Hallo TB Team , ich bin kein erfahrener also über (Trojaner) darum wollte ich die Profis ( hier: seit ihr die Profis) sagen. Wenn ich in Google gehe steht da Attention Requirred. Ich habe dann eine Software benutzt und zwar : Anti Malware . Und jzt steht da . Finnish . Aber wenn ich jzt wieder in Google gehe steht da wieder dasselbe. Ich habe versucht das Java - Script zu nutzen (F12) Aber es ist verschlossen ich kann es nicht löschen .

PS: Ich würde mich über eine Hilfreiche Antwort freuen :

Hi,

mach bitte einen OTL-Scan, damit ich sehen kann, was die Ursache dafür ist:


Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.

• Doppelklick auf die OTL.exe.
• Unter Extra Registry, wähle bitte Use SafeList.
• Setze den Haken bei Scan all Users.
• Klicke nun auf Run Scan.
• Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) erstellt.
• Poste den Inhalt dieser Logfiles hier in den Thread.

OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 03.05.2013 12:31:32 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\doniaali\Downloads
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 47,54% Memory free
6,00 Gb Paging File | 3,75 Gb Available in Paging File | 62,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 683,54 Gb Total Space | 612,62 Gb Free Space | 89,62% Space Free | Partition Type: NTFS
 
Computer Name: PHONIEX2012-PC | User Name: doniaali | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\doniaali\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Iminent\Iminent.exe (Iminent)
PRC - C:\Program Files\Iminent\Iminent.Messengers.exe (Iminent)
PRC - C:\Program Files\Common Files\Umbrella\umbrella.exe (Iminent)
PRC - C:\Program Files\Search Results Toolbar\Datamngr\DatamngrUI.exe (Bandoo Media Inc.)
PRC - C:\Program Files\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe (Bandoo Media Inc.)
PRC - C:\Windows\System32\dmwu.exe ()
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Java\jre7\bin\javaw.exe (Oracle Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe ()
PRC - C:\Program Files\spotflux\.\spotflux.exe ()
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe (Uniblue Systems Ltd)
PRC - C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe (Uniblue Systems Ltd)
PRC - C:\Program Files\Wajam\Updater\WajamUpdater.exe (Wajam)
PRC - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Search Results Toolbar\Datamngr\apcrtldr.dll ()
MOD - C:\Program Files\Search Results Toolbar\Datamngr\mgrldr.dll ()
MOD - c:\progra~1\search~2\datamngr\mgrldr.dll ()
MOD - C:\Users\doniaali\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\doniaali\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\doniaali\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
MOD - C:\Users\doniaali\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll ()
MOD - C:\Users\doniaali\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll ()
MOD - C:\Users\doniaali\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\32ecd6bef90d6da4b2b33850c3ce99e1\System.Configuration.Install.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\806c4ba7d696ab586ffd774a31f1a66b\System.Windows.Forms.ni.dll ()
MOD - C:\Program Files\spotflux\.\spotflux.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\8e092d89921648308ac103bb08bfd370\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\e464dc608a88955a0edccba917d207de\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\8bf20667f0b0d4873ee748435427ca85\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\d340a103e8f063a3771cbeaaec58d157\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\d340a103e8f063a3771cbeaaec58d157\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\9253eb314ef2f5adada0d5fdf1d4a839\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\22c60ca3c2b18e041ebff2578c90cba3\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\62d047ff6c2865139d95eb19545b1cc6\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\48ee0e1de873152ec7e85d7456c1cc09\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\cbb7db665b3ba25a931258eb702527f5\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\8167f7d08668a5859e76aa9a1124a42f\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\f28a346ae10e2eec581608f591cf7116\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8983c040161b34c64474f195bff5e2de\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b83993cc955262507c8ead67567c8060\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\5dbabea688adfc665e3453561736699a\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d884c684ee3f738a60e3c50dd5d88caa\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\08bebcf66ad666dfdf2a4a934d79c0f9\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\cb72ac8478a5ea7e2d570bb710ecb1c1\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\df418085cedae9fa2efee87e20a419a4\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\60c214b6ad5691e368a16ec65d127c27\mscorlib.ni.dll ()
MOD - C:\Users\doniaali\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll ()
MOD - C:\Program Files\Uniblue\SpeedUpMyPC\locale\de\de.dll ()
MOD - C:\Program Files\Uniblue\SpeedUpMyPC\InstallerExtensions.dll ()
MOD - C:\Program Files\Uniblue\SpeedUpMyPC\cwebpage.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
 
 
========== Services (SafeList) ==========
 
SRV - (BrowserProtect) --  File not found
SRV - (SProtection) -- C:\Program Files\Common Files\Umbrella\umbrella.exe (Iminent)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (DatamngrCoordinator) -- C:\Program Files\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe (Bandoo Media Inc.)
