 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 iusb3hcs;ÈÑäÇãÌ ÊÔÛíá ÊÍæíá ÌåÇÒ ÊÍßã ãÖíÝ Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-27 16152]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-11-02 21616]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-04-03 224048]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-04-03 130864]
S2 AcuWVSSchedulerv8;Acunetix WVS Scheduler v8;c:\program files (x86)\Acunetix\Web Vulnerability Scanner 8\WVSScheduler.exe [2011-11-16 914568]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-11 85280]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-07-06 145008]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-01-31 3289208]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-20 378984]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-10-23 2848168]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-16 363800]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2012-01-10 27760]
S3 iusb3hub;ÈÑäÇãÌ ÊÔÛíá áæÍÉ æÕá Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-27 356120]
S3 iusb3xhc;ÈÑäÇãÌ ÊÔÛíá ÌåÇÒ ÊÍßã ãÖíÝ Intel(R) USB 3.0 ÇáÞÇÈá ááãÏ;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-27 787736]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2009-08-05 1134208]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-08-11 104560]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-01-07 448512]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-04-03 147248]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-04-03 166192]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-01-10 2184816]
S3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys [2012-01-20 205312]
S3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys [2012-01-20 254464]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 12:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50	22408	----a-w-	c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VIAxHCUtl"="c:\via_xhci\usb3Monitor.exe" [2011-07-12 331776]
"Creative SB Monitoring Utility"="sbavmon.dll" [2008-12-01 103424]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\system32\blank.htm
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyServer = 119.187.148.34:8000
uInternet Settings,ProxyOverride = <local>
IE: ÊÍãíá Çáßá ÈæÇÓØÉ Internet Download Manager - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: ÊÍãíá ÈæÇÓØÉ Internet Download Manager - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: {{2d8ee268-8d7a-4996-b80b-8999ce8c7fe2} - {e327b07a-0e11-4fd4-bef2-b2c5605b59c6} -
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3C6D67F2-E8BF-4709-BA39-238CCC9BF4A5}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
DPF: {625CA666-935A-EC18-CCEC-CCE04C544730} - hxxp://chatvoice.voicef.net/talkoknew.cab
DPF: {625CA666-935A-EC18-CCEC-CCE04C544777} - hxxp://serv3.7lavoice.net/tiktik.cab
DPF: {7253A666-804A-1108-A3DC-00E04C504788} - hxxp://5.10.68.82:1990/inc/bmchat.cab
DPF: {8855A666-683F-4D45-B6F1-549188BB79C1} - hxxp://floodserver19.ksavoice1.com/bmc.cab
FF - ProfilePath - c:\users\Gigabyte\AppData\Roaming\Mozilla\Firefox\Profiles\s1f60sr8.default-1360201126740\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - ExtSQL: 2013-02-07 04:31; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-02-07  05:02:39 - machine was rebooted
ComboFix-quarantined-files.txt  2013-02-07 02:02
.
Pre-Run: 401,418,940,416 bytes free
Post-Run: 400,809,275,392 bytes free
.
- - End Of File - - A352C792CF6BBB53FDF540532D070AF5

Getsysteminfo

Malwarebytes

Code:

ATTFilter

 Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.04.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Gigabyte :: GIGABYTE-PC [Administrator]

23/03/34 05:43:48 م
mbam-log-2013-02-04 (17-43-48).txt


Art des Suchlaufs: Vollständiger Suchlauf 
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 220571
Laufzeit:  2 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

M-K-D-B · 07.02.2013, 18:01

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Warum hast du ComboFix ausführt?
Warum hast du die Datei von ComboFix in ComboFix 2.exe umbenannt?
Wieso hast du ComboFix nicht vom Desktop ausgeführt?
Gibt es neben der Startseite und der Uhrzeit noch andere Probleme?

Schritt 1
Ich sehe, dass du sogenannte Peer to Peer oder Filesharing Programme verwendest.

In deinem Fall uTorrent.

Diese Programme erlauben es dir, Daten mit anderen Usern auszutauschen.

Leider ist auch p2p oder Filesharing nicht ausgenommen, infizierte Dateien zu verteilen und das ist auch ein Grund warum sich Malware so schnell verbreitet.
Es ist also möglich, dass du dir eine infizierte Datei herunter ladest. Du kannst niemals wissen, woher diese stammen. Daher sollte diese Art von Software mit äußerster Vorsicht benutzt werden.

Ein ebenfalls wichtiger Punkt ist, dass das Verbreiten von Media und Entertainment Dateien in den meisten Ländern der Welt gegen Copyright Rechte verstößt.
Natürlich gibt es auch einen legalen Weg zur Nutzung dieses Service. Zum Beispiel zum Downloaden von Linux oder Open Office.
Denoch würde ich dich ersuchen, diese Art von Software nicht weiterhin zu verwenden.
Bitte gehe zu
Start --> Systemsteuerung --> Software / Programme deinstallieren
und deinstalliere die oben genannte Software.

Bitte sag bescheid wenn Du eines der gelisteten Programme nicht finden kannst.

Schritt 2
Ich sehe, dass du sog. Registry Cleaner auf dem System hast.
In deinem Fall CCleaner.

Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner.

Der Grund ist ganz einfach:

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.

Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.

Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.

Ich empfehle dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten.
Am Ende empfehle ich dir ein anderes Tool, mit dem du deine temporären Dateien entfernen kannst.

Schritt 3
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).

Starte bitte die OTL.exe.
Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Standard Ausgabe.
Setze einen Haken bei Scanne alle Benutzer.
Unter Extra Registry, wähle bitte Use SafeList.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
drivers32
safebootminimal
safebootnetwork
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

Schließe bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Scan Button.
Am Ende des Suchlaufs werden 2 Logdateien erstellt.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Schritt 4
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.

Starte das Tool mit Doppelklick.
Klicke nun auf den Disable Button, um die Treiber gewisser Emulatoren zu deaktivieren.
Defogger wird dich fragen "Defogger will forcefully terminate and disable all CD Emulator related drivers and processes... Continue?" bestätige diese Sicherheitsabfrage mit Ja.
Wenn der Scan beendet wurde (Finished), klicke auf OK.
Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.txt. Poste deren Inhalt mit deiner nächsten Antwort.

Klicke den Re-enable Button nicht ohne Anweisung!

Schritt 5
Bitte

alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren,
keine bestehende Verbindung zu einem Netzwerk/Internet (WLAN nicht vergessen),
nichts am Rechner arbeiten,
nach jedem Scan der Rechner neu gestarten.

Gmer scannen lassen

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
Vista und Win7 User mit Rechtsklick und als Administrator starten.
Sollte sich ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?
Unbedingt auf "No" klicken.
Entferne rechts den Haken bei:
- IAT/EAT
- Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
- Show all (sollte abgehackt sein)
Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt[/B] auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Bitte poste mit deiner nächsten Antwort

die beiden Logdateien von OTL,
die Logdatei von DeFogger,
die Logdatei von GMER,
die Beantwortung der gestellten Fragen.

Deathpirat · 08.02.2013, 07:10

Hallo Matthias,

schön dich kennenzulernen

Ich danke dir für alle deine Bemühungen um das Problem zu lösen

Zu den Fragen :

ComboFIx wurde installiert, nachdem ich in einem englishen Forum das gleiche Problem gefunden hatte, und die gleiche Lösung verwendete ( In diesem Fall ComboFIx)

warum nicht vom Desktop,

Da ich Internet Download Manager verwende, kommt immer am Downloadsende ein Fenster, an dem habe ich auf einfach öffen geklickt

Wegen der Umbennenung des Dateisnamens,

Dies wurde wegen des zweiten Downloads der gleichen Datei automatisch umbenennt

Wegen des Datums möchte ich nochmal hinweisen (vielleicht habe ich mich vorher nicht klar ausgedrückt, Sorry dafür ), dass das kein Problem ist, sondern
ein Language Pack (arabisch), mit diesem wird das Datum automatisch geändert

Ein Problem gibt es aber noch, und zwar beim Öffnen ein der Editor-Dateien kommt eine Meldung mit (der Dateiname, Verzeichnisname oder Datenträgerbezeichnung ist falsch )

Und beim Klicken auf ok, öffnet es sich normal .

M-K-D-B · 08.02.2013, 17:31

Servus,

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.

Bitte lade Junkware Removal Tool auf Deinen Desktop.

Starte das Tool mit Doppelklick. Vista und 7 Nutzer bitte mit Rechtsklick "als Administrator ausführen" starten.
Das Tool wird sich öffnen und mit dem Scan beginnen.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 3
Downloade dir bitte Shortcut Cleaner (by Grinler) auf deinen Desktop.

Starte die sc-cleaner.exe mit einem Doppelclick.
Bestätige die Meldung Shortcut Cleaner Finished am Ende des Suchlaufs mit Ok.
Eine Logdatei wird sich öffnen (sc-cleaner.txt).
Poste den Inhalt mit deiner nächsten Antwort.

Schritt 4
Starte bitte OTL.exe und drücke den Quick Scan Button.
Poste die OTL.txt hier in deinen Thread.

Gibt es immer noch Probleme mit der "Certified toolbar" ?
Wie sieht es mit den anderen Problemen aus?

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von JRT,
die Logdatei von Shortcut Cleaner,
die Logdatei von OTL,
die Beantwortung der gestellten Fragen.

Deathpirat · 09.02.2013, 00:51

Guten Morgen Matthias,

Bevor ich mich bei dir danke, möchte ich sagen, dass du für mich ein wahres Genie bist

So jetzt möchte ich dir danken, für das was du für mich und jedem Mitglied hier machst

VIELEN VIELEN DANK.

Zu den Fragen,

Nein es gibt keine Probleme mehr...gar keine

Code:

ATTFilter

# AdwCleaner v2.111 - Logfile created 02/08/2013 at 22:45:45
# Updated 05/02/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Gigabyte - GIGABYTE-PC
# Boot Mode : Normal
# Running from : C:\Users\Gigabyte\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Disinfected : C:\Users\Gigabyte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\COWON Media Center - jetAudio.lnk
File Disinfected : C:\Users\Gigabyte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
File Disinfected : C:\Users\Gigabyte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
File Disinfected : C:\Users\Gigabyte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk
File Disinfected : C:\Users\Gigabyte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
File Disinfected : C:\Users\Gigabyte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk
File Disinfected : C:\Users\Gigabyte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk
File Disinfected : C:\Users\Gigabyte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Notepad.lnk
File Disinfected : C:\Users\Gigabyte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Windows Live Messenger.lnk
File Disinfected : C:\Users\Gigabyte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk
File Disinfected : C:\Users\Gigabyte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk
File Disinfected : C:\Users\Gigabyte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
File Disinfected : C:\Users\Gigabyte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
File Disinfected : C:\Users\Gigabyte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
File Disinfected : C:\Users\Gigabyte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
File Disinfected : C:\Users\Gigabyte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\yourfiledownloader
Folder Deleted : C:\Users\Gigabyte\AppData\Local\APN
Folder Deleted : C:\Users\Gigabyte\AppData\Local\DownTango
Folder Deleted : C:\Users\Gigabyte\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Gigabyte\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Gigabyte\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Gigabyte\AppData\Roaming\yourfiledownloader

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\a6d98bb46ae949
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitUninstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitUninstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8DA8B89E-0C65-403B-8231-AB22ECFA0687}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A928E66C-F501-4E66-9953-855C712F93B2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0E28FA0-DF07-44B6-95CE-48BE26DB9266}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E6B4EE8F-C38E-4994-BE28-229A3F92262C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCA8936E-403A-4487-A966-70F80F1D5A6A}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzuzytDtB0BtAyEtAzy0C0D0B0CtD0FyDzztN0D0Tzu0CtAtBtBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=216242523 --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.2 (ar)

File : C:\Users\Gigabyte\AppData\Roaming\Mozilla\Firefox\Profiles\s1f60sr8.default-1360201126740\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [7782 octets] - [08/02/2013 22:45:45]

########## EOF - C:\AdwCleaner[S1].txt - [7842 octets] ##########

JRT

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.2 (02.02.2013:2)
OS: Windows 7 Ultimate x64
Ran by Gigabyte on Fri 02/08/2013 at 22:53:24.02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-791585145-808087832-2425370471-1000\software\microsoft\internet explorer\main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{0055c089-8582-441b-a0bf-17b458c2a3a8}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{0055c089-8582-441b-a0bf-17b458c2a3a8}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Gigabyte\appdata\locallow\simplytech"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 02/08/2013 at 22:56:55.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SC-cleaner

Code:

ATTFilter

Shortcut Cleaner 1.2.0 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/

Program started at: 02/08/2013 11:12:26 PM.

Searching C:\Users\Gigabyte\AppData\Roaming\Microsoft\Windows\Start Menu\

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

Searching C:\Users\Gigabyte\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Users\Public\Desktop\

Searching C:\Users\Gigabyte\Desktop\


0 bad shortcuts found.