SRV - (IBUpdaterService) -- C:\Windows\System32\dmwu.exe ()
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SolutoLauncherService) -- C:\Program Files\Soluto\SolutoLauncherService.exe (Soluto)
SRV - (SolutoService) -- C:\Program Files\Soluto\SolutoService.exe (Soluto)
SRV - (SolutoRemoteService) -- C:\Program Files\Soluto\SolutoRemoteService.exe (Soluto)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (SearchAnonymizer) -- C:\Users\doniaali\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
SRV - (WajamUpdater) -- C:\Program Files\Wajam\Updater\WajamUpdater.exe (Wajam)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe (Symantec Corporation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (cpuz136) -- C:\Windows\TEMP\cpuz136\cpuz136_x32.sys File not found
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130412.001\BHDrvx86.sys (Symantec Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (Soluto) -- C:\Windows\System32\drivers\Soluto.sys (Soluto LTD.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130502.021\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130502.021\NAVENG.SYS (Symantec Corporation)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130502.001\IDSvix86.sys (Symantec Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (SymNetS) -- C:\Windows\System32\drivers\NIS\1207020.003\symnets.sys (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\NIS\1207020.003\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\NIS\1207020.003\srtspx.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\NIS\1207020.003\symefa.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\NIS\1207020.003\symds.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\NIS\1207020.003\ironx86.sys (Symantec Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Mysearchdial Search
IE - HKLM\..\URLSearchHook: {77f8c945-4b74-4bd6-a073-e0d1997edce8} - C:\Program Files\midicair\prxtbmid2.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=484&systemid=406&apn_uid=0200715572144805&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B: "URL" = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=tugumsd&cd=2XzuyEtN2Y1L1QzutDtD0F0FtD0AtC0Bzy0EtB0C0CtB0A0BtN0D0Tzu0CyEzzyBtN1L2XzutBtFtBtFtCtFyCtCzztN1L1Czu2Z2Y1N2Y1H1B1Q&cr=144183255&ir=
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2795622
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://websearch.good-results.info/?l=1&q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10031&barid={BD70E208-D114-4C4A-85CC-AB437D59E4A6}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = Delta Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=e6308829-be2f-4f46-a847-c9d78591d9e9&searchtype=ds&q={searchTerms}&installDate=25/02/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=e6308829-be2f-4f46-a847-c9d78591d9e9&searchtype=ds&q={searchTerms}&installDate=25/02/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Delta Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 51 A3 BC 40 D9 CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=e6308829-be2f-4f46-a847-c9d78591d9e9&searchtype=ds&q={searchTerms}&installDate=25/02/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=e6308829-be2f-4f46-a847-c9d78591d9e9&searchtype=ds&q={searchTerms}&installDate=25/02/2013
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=e6308829-be2f-4f46-a847-c9d78591d9e9&searchtype=ds&q={searchTerms}&installDate=25/02/2013
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www2.delta-search.com/?q={searchTerms}&affID=120519&babsrc=SP_ss&mntrId=ACFD00FF0A1B9E2C
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=484&systemid=406&apn_uid=0200715572144805&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com Search"
FF - prefs.js..browser.search.defaultenginename: "Mysearchdial"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.defaultthis.engineName: "midicair Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2795622&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Mysearchdial"
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine: "Mysearchdial"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/406?appid=484"
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40delta.com:1.5.0
FF - prefs.js..extensions.enabledAddons: %7B377e5d4d-77e5-476a-8716-7e70a9272da0%7D:1.2.0.0
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6
FF - prefs.js..extensions.enabledAddons: %7B77f8c945-4b74-4bd6-a073-e0d1997edce8%7D:3.18.0.7
FF - prefs.js..extensions.enabledAddons: %7Be6308829-be2f-4f46-a847-c9d78591d9e9%7D:1.1
FF - prefs.js..extensions.enabledAddons: %7BEB9394A3-4AD6-4918-9537-31A1FD8E8EDF%7D:2.0
FF - prefs.js..extensions.enabledAddons: lyricsmonkey%40mendoni.net:1.111
FF - prefs.js..extensions.enabledAddons: %7B1FD91A9C-410C-4090-BBCC-55D3450EF433%7D:5.0.0.6767
FF - prefs.js..extensions.enabledAddons: %7B0153E448-190B-4987-BDE1-F256CADA672F%7D:15.0.6
FF - prefs.js..extensions.enabledAddons: fiddlerhook%40fiddler2.com:2.4.3.7
FF - prefs.js..extensions.enabledAddons: webbooster%40iminent.com:6.16.4.4
FF - prefs.js..extensions.enabledAddons: crossriderapp2258%40crossrider.com:0.91.139
FF - prefs.js..extensions.enabledAddons: %7Bad9a41d2-9a49-4fa6-a79e-71a0785364c8%7D:7.0
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40mysearchdial.com:1.6.0
FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.15.100013
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.3.0.9%20-%204