Program finished at: 02/08/2013 11:12:26 PM
Execution time: 0 hours(s), 0 minute(s), and 0 seconds(s)

OLT

Code:

ATTFilter

OTL logfile created on: 08/02/13 11:21:13 م - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Gigabyte\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000401 | Country: المملكة العربية السعودية | Language: ARA | Date Format: dd/MM/yy
 
7.96 Gb Total Physical Memory | 6.33 Gb Available Physical Memory | 79.51% Memory free
15.92 Gb Paging File | 14.07 Gb Available in Paging File | 88.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 488.18 Gb Total Space | 369.83 Gb Free Space | 75.76% Space Free | Partition Type: NTFS
Drive D: | 443.23 Gb Total Space | 430.61 Gb Free Space | 97.15% Space Free | Partition Type: NTFS
 
Computer Name: GIGABYTE-PC | User Name: Gigabyte | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/02/08 23:15:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gigabyte\Desktop\OTL.exe
PRC - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/12/11 16:53:11 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/12/11 16:52:17 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/12/11 16:52:15 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/10/23 12:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2012/02/20 10:49:22 | 003,425,688 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2012/01/27 12:40:44 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011/12/16 12:30:40 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/12/16 12:30:38 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011/12/16 11:02:56 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/11/29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/11/16 10:27:50 | 000,914,568 | ---- | M] () -- C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 8\WVSScheduler.exe
PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/07/12 11:14:26 | 000,331,776 | R--- | M] (VIA Technologies, Inc.) -- C:\VIA_XHCI\usb3Monitor.exe
PRC - [2011/01/20 18:51:12 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/02/20 20:08:54 | 003,074,688 | ---- | M] (PixelMetrics) -- C:\Program Files (x86)\CaptureWiz\Pro\CaptureWiz.exe
PRC - [2007/07/23 15:43:42 | 000,057,344 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe
PRC - [2007/02/01 11:13:06 | 000,094,208 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/11/16 21:37:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\940e8adf99f3b59f8f8c754891f493f3\System.Runtime.Remoting.ni.dll
MOD - [2012/07/21 22:59:38 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\e37c10e5ff2c13af865624ce59bde296\IAStorUtil.ni.dll
MOD - [2012/07/21 22:52:55 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0627a65d240944ade2509ccd8be9232\System.Windows.Forms.ni.dll
MOD - [2012/07/21 22:52:51 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e736f827abbbdd8cf700a35090b2001\System.Drawing.ni.dll
MOD - [2012/07/15 00:39:44 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ca11c3c4c5560bf7aafa094599128200\IAStorCommon.ni.dll
MOD - [2010/11/21 20:39:49 | 000,352,256 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_ar_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/21 20:39:45 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_ar_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010/11/21 06:48:30 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll
MOD - [2010/11/21 06:48:25 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
MOD - [2010/11/21 06:48:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
MOD - [2010/11/21 06:48:21 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
MOD - [2010/11/21 06:48:14 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
MOD - [2008/12/04 11:57:02 | 000,146,432 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2008/09/17 14:05:30 | 000,072,704 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012/01/10 17:09:50 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2011/12/08 16:38:24 | 000,607,456 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2010/04/06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009/07/14 04:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 04:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/02/08 14:25:44 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/11 16:53:11 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/12/11 16:52:17 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/12/09 23:34:20 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012/10/23 12:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/12/16 12:30:40 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/12/16 12:30:38 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/12/16 11:02:56 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/11/16 10:27:50 | 000,914,568 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 8\WVSScheduler.exe -- (AcuWVSSchedulerv8)
SRV - [2011/08/30 15:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2011/01/20 18:51:12 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009/06/11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [1998/06/06 00:00:00 | 000,034,036 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe -- (Visual Studio Analyzer RPC bridge)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/01/20 09:16:48 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/11 16:53:23 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/12/11 16:53:23 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/09/24 08:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/07/14 20:27:38 | 000,082,048 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin64a.sys -- (Pcouffin64)
DRV:64bit: - [2012/04/06 21:15:10 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012/04/03 14:19:10 | 000,147,248 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012/03/01 09:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/27 12:39:33 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/01/27 12:39:33 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/01/27 12:39:33 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/01/20 07:39:16 | 000,205,312 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ViaHub3.sys -- (VUSB3HUB)
DRV:64bit: - [2012/01/20 07:39:04 | 000,254,464 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xhcdrv.sys -- (xhcdrv)
DRV:64bit: - [2012/01/10 17:09:44 | 002,184,816 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2011/11/29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/11/10 01:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/11/02 10:48:26 | 000,021,616 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2011/08/12 01:54:16 | 000,104,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/08/09 08:42:36 | 000,315,696 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx)
DRV:64bit: - [2011/07/25 17:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/07/20 13:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011/07/06 18:14:42 | 000,145,008 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2011/01/15 19:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/17 01:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/21 06:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/21 06:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 06:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/21 06:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/21 06:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 06:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/21 06:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/21 06:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 06:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/21 06:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/12 02:10:50 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/01/07 11:20:22 | 000,448,512 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8187.sys -- (RTLWUSB)
DRV:64bit: - [2010/01/07 11:20:22 | 000,448,512 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8187.sys -- (RTL8187)
DRV:64bit: - [2009/08/05 12:56:03 | 001,134,208 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ksaud.sys -- (ksaud)
DRV:64bit: - [2009/07/14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 03:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/02/02 12:42:53 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2013/02/02 12:42:42 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012/08/13 07:14:53 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2009/07/14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004/04/01 16:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pfc.sys -- (pfc)
DRV - [1998/05/07 00:00:00 | 000,000,111 | ---- | M] () [Adapter | On_Demand | Unknown] -- C:\Windows\SysWow64\WINSOCK.SRG -- (Winsock)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-791585145-808087832-2425370471-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-791585145-808087832-2425370471-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ar-sa
IE - HKU\S-1-5-21-791585145-808087832-2425370471-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/
IE - HKU\S-1-5-21-791585145-808087832-2425370471-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-791585145-808087832-2425370471-1000\..\SearchScopes\{5200A0EB-9D9F-45D9-A9F4-63DD79721038}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-791585145-808087832-2425370471-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-791585145-808087832-2425370471-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-791585145-808087832-2425370471-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 119.187.148.34:8000
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: client%40anonymox.net:1.0.1
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.7.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.VideoDownloadConverter_4z.com/Plugin: C:\Program Files (x86)\VideoDownloadConverter_4zEI\Installr\1.bin\NP4zEISB.dll (VideoDownloadConverter)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922:  File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/14 20:26:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/06 04:53:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Gigabyte\AppData\Roaming\IDM\idmmzcc5 [2012/07/14 20:33:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Gigabyte\AppData\Roaming\IDM\idmmzcc5 [2012/07/14 20:33:45 | 000,000,000 | ---D | M]
 
[2012/07/14 20:23:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gigabyte\AppData\Roaming\mozilla\Extensions
[2013/02/08 21:08:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gigabyte\AppData\Roaming\mozilla\Firefox\Profiles\s1f60sr8.default-1360201126740\extensions
[2013/02/08 20:21:48 | 000,363,736 | ---- | M] () (No name found) -- C:\Users\Gigabyte\AppData\Roaming\mozilla\firefox\profiles\s1f60sr8.default-1360201126740\extensions\client@anonymox.net.xpi
[2013/02/08 20:23:33 | 000,242,136 | ---- | M] () (No name found) -- C:\Users\Gigabyte\AppData\Roaming\mozilla\firefox\profiles\s1f60sr8.default-1360201126740\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/02/07 04:18:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013/02/07 03:59:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/02/06 04:53:45 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/11/11 02:45:43 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/11/22 16:07:10 | 000,001,455 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-ar.xml
 