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2795622&SearchSource=2&CUI=SB_CUI&UM=UM_ID&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files\OnLive\Plugin\npolgdet.dll (OnLive)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\doniaali\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\doniaali\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\doniaali\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2012.10.17 23:03:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_13_2 [2013.05.03 10:22:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.01.10 20:49:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.11.09 17:22:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.11.09 17:22:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\51026cd8674e0@51026cd867519.com: C:\Users\doniaali\AppData\Roaming\Mozilla\Firefox\Profiles\kcuhzizm.default\extensions\51026cd8674e0@51026cd867519.com [2013.01.25 13:06:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\rzfk93hww@ayifooa-zpcm.co.uk: C:\Users\doniaali\AppData\Roaming\Mozilla\Firefox\Profiles\kcuhzizm.default\extensions\rzfk93hww@ayifooa-zpcm.co.uk [2013.03.26 23:20:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\hbfx-aua@iyyiwsiyie.com: C:\Users\doniaali\AppData\Roaming\Mozilla\Firefox\Profiles\kcuhzizm.default\extensions\hbfx-aua@iyyiwsiyie.com [2013.03.27 18:39:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files\Fiddler2\FiddlerHook [2013.04.13 12:44:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files\Iminent\webbooster@iminent.com [2013.05.01 12:06:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.20 14:14:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lyricsmonkey@mendoni.net: C:\Program Files\LyricsMonkey\FF\ [2013.04.28 11:36:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.20 14:14:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013.04.21 11:52:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\doniaali\AppData\Roaming\mozilla\Extensions
[2013.05.01 17:14:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\doniaali\AppData\Roaming\mozilla\Firefox\Profiles\kcuhzizm.default\extensions
[2013.04.21 11:52:46 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\doniaali\AppData\Roaming\mozilla\Firefox\Profiles\kcuhzizm.default\extensions\{377e5d4d-77e5-476a-8716-7e70a9272da0}
[2013.03.27 19:41:23 | 000,000,000 | ---D | M] (midicair Community Toolbar) -- C:\Users\doniaali\AppData\Roaming\mozilla\Firefox\Profiles\kcuhzizm.default\extensions\{77f8c945-4b74-4bd6-a073-e0d1997edce8}
[2012.07.27 09:59:38 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\doniaali\AppData\Roaming\mozilla\Firefox\Profiles\kcuhzizm.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2013.05.01 17:14:04 | 000,000,000 | ---D | M] (MySearchDial) -- C:\Users\doniaali\AppData\Roaming\mozilla\Firefox\Profiles\kcuhzizm.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
[2013.04.12 14:49:59 | 000,000,000 | ---D | M] ("QuickShare Widget") -- C:\Users\doniaali\AppData\Roaming\mozilla\Firefox\Profiles\kcuhzizm.default\extensions\{e6308829-be2f-4f46-a847-c9d78591d9e9}
[2013.02.25 19:11:10 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\doniaali\AppData\Roaming\mozilla\Firefox\Profiles\kcuhzizm.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2013.01.25 13:06:35 | 000,000,000 | ---D | M] (Browse2save) -- C:\Users\doniaali\AppData\Roaming\mozilla\Firefox\Profiles\kcuhzizm.default\extensions\51026cd8674e0@51026cd867519.com
[2013.05.01 17:14:09 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\doniaali\AppData\Roaming\mozilla\Firefox\Profiles\kcuhzizm.default\extensions\crossriderapp2258@crossrider.com
[2013.02.25 19:10:53 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\doniaali\AppData\Roaming\mozilla\Firefox\Profiles\kcuhzizm.default\extensions\ffxtlbr@delta.com
[2013.05.01 17:14:06 | 000,000,000 | ---D | M] (mysearchdial.com) -- C:\Users\doniaali\AppData\Roaming\mozilla\Firefox\Profiles\kcuhzizm.default\extensions\ffxtlbr@mysearchdial.com
[2013.03.27 18:39:06 | 000,000,000 | ---D | M] (Boroowsee2save) -- C:\Users\doniaali\AppData\Roaming\mozilla\Firefox\Profiles\kcuhzizm.default\extensions\hbfx-aua@iyyiwsiyie.com
[2013.03.26 23:20:48 | 000,000,000 | ---D | M] (BirowwsyE2savee) -- C:\Users\doniaali\AppData\Roaming\mozilla\Firefox\Profiles\kcuhzizm.default\extensions\rzfk93hww@ayifooa-zpcm.co.uk
[2013.04.03 14:42:36 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\doniaali\AppData\Roaming\mozilla\Firefox\Profiles\kcuhzizm.default\extensions\toolbar@ask.com
[2013.05.01 17:14:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\doniaali\AppData\Roaming\mozilla\Firefox\Profiles\kcuhzizm.default\extensions\crossriderapp2258@crossrider.com\chrome\content\extensionCode
[2013.04.20 14:15:31 | 000,532,430 | ---- | M] () (No name found) -- C:\Users\doniaali\AppData\Roaming\mozilla\firefox\profiles\kcuhzizm.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.05.01 14:02:32 | 000,006,473 | ---- | M] () -- C:\Users\doniaali\AppData\Roaming\mozilla\firefox\profiles\kcuhzizm.default\searchplugins\babylon.xml
[2013.05.01 14:02:32 | 000,006,473 | ---- | M] () -- C:\Users\doniaali\AppData\Roaming\mozilla\firefox\profiles\kcuhzizm.default\searchplugins\BrowserProtect.xml
[2013.03.27 19:39:42 | 000,000,919 | ---- | M] () -- C:\Users\doniaali\AppData\Roaming\mozilla\firefox\profiles\kcuhzizm.default\searchplugins\conduit.xml
[2013.05.01 12:05:27 | 000,001,294 | ---- | M] () -- C:\Users\doniaali\AppData\Roaming\mozilla\firefox\profiles\kcuhzizm.default\searchplugins\delta.xml
[2013.05.01 17:15:19 | 000,002,389 | ---- | M] () -- C:\Users\doniaali\AppData\Roaming\mozilla\firefox\profiles\kcuhzizm.default\searchplugins\Mysearchdial.xml
[2013.04.30 18:53:09 | 000,002,120 | ---- | M] () -- C:\Users\doniaali\AppData\Roaming\mozilla\firefox\profiles\kcuhzizm.default\searchplugins\MyStart Search.xml
[2013.04.21 11:51:59 | 000,002,646 | ---- | M] () -- C:\Users\doniaali\AppData\Roaming\mozilla\firefox\profiles\kcuhzizm.default\searchplugins\Search_Results.xml
[2013.04.12 14:56:46 | 000,022,907 | ---- | M] () -- C:\Users\doniaali\AppData\Roaming\mozilla\firefox\profiles\kcuhzizm.default\searchplugins\Web Search.xml
[2013.04.21 11:52:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.01.26 21:42:44 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\Program Files\mozilla firefox\extensions\adapter@babylontc.com
[2013.04.13 12:44:51 | 000,000,000 | ---D | M] (FiddlerHook) -- C:\PROGRAM FILES\FIDDLER2\FIDDLERHOOK
[2013.05.01 12:06:27 | 000,000,000 | ---D | M] ("Iminent Minibar") -- C:\PROGRAM FILES\IMINENT\WEBBOOSTER@IMINENT.COM
[2013.04.28 11:36:51 | 000,000,000 | ---D | M] ("Lyrics Monkey") -- C:\PROGRAM FILES\LYRICSMONKEY\FF
[2012.10.17 23:03:13 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPLGN
[2012.11.09 17:22:11 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2013.04.20 14:14:59 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.03.07 17:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.05.01 14:05:54 | 000,006,492 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2013.03.07 17:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.03.07 17:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.07 17:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.21 11:51:59 | 000,002,646 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2013.03.07 17:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.07 17:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: Mysearchdial Search
CHR - default_search_provider: Mysearchdial ()
CHR - default_search_provider: search_url = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=tugumsd&cd=2XzuyEtN2Y1L1QzutDtD0F0FtD0AtC0Bzy0EtB0C0CtB0A0BtN0D0Tzu0CyEzzyBtN1L2XzutBtFtBtFtCtFyCtCzztN1L1Czu2Z2Y1N2Y1H1B1Q&cr=144183255&ir=
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\doniaali\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\doniaali\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\doniaali\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: registryAccess (Enabled) = C:\Users\doniaali\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.15.37265_0\background/registryAccess.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: OnLive Game Client Detector (Enabled) = C:\Program Files\OnLive\Plugin\npolgdet.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files\Sony\Media Go\npmediago.dll
CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\doniaali\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Ask Toolbar = C:\Users\doniaali\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.15.37265_0\
CHR - Extension: QuickShare Widget = C:\Users\doniaali\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\
CHR - Extension: Google Docs = C:\Users\doniaali\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\doniaali\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\doniaali\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\doniaali\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Delta Toolbar = C:\Users\doniaali\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.3_0\
CHR - Extension: Iminent = C:\Users\doniaali\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\6.16.5.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\doniaali\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: New tab for Chrome\u2122 = C:\Users\doniaali\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: Lyrics Monkey = C:\Users\doniaali\AppData\Local\Google\Chrome\User Data\Default\Extensions\khialnikbocfgkohdegnebhmmaifoglp\1.111_0\
CHR - Extension: SwissConverter 2.1 = C:\Users\doniaali\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhdidofdhbieclaekjnfcnfaoceobnco\10.15.0.62_0\
CHR - Extension: Skype Click to Call = C:\Users\doniaali\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\
CHR - Extension: Google Mail = C:\Users\doniaali\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013.04.30 17:31:35 | 000,010,555 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 198.167.139.193 google.com
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 317 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Lyrics Monkey) - {18CAEA74-C7E8-4D37-967F-1D01351BA398} - C:\Program Files\LyricsMonkey\lyricsmonkey.dll (MNDi Software)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.7.2\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {336D0C35-8A85-403a-B9D2-65C292C39087} - No CLSID value found.
O2 - BHO: (Search-Results Toolbar) - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~1\SEARCH~2\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O2 - BHO: (mixidj Helper Object) - {4D6A9BBF-402C-4301-B1EF-28D04F71D761} - C:\Program Files\mixidj\mixidj\1.8.4.1\bh\mixidj.dll (MixiDJ)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (midicair Toolbar) - {77f8c945-4b74-4bd6-a073-e0d1997edce8} - C:\Program Files\midicair\prxtbmid2.dll (Conduit Ltd.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\wajam.dll (Wajam)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (LyricsTube) - {B399EDE8-1525-458C-8DD9-31EADF632D06} - C:\Program Files\LyricsTube\lrcstube.dll (Hansen & Destar Apps)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Browse2save) - {B80652C1-907A-3E1D-D19E-031B4F489227} - C:\ProgramData\Browse2save\51026cd86767d.dll ()
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.16.16\bh\delta.dll (Delta-search.com)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\Softonic\1.5.21.0\bh\Softonic.dll (Softonic.com)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (mysearchdial Helper Object) - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\PROGRA~1\MYSEAR~1\bh\mysearchdial.dll (Ironsource Israel (2011) LTD)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (mysearchdial Toolbar) - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\PROGRA~1\MYSEAR~1\mysearchdialTlbr.dll (Ironsource Israel (2011) LTD)
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~1\SEARCH~2\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\Softonic\1.5.21.0\SoftonicTlbr.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (midicair Toolbar) - {77f8c945-4b74-4bd6-a073-e0d1997edce8} - C:\Program Files\midicair\prxtbmid2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.16.16\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.7.2\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (MixiDJ Toolbar) - {CA9B9C89-4662-4ADC-9C23-A452BECD5D19} - C:\Program Files\mixidj\mixidj\1.8.4.1\mixidjTlbr.dll (MixiDJ)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (midicair Toolbar) - {77F8C945-4B74-4BD6-A073-E0D1997EDCE8} - C:\Program Files\midicair\prxtbmid2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Iminent] C:\Program Files\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Telerik)