O1 HOSTS File: ([2013/02/07 04:56:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Creative SB Monitoring Utility] C:\Windows\SysNative\SBAVMon.dll (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [VIAxHCUtl] C:\VIA_XHCI\usb3Monitor.exe (VIA Technologies, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Module Loader] C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-791585145-808087832-2425370471-1000..\Run: [Advanced SystemCare 5] C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-791585145-808087832-2425370471-1000..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - Startup: C:\Users\Gigabyte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CaptureWiz.lnk = C:\Program Files (x86)\CaptureWiz\Pro\CaptureWiz.exe (PixelMetrics)
O4 - Startup: C:\Users\Gigabyte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\No-IP DUC.lnk = C:\Program Files (x86)\No-IP\DUC30.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-791585145-808087832-2425370471-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-791585145-808087832-2425370471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-791585145-808087832-2425370471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {625CA666-935A-EC18-CCEC-CCE04C544730} hxxp://chatvoice.voicef.net/talkoknew.cab (Voice Helper Object)
O16 - DPF: {625CA666-935A-EC18-CCEC-CCE04C544777} hxxp://serv3.7lavoice.net/tiktik.cab (Sower Helper Object)
O16 - DPF: {7253A666-804A-1108-A3DC-00E04C504788} hxxp://5.10.68.82:1990/inc/bmchat.cab (BMChat Control)
O16 - DPF: {8855A666-683F-4D45-B6F1-549188BB79C1} hxxp://floodserver19.ksavoice1.com/bmc.cab (BMCVoice Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C6D67F2-E8BF-4709-BA39-238CCC9BF4A5}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC4772D5-40A5-4EE0-AEF1-29680D3CB99C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFE8C1CA-F50A-45D6-ADC5-99CAAAB36463}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB335BC9-9075-428B-96FA-AC02CE9258A6}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD8C1164-8402-422E-B231-BF5E4F7F6B4A}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\gopher - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/01/15 02:40:01 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1} - .NET Framework
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1} - .NET Framework
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - مجلدات ويب
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9793EDE2-499E-4A14-8220-523691D8F91B} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk - C:\PROGRA~2\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE - (Adobe Systems, Inc.)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^سرعة تشغيل Adobe Reader.lnk - C:\PROGRA~2\Adobe\ACROBA~1.0\Reader\READER~1.EXE - (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: googletalk - hkey= - key= - Reg Error: Value error. File not found
MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: IDMan - hkey= - key= - C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
MsConfig:64bit - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - Reg Error: Value error. File not found
MsConfig:64bit - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig:64bit - StartUpReg: NBKeyScan - hkey= - key= - Reg Error: Value error. File not found
MsConfig:64bit - StartUpReg: PlusService - hkey= - key= - C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
MsConfig:64bit - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig:64bit - StartUpReg: uTorrent - hkey= - key= -  File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.divxa32 - C:\Windows\SysWow64\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\Windows\SysWow64\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.MP42 - C:\Windows\SysWow64\MPG4c32.dll (Microsoft Corporation)
Drivers32: vidc.MP43 - C:\Windows\SysWow64\MPG4c32.dll (Microsoft Corporation)
Drivers32: vidc.MPG4 - C:\Windows\SysWow64\MPG4c32.dll (Microsoft Corporation)
Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/02/08 23:15:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gigabyte\Desktop\OTL.exe
[2013/02/08 23:11:47 | 000,384,928 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Gigabyte\Desktop\sc-cleaner_3.exe
[2013/02/08 22:53:22 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/02/08 22:53:07 | 000,000,000 | ---D | C] -- C:\JRT
[2013/02/08 22:51:20 | 000,547,275 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Gigabyte\Desktop\JRT.exe
[2013/02/08 18:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry Theme Studio 6.0
[2013/02/07 05:02:40 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/02/07 04:58:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/02/07 04:47:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/02/07 04:47:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/02/07 04:47:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/02/07 04:47:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/07 04:46:46 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/02/07 04:38:50 | 000,000,000 | ---D | C] -- C:\Users\Gigabyte\Desktop\بيانات Firefox القديمة
[2013/02/07 04:25:46 | 000,000,000 | ---D | C] -- C:\Users\Gigabyte\Desktop\باكك اب
[2013/02/06 05:51:01 | 000,000,000 | ---D | C] -- C:\Users\Gigabyte\AppData\Roaming\TuneUp Software
[2013/02/06 05:47:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/02/06 05:47:01 | 000,000,000 | ---D | C] -- C:\Users\Gigabyte\AppData\Local\MFAData
[2013/02/06 05:47:01 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/02/06 05:47:01 | 000,000,000 | ---D | C] -- C:\Users\Gigabyte\AppData\Local\Avg2013
[2013/02/02 17:54:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013/02/02 17:54:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013/02/02 16:14:33 | 000,000,000 | ---D | C] -- C:\Users\Gigabyte\AppData\Roaming\Subversion
[2013/02/02 15:55:37 | 000,000,000 | ---D | C] -- C:\Users\Gigabyte\AppData\Local\Embarcadero
[2013/02/02 15:55:36 | 000,000,000 | ---D | C] -- C:\Users\Gigabyte\AppData\Roaming\DevJET
[2013/02/02 15:53:11 | 000,000,000 | ---D | C] -- C:\Users\Gigabyte\AppData\Local\Raize
[2013/02/02 15:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 5
[2013/02/02 12:58:55 | 000,000,000 | ---D | C] -- C:\Users\Gigabyte\AppData\Local\Apple Computer
[2013/02/02 12:58:54 | 000,000,000 | ---D | C] -- C:\Users\Gigabyte\AppData\Roaming\Apple Computer
[2013/02/02 12:58:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/02/02 12:58:32 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/02/02 12:58:09 | 000,000,000 | ---D | C] -- C:\Users\Gigabyte\AppData\Local\Apple
[2013/02/02 12:57:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013/02/02 12:51:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/02 12:51:46 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/02/02 12:51:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/02/02 12:51:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBoost
[2013/02/02 00:24:02 | 000,000,000 | ---D | C] -- C:\Users\Gigabyte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013/02/02 00:24:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enigma Software Group
[2013/02/01 23:45:27 | 000,000,000 | ---D | C] -- C:\Users\Gigabyte\AppData\Roaming\FinalBuilder7
[2013/02/01 23:41:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2013/02/01 23:25:11 | 000,000,000 | ---D | C] -- C:\Users\Gigabyte\Documents\RAD Studio
[2013/02/01 23:25:10 | 000,506,880 | ---- | C] (Raize Software, Inc.) -- C:\Windows\SysWow64\CodeSiteExpressPkg160.bpl