O9 - Extra 'Tools' menuitem : Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Telerik)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.202 193.189.244.194
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A1B9E2C-DECA-458F-8A2B-CBC31C89A90C}: DhcpNameServer = 44.0.0.253 44.0.0.3 44.0.0.4 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1957BA05-6631-4A34-A85E-80CEBD0EE152}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F6F9F58-CECB-4610-995C-BAFAEE0A16FC}: DhcpNameServer = 192.168.1.1 193.189.244.202 193.189.244.194
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~2\Wincert\WIN32C~1.DLL) - C:\ProgramData\Wincert\win32cert.dll ()
O20 - AppInit_DLLs: (c:\progra~1\search~2\datamngr\mgrldr.dll) - c:\progra~1\search~2\datamngr\mgrldr.dll ()
O20 - AppInit_DLLs: (c:\progra~1\websea~1\sprote~1.dll) - c:\progra~1\websea~1\sprote~1.dll ()
O20 - AppInit_DLLs: (c:\progra~1\browse~1\sprote~1.dll) - c:\progra~1\browse~1\sprote~1.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d8fbc4c0-8d98-11e2-a690-0025115aab59}\Shell - "" = AutoRun
O33 - MountPoints2\{d8fbc4c0-8d98-11e2-a690-0025115aab59}\Shell\AutoRun\command - "" = J:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\HTC_Sync_Manager_PC.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: x86 - (C:\Program Files\Search Results Toolbar\Datamngr\apcrtldr.dll) - C:\Program Files\Search Results Toolbar\Datamngr\apcrtldr.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.02 17:23:27 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Roaming\Malwarebytes
[2013.05.02 17:23:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.02 17:23:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.02 17:23:18 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.05.02 17:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.05.02 17:23:10 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\Programs
[2013.05.02 17:02:27 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Roaming\Avira
[2013.05.02 11:49:37 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.05.01 19:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.05.01 19:21:28 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.05.01 19:21:27 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.05.01 19:21:27 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.05.01 19:21:27 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.05.01 19:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.05.01 19:21:26 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.05.01 18:58:09 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013.05.01 15:42:52 | 000,000,000 | ---D | C] -- C:\Users\doniaali\Documents\Simply Super Software
[2013.05.01 14:32:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2013.05.01 14:32:24 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2013.05.01 14:32:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2013.05.01 14:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Pro
[2013.05.01 14:07:42 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Pro
[2013.05.01 14:07:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mysearchdial
[2013.05.01 14:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\mixiedj
[2013.05.01 14:06:31 | 000,000,000 | ---D | C] -- C:\Program Files\mixidj
[2013.05.01 14:05:54 | 000,000,000 | ---D | C] -- C:\Program Files\LyricsTube
[2013.05.01 12:50:57 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\ElevatedDiagnostics
[2013.05.01 12:50:07 | 000,000,000 | ---D | C] -- C:\Users\doniaali\Desktop\Neuer Ordner
[2013.05.01 12:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\DomaIQ Uninstaller
[2013.05.01 12:06:39 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Roaming\Iminent
[2013.05.01 12:06:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Iminent
[2013.05.01 12:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
[2013.05.01 12:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Umbrella
[2013.05.01 12:06:07 | 000,000,000 | ---D | C] -- C:\Program Files\Iminent
[2013.05.01 12:05:56 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
[2013.05.01 12:05:27 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Roaming\BabSolution
[2013.05.01 12:05:11 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Roaming\Delta
[2013.04.30 15:43:21 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MinecraftAlpha
[2013.04.30 15:43:20 | 000,000,000 | ---D | C] -- C:\Program Files\MinecraftAlpha
[2013.04.30 15:39:07 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Roaming\.minecraft
[2013.04.30 15:08:22 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{1C1ADA15-7B69-446F-8C10-7D6E2010A37E}
[2013.04.29 20:22:52 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Roaming\Google
[2013.04.29 20:22:39 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Roaming\Yahoo!
[2013.04.29 20:22:19 | 000,000,000 | ---D | C] -- C:\Users\doniaali\Documents\Eigene Scans
[2013.04.29 13:36:40 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{A268B594-CC53-456B-B1A0-456E64A44864}
[2013.04.28 11:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\LyricsMonkey
[2013.04.28 11:36:45 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{3F092477-FECE-46E9-BD40-4B67F8A78BB7}
[2013.04.27 20:02:00 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{C54D09C3-86BB-410C-95C6-84C51434A766}
[2013.04.27 19:57:10 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{D412F663-6BEF-4F88-A323-0290F2DA811C}
[2013.04.22 15:08:13 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{9E5F3EB2-F431-402D-8E0C-4B866651EDF2}
[2013.04.21 12:21:08 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{51212EAF-11F2-4CFD-B2C0-BEE9F391766F}
[2013.04.21 11:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Wincert
[2013.04.21 11:51:50 | 000,000,000 | ---D | C] -- C:\Program Files\Search Results Toolbar
[2013.04.21 11:51:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Datamngr
[2013.04.21 11:51:25 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\iLivid
[2013.04.21 00:20:42 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{3D9A8003-C964-42E3-8111-C03E821E6307}
[2013.04.20 10:15:32 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{7AC8426E-B33E-4A95-ADF6-F2223CB393F9}
[2013.04.19 21:06:03 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{C362B9EB-5829-4D94-8F4A-76DF3C85E012}
[2013.04.19 19:47:55 | 000,000,000 | ---D | C] -- C:\Users\doniaali\Downloads
[2013.04.19 09:05:37 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{0856E38D-F89A-4782-9420-DAAC9AD57C15}
[2013.04.18 15:50:57 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{FA9AB740-C850-4D22-9197-AD88FA659DD8}
[2013.04.17 12:02:32 | 000,000,000 | ---D | C] -- C:\Users\doniaali\Documents\Downloads
[2013.04.17 11:30:09 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{0E01C49D-B755-4DFF-B9ED-EFC4CD171A52}
[2013.04.16 09:52:49 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{0D2051E5-78D7-49F0-A674-175AFE374E53}
[2013.04.15 09:18:40 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{0D19E352-785E-424A-AC7B-455CCEA67C27}
[2013.04.13 18:28:47 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{4FB0FDF9-6BB4-4F8C-A2DB-AAD285F0B248}
[2013.04.13 15:01:17 | 000,000,000 | --SD | C] -- C:\Users\doniaali\Documents\MicroSys
[2013.04.13 15:01:17 | 000,000,000 | -HSD | C] -- C:\Users\doniaali\Documents\MSDCSC
[2013.04.13 12:45:11 | 000,000,000 | ---D | C] -- C:\Users\doniaali\Documents\Fiddler2
[2013.04.13 12:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\Fiddler2
[2013.04.12 19:05:58 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{39DA384A-3C2F-4A93-807A-2FBD4B4CFA2F}
[2013.04.12 06:55:16 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{193CEAFA-C947-406E-AD10-DC9D97E0195B}
[2013.04.11 17:16:06 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{4E21AF9B-8E89-43B1-AE79-EB0EE7723059}
[2013.04.11 15:12:30 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.11 15:12:29 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.04.11 15:12:28 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.04.11 15:12:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.04.11 15:12:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.04.11 15:12:27 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.04.11 15:12:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.04.11 15:12:26 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.04.11 12:35:09 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.04.11 12:35:06 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.04.11 12:35:05 | 003,958,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.04.11 12:35:05 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.04.11 12:34:58 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013.04.11 12:34:58 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2013.04.11 12:29:16 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{73076478-7532-4A83-B55F-D877A69F3623}
[2013.04.10 12:14:25 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{C07D17C0-76BE-4D3D-BE60-87809F4E2F36}
[2013.04.09 13:29:05 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{02B889D4-3C20-4D27-A3C3-FD6A7EF2860E}
[2013.04.08 12:10:22 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{20C4B2DC-C38F-48E1-8385-110EED1738C3}
[2013.04.07 02:49:55 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{F9EDD1F7-32D9-40D6-8E98-C46BF9C3776A}
[2013.04.06 11:11:07 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{0D269BC1-AF97-41EB-BF6E-B3238449D512}
[2013.04.04 10:47:28 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{B5C779F1-9B81-430D-A772-820AE1DDB117}
[2013.04.03 13:59:58 | 000,000,000 | ---D | C] -- C:\Users\doniaali\Documents\My Cheat Tables
[2013.04.03 13:59:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.2
[2013.04.03 13:59:17 | 000,000,000 | ---D | C] -- C:\Program Files\Cheat Engine 6.2
[2013.04.03 13:59:13 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
[2013.04.03 13:59:13 | 000,000,000 | ---D | C] -- C:\Program Files\FilesFrog Update Checker
[2013.04.03 13:59:01 | 000,000,000 | ---D | C] -- C:\Program Files\XingHaoLyrics
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.03 12:35:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.03 12:22:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1003UA.job
[2013.05.03 12:07:00 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\MySearchDial.job
[2013.05.03 11:53:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.03 11:48:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1006UA.job
[2013.05.03 11:30:01 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1003UA.job
[2013.05.03 10:29:58 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.03 10:29:58 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.03 10:22:34 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.03 10:22:30 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\spmonitor.job
[2013.05.03 10:22:30 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC.job
[2013.05.03 10:22:29 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\schedule!3036567561.job
[2013.05.03 10:22:29 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\RMAutoUpdate.job
[2013.05.03 10:22:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.03 10:21:57 | 2415,316,992 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.02 19:56:21 | 000,000,000 | ---- | M] () -- C:\END