[2013/02/01 23:25:09 | 002,457,088 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\vcl150.bpl
[2013/02/01 23:25:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Raize
[2013/02/01 23:25:08 | 002,150,400 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\rtl150.bpl
[2013/02/01 23:25:08 | 000,036,352 | ---- | C] (Raize Software, Inc.) -- C:\Windows\SysWow64\CodeSitePlugIns150.bpl
[2013/02/01 23:25:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Raize
[2013/02/01 23:25:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeSite 5.0
[2013/02/01 23:22:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalBuilder 7 Embarcadero XE2 Edition
[2013/02/01 23:22:07 | 000,000,000 | ---D | C] -- C:\ProgramData\VSoft
[2013/02/01 23:22:07 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\FinalBuilder 7 Projects
[2013/02/01 23:22:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VSoft
[2013/02/01 23:22:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FinalBuilder 7 XE2
[2013/02/01 22:49:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\{EDA307AA-B5A4-4524-B840-2914497A9C3C}
[2013/02/01 22:48:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rave Reports 10.0 BE
[2013/02/01 22:48:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CollabNet Subversion Client
[2013/02/01 22:48:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CollabNet
[2013/02/01 22:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DevJET Documentation Insight Express
[2013/02/01 22:48:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DevJet
[2013/02/01 22:48:36 | 000,000,000 | ---D | C] -- C:\Users\Gigabyte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FastReports
[2013/02/01 22:48:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FastReports
[2013/02/01 22:46:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\{35EE5E86-AC52-4478-8471-0F555B0FB415}
[2013/02/01 22:42:25 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Embarcadero RAD Studio XE2
[2013/02/01 22:42:25 | 000,000,000 | ---D | C] -- C:\Users\Gigabyte\AppData\Roaming\Embarcadero
[2013/02/01 22:42:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Embarcadero
[2013/02/01 22:42:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\CodeGear Shared
[2013/02/01 22:42:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Borland Shared
[2013/02/01 22:42:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Embarcadero
[2013/02/01 22:33:44 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\RAD Studio
[2013/02/01 22:30:32 | 000,000,000 | ---D | C] -- C:\Users\Gigabyte\AppData\Roaming\Anvisoft
[2013/02/01 22:30:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft
[2013/02/01 22:30:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft
[2013/02/01 21:55:17 | 000,000,000 | -H-D | C] -- C:\ProgramData\{46A13B26-D605-4DC3-8770-D0F4A0C3565D}
[2013/02/01 21:54:56 | 000,000,000 | ---D | C] -- C:\Users\Gigabyte\AppData\Local\PackageAware
[2013/02/01 20:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2013/01/31 05:07:07 | 000,000,000 | ---D | C] -- C:\Users\Gigabyte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Phoenix Protector
[2013/01/31 05:07:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NTCore
[2013/01/31 04:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[2013/01/29 08:20:32 | 000,000,000 | ---D | C] -- C:\Users\Gigabyte\AppData\Local\Remove Toolbar Buddy
[2013/01/29 08:20:15 | 001,906,680 | ---- | C] (Codejock Software) -- C:\Windows\SysWow64\Codejock.Controls.Unicode.v15.1.3.0908.ocx
[2013/01/29 08:20:15 | 001,140,728 | ---- | C] (Codejock Software) -- C:\Windows\SysWow64\Codejock.PropertyGrid.Unicode.v15.1.3.0908.ocx
[2013/01/29 08:20:15 | 000,587,768 | ---- | C] (Codejock Software) -- C:\Windows\SysWow64\Codejock.SkinFramework.Unicode.v15.1.3.0908.ocx
[2013/01/29 08:20:15 | 000,509,944 | ---- | C] (Codejock Software) -- C:\Windows\SysWow64\Codejock.ShortcutBar.Unicode.v15.1.3.0908.ocx
[2013/01/29 08:20:14 | 002,717,688 | ---- | C] (Codejock Software) -- C:\Windows\SysWow64\Codejock.CommandBars.Unicode.v15.1.3.0908.ocx
[2013/01/29 08:20:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Scorpio Software
[2013/01/29 07:55:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Adguard
[2013/01/29 07:54:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adguard
[2013/01/29 02:57:57 | 000,000,000 | ---D | C] -- C:\Users\Gigabyte\Documents\Webcasts
[2013/01/27 17:47:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActivePerl 5.14.2 Build 1402
[2013/01/27 17:47:47 | 000,000,000 | ---D | C] -- C:\Perl
[2013/01/27 12:31:59 | 000,000,000 | ---D | C] -- C:\Users\Gigabyte\Documents\Acunetix WVS 8
[2013/01/27 12:31:48 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Acunetix WVS 8
[2013/01/27 12:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acunetix Web Vulnerability Scanner 8
[2013/01/27 12:31:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acunetix
[2013/01/27 12:31:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Acunetix WVS 8
[2013/01/27 11:59:43 | 000,000,000 | ---D | C] -- C:\Users\Gigabyte\AppData\Roaming\URSoft
[2013/01/27 11:59:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller! 7
[2013/01/27 11:59:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Your Uninstaller! 7
[2013/01/26 15:48:01 | 000,000,000 | ---D | C] -- C:\Users\Gigabyte\.zenmap
[2013/01/26 15:47:54 | 000,000,000 | ---D | C] -- C:\Users\Gigabyte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nmap
[2013/01/26 15:47:06 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2013/01/26 15:46:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nmap
[2013/01/26 15:26:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/01/20 09:16:48 | 000,042,184 | ---- | C] (Anchorfree Inc.) -- C:\Windows\SysNative\drivers\taphss6.sys
[2013/01/20 09:07:06 | 000,042,696 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2013/01/20 01:43:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/01/19 15:39:09 | 000,000,000 | ---D | C] -- C:\Users\Gigabyte\AppData\Local\MigWiz
[2013/01/16 01:39:03 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2013/01/15 09:19:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoDownloadConverter_4zEI
[2013/01/15 09:08:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Twitter Hacker Pro
[2013/01/15 07:03:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 6.0
[2013/01/15 07:03:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Web Publish
[2013/01/15 07:03:01 | 000,000,000 | ---D | C] -- C:\Users\Gigabyte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Web Publishing
[2013/01/15 07:02:18 | 000,000,000 | ---D | C] -- C:\Windows\msapps
[2013/01/15 07:02:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2013/01/15 06:58:28 | 000,000,000 | ---D | C] -- C:\Windows\Java
[2013/01/15 04:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hex Workshop v6
[2013/01/15 04:09:08 | 000,000,000 | ---D | C] -- C:\Program Files\BreakPoint Software
[2013/01/15 02:39:52 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/01/15 02:39:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/01/15 02:09:55 | 000,024,408 | ---- | C] (IObit) -- C:\Windows\SysNative\RegistryDefragBootTime.exe
[2013/01/13 23:45:26 | 000,000,000 | ---D | C] -- C:\Users\Gigabyte\AppData\Local\Vitalwerks
[2013/01/13 23:45:15 | 000,000,000 | ---D | C] -- C:\Users\Gigabyte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC
[2013/01/13 23:45:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\No-IP
[2013/01/13 21:00:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\RsFx