[2013.05.02 18:59:59 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2013.05.02 17:40:18 | 000,735,702 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2013.05.02 17:40:18 | 000,698,008 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.02 17:40:18 | 000,654,880 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.02 17:40:18 | 000,152,474 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2013.05.02 17:40:18 | 000,148,632 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.02 17:40:18 | 000,121,752 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.02 17:33:48 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1003Core.job
[2013.05.02 17:23:21 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.02 15:39:20 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1006Core.job
[2013.05.02 15:11:28 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1003Core.job
[2013.05.02 15:11:28 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\PC Performer_DEFAULT.job
[2013.05.02 11:49:24 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.05.01 19:21:40 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.05.01 14:07:08 | 000,000,368 | ---- | M] () -- C:\Users\Public\Desktop\MySearchDial.url
[2013.05.01 13:13:58 | 000,002,343 | ---- | M] () -- C:\Users\doniaali\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013.05.01 12:06:29 | 000,000,596 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog
[2013.04.30 17:31:35 | 000,010,555 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.04.28 17:38:04 | 000,002,408 | ---- | M] () -- C:\{91CC7DA9-1967-46BE-AE98-27D5CCAF8CCA}
[2013.04.21 11:52:54 | 000,001,001 | ---- | M] () -- C:\Users\doniaali\Application Data\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk
[2013.04.20 17:09:15 | 000,002,304 | ---- | M] () -- C:\{8037E2D3-8763-4391-8F4E-5A4B5674A00E}
[2013.04.11 17:12:11 | 000,401,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.07 10:54:58 | 001,156,400 | ---- | M] () -- C:\Windows\System32\dmwu.exe
[2013.04.07 10:52:34 | 000,027,136 | ---- | M] () -- C:\Windows\System32\ImHttpComm.dll
[2013.04.04 14:57:45 | 000,002,960 | ---- | M] () -- C:\{178BCE50-8EF4-4611-93D1-37D2578FBC49}
[2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.02 17:23:21 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.01 19:21:40 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.05.01 14:07:53 | 000,000,284 | ---- | C] () -- C:\Windows\tasks\MySearchDial.job
[2013.05.01 14:07:08 | 000,000,368 | ---- | C] () -- C:\Users\Public\Desktop\MySearchDial.url
[2013.05.01 13:38:11 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1006UA.job
[2013.05.01 13:38:09 | 000,001,060 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1006Core.job
[2013.05.01 13:13:58 | 000,002,343 | ---- | C] () -- C:\Users\doniaali\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013.05.01 13:11:32 | 000,001,132 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1003UA.job
[2013.05.01 13:11:31 | 000,001,080 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1003Core.job
[2013.05.01 12:06:22 | 000,000,596 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog
[2013.04.28 17:38:02 | 000,002,408 | ---- | C] () -- C:\{91CC7DA9-1967-46BE-AE98-27D5CCAF8CCA}
[2013.04.21 11:52:54 | 000,001,007 | ---- | C] () -- C:\Users\doniaali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
[2013.04.21 11:52:53 | 000,001,001 | ---- | C] () -- C:\Users\doniaali\Application Data\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk
[2013.04.20 17:09:12 | 000,002,304 | ---- | C] () -- C:\{8037E2D3-8763-4391-8F4E-5A4B5674A00E}
[2013.04.13 12:44:51 | 000,001,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fiddler2.lnk
[2013.04.04 14:57:45 | 000,002,960 | ---- | C] () -- C:\{178BCE50-8EF4-4611-93D1-37D2578FBC49}
[2013.03.23 15:19:19 | 000,007,600 | ---- | C] () -- C:\Users\doniaali\AppData\Local\Resmon.ResmonCfg
[2013.03.23 14:29:56 | 000,000,098 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.10.01 21:12:18 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat.temp
[2012.09.27 16:46:01 | 001,156,400 | ---- | C] () -- C:\Windows\System32\dmwu.exe
[2012.08.31 13:13:21 | 000,027,136 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll
[2012.08.13 14:24:51 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2012.07.26 16:41:26 | 000,000,600 | ---- | C] () -- C:\Users\doniaali\PUTTY.RND
[2012.01.10 21:08:56 | 000,698,008 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2012.01.10 21:08:56 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2012.01.10 21:08:56 | 000,148,632 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2012.01.10 21:08:56 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2012.01.10 20:35:34 | 000,238,935 | ---- | C] () -- C:\Windows\hpwins26.dat
[2012.01.10 20:15:47 | 000,735,702 | ---- | C] () -- C:\Windows\System32\perfh013.dat
[2012.01.10 20:15:47 | 000,341,322 | ---- | C] () -- C:\Windows\System32\perfi013.dat
[2012.01.10 20:15:47 | 000,152,474 | ---- | C] () -- C:\Windows\System32\perfc013.dat
[2012.01.10 20:15:47 | 000,043,068 | ---- | C] () -- C:\Windows\System32\perfd013.dat
[2012.01.10 19:35:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.01.10 19:35:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >
         

--- --- ---

OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 03.05.2013 12:31:32 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\doniaali\Downloads
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 47,54% Memory free
6,00 Gb Paging File | 3,75 Gb Available in Paging File | 62,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 683,54 Gb Total Space | 612,62 Gb Free Space | 89,62% Space Free | Partition Type: NTFS
 
Computer Name: PHONIEX2012-PC | User Name: doniaali | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\doniaali\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Iminent\Iminent.exe (Iminent)
PRC - C:\Program Files\Iminent\Iminent.Messengers.exe (Iminent)
PRC - C:\Program Files\Common Files\Umbrella\umbrella.exe (Iminent)
PRC - C:\Program Files\Search Results Toolbar\Datamngr\DatamngrUI.exe (Bandoo Media Inc.)
PRC - C:\Program Files\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe (Bandoo Media Inc.)