[2013/01/13 21:00:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2013/01/13 20:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013/01/13 20:59:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
[2013/01/13 20:57:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Sync Framework
[2013/01/13 20:57:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2013/01/13 20:57:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2013/01/13 20:57:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2013/01/13 20:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\PreEmptive Solutions
[2013/01/13 20:54:51 | 000,000,000 | ---D | C] -- C:\Users\Gigabyte\Documents\Visual Studio 2008
[2013/01/13 20:54:31 | 000,000,000 | ---D | C] -- C:\Users\Gigabyte\Documents\Visual Studio 2010
[2013/01/13 20:51:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010
[2013/01/13 20:51:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0
[2013/01/13 20:51:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft F#
[2013/01/13 20:51:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules
[2013/01/13 20:51:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTML Help Workshop
[2013/01/13 20:49:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
[2013/01/13 20:49:10 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2013/01/13 20:49:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2013/01/13 20:49:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2013/01/12 22:54:00 | 000,000,000 | ---D | C] -- C:\Users\Gigabyte\AppData\Roaming\DownTangoFTToolbar
[2013/01/12 22:54:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DownTangoFTToolbar
[2013/01/12 22:53:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Sky
[2013/01/11 14:46:57 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/01/10 21:16:15 | 000,000,000 | ---D | C] -- C:\Users\Gigabyte\Desktop\فديو وصوت
[2013/01/10 18:50:34 | 000,000,000 | ---D | C] -- C:\Users\Gigabyte\Documents\FFOutput
[2013/01/10 16:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013/01/10 16:36:28 | 000,000,000 | ---D | C] -- C:\Users\Gigabyte\AppData\Roaming\IObit
[2013/01/10 16:36:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013/01/10 16:34:06 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueSprig
[2013/01/10 16:34:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlueSprig
[2013/01/10 16:20:04 | 000,000,000 | ---D | C] -- C:\Users\Gigabyte\AppData\Local\Programs
[2013/01/10 16:15:25 | 000,000,000 | ---D | C] -- C:\Users\Gigabyte\AppData\Roaming\Malwarebytes
[2013/01/10 16:15:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/10 11:40:20 | 000,000,000 | ---D | C] -- C:\Users\Gigabyte\Desktop\صور منوعة
[2013/01/10 10:15:11 | 000,000,000 | ---D | C] -- C:\Users\Gigabyte\Desktop\فوتوشوبيآت
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/08 23:15:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gigabyte\Desktop\OTL.exe
[2013/02/08 23:11:49 | 000,384,928 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Gigabyte\Desktop\sc-cleaner_3.exe
[2013/02/08 22:55:56 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/08 22:55:56 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/08 22:51:24 | 000,547,275 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Gigabyte\Desktop\JRT.exe
[2013/02/08 22:47:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/08 22:46:55 | 2117,672,959 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/08 22:40:37 | 000,877,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/08 21:09:36 | 000,582,209 | ---- | M] () -- C:\Users\Gigabyte\Desktop\adwcleaner.exe
[2013/02/08 20:31:56 | 002,425,650 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/08 20:31:56 | 000,746,432 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2013/02/08 20:31:56 | 000,718,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/08 20:31:56 | 000,543,098 | ---- | M] () -- C:\Windows\SysNative\perfh001.dat
[2013/02/08 20:31:56 | 000,153,722 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2013/02/08 20:31:56 | 000,145,772 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/08 20:31:56 | 000,118,458 | ---- | M] () -- C:\Windows\SysNative\perfc001.dat
[2013/02/08 20:25:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/07 04:56:37 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/02/06 10:22:53 | 013,489,752 | ---- | M] () -- C:\Users\Gigabyte\Desktop\Free_Monthly_Websites.rar
[2013/02/06 09:48:54 | 000,043,237 | ---- | M] () -- C:\Users\Gigabyte\Desktop\pass_Team.MDx.rar
[2013/02/04 14:57:41 | 000,003,309 | ---- | M] () -- C:\Users\Gigabyte\Documents\Rave100.ini
[2013/02/04 14:36:44 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/02/02 18:08:09 | 000,000,636 | ---- | M] () -- C:\Windows\ODBC.INI
[2013/02/02 12:42:53 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2013/02/02 12:42:53 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\GVTunner.ref
[2013/01/29 07:55:10 | 000,000,212 | ---- | M] () -- C:\Users\Gigabyte\AppData\Roaming\fontcacheev1.dat
[2013/01/27 12:31:58 | 000,000,722 | ---- | M] () -- C:\Windows\WVS_InstDBLogFile.csv
[2013/01/27 10:49:38 | 000,000,218 | ---- | M] () -- C:\Users\Gigabyte\AppData\Local\recently-used.xbel
[2013/01/26 15:26:37 | 000,002,521 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/01/20 09:16:48 | 000,042,184 | ---- | M] (Anchorfree Inc.) -- C:\Windows\SysNative\drivers\taphss6.sys
[2013/01/20 09:07:06 | 000,042,696 | ---- | M] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2013/01/15 07:03:24 | 000,000,126 | ---- | M] () -- C:\Windows\mdm.ini
[2013/01/15 07:03:22 | 000,000,535 | ---- | M] () -- C:\Windows\ODBCINST.INI
[2013/01/15 02:40:01 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/01/14 23:40:03 | 000,000,961 | ---- | M] () -- C:\Users\Gigabyte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\No-IP DUC.lnk
[2013/01/10 20:40:17 | 000,004,608 | ---- | M] () -- C:\Users\Gigabyte\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/10 17:46:46 | 000,001,024 | ---- | M] () -- C:\Users\Gigabyte\.rnd
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/02/08 21:09:34 | 000,582,209 | ---- | C] () -- C:\Users\Gigabyte\Desktop\adwcleaner.exe
[2013/02/07 04:47:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/07 04:47:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/07 04:47:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/07 04:47:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/07 04:47:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/02/06 10:22:15 | 013,489,752 | ---- | C] () -- C:\Users\Gigabyte\Desktop\Free_Monthly_Websites.rar
[2013/02/06 09:48:54 | 000,043,237 | ---- | C] () -- C:\Users\Gigabyte\Desktop\pass_Team.MDx.rar
[2013/02/02 12:55:08 | 000,003,309 | ---- | C] () -- C:\Users\Gigabyte\Documents\Rave100.ini
[2013/02/02 12:42:53 | 000,000,004 | ---- | C] () -- C:\Windows\SysWow64\GVTunner.ref
[2013/02/01 22:48:49 | 001,312,768 | ---- | C] () -- C:\Windows\SysWow64\Rave100VCL160.bpl
[2013/01/29 07:55:10 | 000,000,212 | ---- | C] () -- C:\Users\Gigabyte\AppData\Roaming\fontcacheev1.dat
[2013/01/27 12:31:38 | 000,000,722 | ---- | C] () -- C:\Windows\WVS_InstDBLogFile.csv
[2013/01/27 10:49:38 | 000,000,218 | ---- | C] () -- C:\Users\Gigabyte\AppData\Local\recently-used.xbel
[2013/01/15 07:03:24 | 000,000,126 | ---- | C] () -- C:\Windows\mdm.ini
[2013/01/15 07:03:21 | 000,000,535 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2013/01/15 06:58:29 | 000,007,356 | ---- | C] () -- C:\Windows\SysWow64\javasup.vxd
[2013/01/15 06:58:29 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat
[2013/01/15 06:58:27 | 000,000,113 | ---- | C] () -- C:\Windows\SysWow64\zonedon.reg
[2013/01/15 06:58:27 | 000,000,113 | ---- | C] () -- C:\Windows\SysWow64\zonedoff.reg
[2013/01/15 02:40:01 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/01/13 23:47:09 | 000,000,961 | ---- | C] () -- C:\Users\Gigabyte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\No-IP DUC.lnk
[2013/01/12 22:54:00 | 000,015,360 | ---- | C] () -- C:\Windows\Launcher.exe
[2013/01/10 17:47:02 | 000,773,120 | ---- | C] () -- C:\Windows\SysWow64\NEROINSTAEC43759.DB
[2013/01/10 17:46:45 | 000,001,024 | ---- | C] () -- C:\Users\Gigabyte\.rnd
[2012/12/19 17:55:36 | 000,004,608 | ---- | C] () -- C:\Users\Gigabyte\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/09 23:39:53 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012/12/09 23:39:53 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012/12/09 23:34:45 | 000,001,352 | ---- | C] () -- C:\ProgramData\CfSB1090.ini
[2012/12/09 23:34:45 | 000,001,352 | ---- | C] () -- C:\ProgramData\CfSB0910.ini
[2012/12/09 23:34:45 | 000,001,302 | ---- | C] () -- C:\ProgramData\CfSB0300.ini
[2012/12/09 23:34:45 | 000,001,282 | ---- | C] () -- C:\ProgramData\CfSB0471.ini
[2012/12/09 23:34:45 | 000,001,208 | ---- | C] () -- C:\ProgramData\CfSB0490.ini
[2012/12/09 23:34:45 | 000,001,027 | ---- | C] () -- C:\ProgramData\CfSB0560.ini
[2012/12/09 23:34:45 | 000,001,026 | ---- | C] () -- C:\ProgramData\CfSB0271.ini
[2012/12/09 23:34:45 | 000,001,026 | ---- | C] () -- C:\ProgramData\CfSB0270.ini
[2012/12/01 15:45:08 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2012/11/16 21:34:42 | 000,000,059 | ---- | C] () -- C:\Users\Gigabyte\AppData\Local\SUMQU0C1-FE20-APII-YE7M-BEDSDWMY5R6A.dat
[2012/11/13 13:19:48 | 002,105,872 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/11/07 12:16:15 | 000,006,852 | ---- | C] () -- C:\Windows\SysWow64\drivers\Vcs.sys
[2012/08/16 06:45:20 | 000,000,636 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/07/30 02:03:58 | 000,033,134 | ---- | C] () -- C:\Users\Gigabyte\AppData\Roaming\UserTile.png
[2012/07/15 01:01:36 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2012/07/15 00:36:40 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012/07/14 20:38:50 | 000,000,032 | ---- | C] () -- C:\Windows\SysWow64\kakle.dll
[2012/07/14 20:38:49 | 000,000,032 | ---- | C] () -- C:\Windows\SysWow64\winitn.dll
[2012/07/14 20:38:47 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2012/07/14 20:37:44 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2012/07/14 20:29:32 | 000,067,856 | ---- | C] () -- C:\Program Files\OEMLOGO.bmp
[2012/07/14 20:23:46 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/07/14 20:23:46 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012/07/14 20:23:44 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/06/22 11:01:32 | 000,019,984 | ---- | C] () -- C:\Windows\SysWow64\ESGScanner.sys
[2012/01/07 17:22:00 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll
[2012/01/07 17:21:50 | 006,366,094 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-53.dll
[2012/01/07 17:21:50 | 001,007,151 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-53.dll
[2012/01/07 17:21:50 | 000,354,979 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll
[2012/01/07 17:21:50 | 000,203,306 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-51.dll
[2012/01/07 17:21:50 | 000,138,727 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-2.dll
[2011/12/19 09:29:40 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/12/19 09:27:16 | 000,236,544 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/12/08 16:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011/09/20 00:55:00 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\BDSSR160.dll
[2011/09/20 00:55:00 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\BDSSR.dll
[2011/05/05 22:39:12 | 000,225,280 | ---- | C] () -- C:\Windows\SysWow64\net_rim_plazmic_flint_dialog.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 07:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/21 06:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/21 06:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 04:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 06:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 04:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/02/01 23:45:19 | 000,000,000 | ---D | M] -- C:\Users\Gigabyte\AppData\Roaming\Anvisoft
[2013/01/10 10:04:55 | 000,000,000 | ---D | M] -- C:\Users\Gigabyte\AppData\Roaming\Audacity
[2012/08/04 06:03:38 | 000,000,000 | ---D | M] -- C:\Users\Gigabyte\AppData\Roaming\CheeseSoft
[2013/01/09 15:09:41 | 000,000,000 | ---D | M] -- C:\Users\Gigabyte\AppData\Roaming\Composer
[2013/01/06 15:13:53 | 000,000,000 | ---D | M] -- C:\Users\Gigabyte\AppData\Roaming\COWON
[2013/02/02 15:55:36 | 000,000,000 | ---D | M] -- C:\Users\Gigabyte\AppData\Roaming\DevJET
[2013/02/08 23:05:22 | 000,000,000 | ---D | M] -- C:\Users\Gigabyte\AppData\Roaming\DMCache
[2013/01/12 22:54:00 | 000,000,000 | ---D | M] -- C:\Users\Gigabyte\AppData\Roaming\DownTangoFTToolbar
[2013/02/02 15:55:25 | 000,000,000 | ---D | M] -- C:\Users\Gigabyte\AppData\Roaming\Embarcadero
[2012/12/04 14:39:32 | 000,000,000 | ---D | M] -- C:\Users\Gigabyte\AppData\Roaming\Evaer
[2013/02/01 23:45:27 | 000,000,000 | ---D | M] -- C:\Users\Gigabyte\AppData\Roaming\FinalBuilder7
[2012/11/25 13:07:40 | 000,000,000 | RHSD | M] -- C:\Users\Gigabyte\AppData\Roaming\Firewall
[2012/11/25 12:58:04 | 000,000,000 | --SD | M] -- C:\Users\Gigabyte\AppData\Roaming\Frutas
[2013/02/08 23:05:18 | 000,000,000 | ---D | M] -- C:\Users\Gigabyte\AppData\Roaming\IDM
[2013/01/11 14:53:26 | 000,000,000 | ---D | M] -- C:\Users\Gigabyte\AppData\Roaming\IObit
[2012/07/14 20:17:36 | 000,000,000 | ---D | M] -- C:\Users\Gigabyte\AppData\Roaming\Paltalk
[2012/11/09 23:29:43 | 000,000,000 | ---D | M] -- C:\Users\Gigabyte\AppData\Roaming\PixelMetrics
[2012/08/13 01:04:14 | 000,000,000 | ---D | M] -- C:\Users\Gigabyte\AppData\Roaming\Publish Providers
[2013/01/09 15:01:42 | 000,000,000 | ---D | M] -- C:\Users\Gigabyte\AppData\Roaming\Research In Motion
[2012/11/25 13:22:29 | 000,000,000 | ---D | M] -- C:\Users\Gigabyte\AppData\Roaming\Resource Tuner
[2012/12/08 13:14:26 | 000,000,000 | ---D | M] -- C:\Users\Gigabyte\AppData\Roaming\Sony
[2013/02/02 16:14:33 | 000,000,000 | ---D | M] -- C:\Users\Gigabyte\AppData\Roaming\Subversion
[2013/02/06 05:51:01 | 000,000,000 | ---D | M] -- C:\Users\Gigabyte\AppData\Roaming\TuneUp Software
[2013/01/27 11:59:43 | 000,000,000 | ---D | M] -- C:\Users\Gigabyte\AppData\Roaming\URSoft
[2013/02/08 03:12:28 | 000,000,000 | ---D | M] -- C:\Users\Gigabyte\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/02/06 04:53:44 | 000,883,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/02/06 04:53:44 | 000,883,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/02/06 04:53:44 | 000,883,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2013/02/06 04:53:45 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2013/02/06 04:53:45 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2013/02/06 04:53:45 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/21 06:25:08 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/21 06:25:08 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/21 06:25:08 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2010/11/21 06:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2010/11/21 06:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation)
 
< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2013/02/06 04:53:44 | 000,883,400 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2013/02/06 04:53:44 | 000,883,400 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2013/02/06 04:53:44 | 000,883,400 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2013/02/06 04:53:45 | 000,917,400 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2013/02/06 04:53:45 | 000,917,400 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2013/02/06 04:53:45 | 000,917,400 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/14 04:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/14 04:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/14 04:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2010/11/21 06:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2010/11/21 06:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation)
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:89EAFAFC

< End of report >

So jetzt bin ich drin

Ich habe ein paar Fragen, könntest du sie bitte antworten ?

Warum sollte man diese Tools von Desktop starten ?

Wie kann ich von den Logs erkennen, ob etwas hier nicht stimmt, wo kann ich darüber lesen, oder lernen?

Was ich von den Logs verstanden habe ist, dass die Short-Cuts geändert worden sind

War das Porblem an Ask.com, oder an DownTango ?

Danke nochmal für alles.

M-K-D-B · 10.02.2013, 13:51

Servus,

natürlich beantworte ich dir deine Fragen.

Zitat:

Zitat von Deathpirat

Bevor ich mich bei dir danke, möchte ich sagen, dass du für mich ein wahres Genie bist

Das ist vielleicht etwas zu viel der Ehre...

Zitat:

Zitat von Deathpirat

So jetzt möchte ich dir danken, für das was du für mich und jedem Mitglied hier machst

VIELEN VIELEN DANK.

Danke.

Zitat:

Zitat von Deathpirat

Ich habe ein paar Fragen, könntest du sie bitte antworten ?

Ja.

Zitat:

Zitat von Deathpirat

Warum sollte man diese Tools von Desktop starten ?

Weil wir am Ende der Bereinigung alle verwendeten Tools entfernen wollen. Zudem muss man nicht ständig in einen Ordner wechseln, man spart sich also Zeit.

Zitat:

Zitat von Deathpirat

Wie kann ich von den Logs erkennen, ob etwas hier nicht stimmt, wo kann ich darüber lesen, oder lernen?

Hier auf Trojaner Board gibt es eine Ausbildung (sieh dazu den Link in meiner Signatur).

Zitat:

Zitat von Deathpirat

Was ich von den Logs verstanden habe ist, dass die Short-Cuts geändert worden sind

Richtig.

Zitat:

Zitat von Deathpirat

War das Porblem an Ask.com, oder an DownTango ?

Vermutlich hast du dir darüber die Probleme geholt. Ich habe allerdings eher DownTango im Verdacht.

Auf deinem Rechner befinden sich noch ein paar Reste. Diese möchte ich gerne noch aufspüren und löschen.
Abschließend bekommst du noch ein paar Tipps mit auf den Weg und wir entfernen alle verwendeten Programme.

Und jetzt habe ich noch eine Frage:

Hast du diesen Proxy-Server gesetzt?
119.187.148.34:8000

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.

Download Mirror # 1

Doppelklicke auf die SystemLook.exe, um das Tool zu starten.

Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:

ATTFilter

:filefind
*yourfiledownloader*
*DownTango*
*Babylon*

:folderfind
*yourfiledownloader*
*DownTango*
*Babylon*

:regfind
Ask.com
yourfiledownloader
DownTango
PriceGong
Babylon
bProtect
Conduit
Funmoods

Klicke nun auf den Button Look, um den Scan zu starten.
Der Suchlauf wird einige Zeit dauern.
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

Deathpirat · 10.02.2013, 19:31

Ich würde gerne hier eine Ausbildung absolvieren, Matthias sensei

aber leider ihr nehmt zurzeit keine

Zu deiner Frage

ich glaub, dass das Hostpot Shields Werk ist.

Code:

ATTFilter

    SystemLook 30.07.11 by jpshortstuff
    Log created at 21:03 on 10/02/2013 by Gigabyte
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "*yourfiledownloader*"

M-K-D-B · 11.02.2013, 14:30

Servus,

Zitat:

Zitat von Deathpirat

Ich würde gerne hier eine Ausbildung absolvieren, Matthias sensei

aber leider ihr nehmt zurzeit keine

Das kann sich ganz schnell ändern.

Poste bitte die komplette Logdatei von SystemLook. Das vorhin war nur ein kleiner Ausschnitt.

M-K-D-B · 16.02.2013, 11:35

Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!

16.02.2013, 11:35	#9
M-K-D-B /// TB-Ausbilder	Certified-toolbar -Search Startseite Problem Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen!

Certified-toolbar -Search Startseite Problem

Log-Analyse und Auswertung: Certified-toolbar -Search Startseite Problem