PRC - C:\Windows\System32\dmwu.exe ()
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Java\jre7\bin\javaw.exe (Oracle Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe ()
PRC - C:\Program Files\spotflux\.\spotflux.exe ()
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Uniblue\SpeedUpMyPC\sump.exe (Uniblue Systems Ltd)
PRC - C:\Program Files\Uniblue\SpeedUpMyPC\spmonitor.exe (Uniblue Systems Ltd)
PRC - C:\Program Files\Wajam\Updater\WajamUpdater.exe (Wajam)
PRC - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Search Results Toolbar\Datamngr\apcrtldr.dll ()
MOD - C:\Program Files\Search Results Toolbar\Datamngr\mgrldr.dll ()
MOD - c:\progra~1\search~2\datamngr\mgrldr.dll ()
MOD - C:\Users\doniaali\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\doniaali\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\doniaali\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
MOD - C:\Users\doniaali\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll ()
MOD - C:\Users\doniaali\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll ()
MOD - C:\Users\doniaali\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\32ecd6bef90d6da4b2b33850c3ce99e1\System.Configuration.Install.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\806c4ba7d696ab586ffd774a31f1a66b\System.Windows.Forms.ni.dll ()
MOD - C:\Program Files\spotflux\.\spotflux.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\8e092d89921648308ac103bb08bfd370\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\e464dc608a88955a0edccba917d207de\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\8bf20667f0b0d4873ee748435427ca85\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\d340a103e8f063a3771cbeaaec58d157\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\d340a103e8f063a3771cbeaaec58d157\System.EnterpriseServices.Wrapper.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\9253eb314ef2f5adada0d5fdf1d4a839\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\22c60ca3c2b18e041ebff2578c90cba3\System.Runtime.DurableInstancing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\62d047ff6c2865139d95eb19545b1cc6\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\48ee0e1de873152ec7e85d7456c1cc09\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\cbb7db665b3ba25a931258eb702527f5\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\8167f7d08668a5859e76aa9a1124a42f\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\f28a346ae10e2eec581608f591cf7116\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8983c040161b34c64474f195bff5e2de\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b83993cc955262507c8ead67567c8060\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\5dbabea688adfc665e3453561736699a\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d884c684ee3f738a60e3c50dd5d88caa\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\08bebcf66ad666dfdf2a4a934d79c0f9\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\cb72ac8478a5ea7e2d570bb710ecb1c1\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\df418085cedae9fa2efee87e20a419a4\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\60c214b6ad5691e368a16ec65d127c27\mscorlib.ni.dll ()
MOD - C:\Users\doniaali\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll ()
MOD - C:\Program Files\Uniblue\SpeedUpMyPC\locale\de\de.dll ()
MOD - C:\Program Files\Uniblue\SpeedUpMyPC\InstallerExtensions.dll ()
MOD - C:\Program Files\Uniblue\SpeedUpMyPC\cwebpage.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
 
 
========== Services (SafeList) ==========
 
SRV - (BrowserProtect) --  File not found
SRV - (SProtection) -- C:\Program Files\Common Files\Umbrella\umbrella.exe (Iminent)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (DatamngrCoordinator) -- C:\Program Files\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe (Bandoo Media Inc.)
SRV - (IBUpdaterService) -- C:\Windows\System32\dmwu.exe ()
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SolutoLauncherService) -- C:\Program Files\Soluto\SolutoLauncherService.exe (Soluto)
SRV - (SolutoService) -- C:\Program Files\Soluto\SolutoService.exe (Soluto)
SRV - (SolutoRemoteService) -- C:\Program Files\Soluto\SolutoRemoteService.exe (Soluto)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (SearchAnonymizer) -- C:\Users\doniaali\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
SRV - (WajamUpdater) -- C:\Program Files\Wajam\Updater\WajamUpdater.exe (Wajam)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe (Symantec Corporation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (cpuz136) -- C:\Windows\TEMP\cpuz136\cpuz136_x32.sys File not found
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130412.001\BHDrvx86.sys (Symantec Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (Soluto) -- C:\Windows\System32\drivers\Soluto.sys (Soluto LTD.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130502.021\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130502.021\NAVENG.SYS (Symantec Corporation)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130502.001\IDSvix86.sys (Symantec Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (SymNetS) -- C:\Windows\System32\drivers\NIS\1207020.003\symnets.sys (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\NIS\1207020.003\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\NIS\1207020.003\srtspx.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\NIS\1207020.003\symefa.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\NIS\1207020.003\symds.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\NIS\1207020.003\ironx86.sys (Symantec Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Mysearchdial Search
IE - HKLM\..\URLSearchHook: {77f8c945-4b74-4bd6-a073-e0d1997edce8} - C:\Program Files\midicair\prxtbmid2.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=484&systemid=406&apn_uid=0200715572144805&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B: "URL" = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=tugumsd&cd=2XzuyEtN2Y1L1QzutDtD0F0FtD0AtC0Bzy0EtB0C0CtB0A0BtN0D0Tzu0CyEzzyBtN1L2XzutBtFtBtFtCtFyCtCzztN1L1Czu2Z2Y1N2Y1H1B1Q&cr=144183255&ir=
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2795622
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://websearch.good-results.info/?l=1&q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010006.10031&barid={BD70E208-D114-4C4A-85CC-AB437D59E4A6}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = Delta Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=e6308829-be2f-4f46-a847-c9d78591d9e9&searchtype=ds&q={searchTerms}&installDate=25/02/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=e6308829-be2f-4f46-a847-c9d78591d9e9&searchtype=ds&q={searchTerms}&installDate=25/02/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Delta Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 51 A3 BC 40 D9 CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=e6308829-be2f-4f46-a847-c9d78591d9e9&searchtype=ds&q={searchTerms}&installDate=25/02/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=e6308829-be2f-4f46-a847-c9d78591d9e9&searchtype=ds&q={searchTerms}&installDate=25/02/2013
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=e6308829-be2f-4f46-a847-c9d78591d9e9&searchtype=ds&q={searchTerms}&installDate=25/02/2013
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www2.delta-search.com/?q={searchTerms}&affID=120519&babsrc=SP_ss&mntrId=ACFD00FF0A1B9E2C
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=484&systemid=406&apn_uid=0200715572144805&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com Search"
FF - prefs.js..browser.search.defaultenginename: "Mysearchdial"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.defaultthis.engineName: "midicair Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2795622&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Mysearchdial"
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine: "Mysearchdial"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/406?appid=484"
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40delta.com:1.5.0
FF - prefs.js..extensions.enabledAddons: %7B377e5d4d-77e5-476a-8716-7e70a9272da0%7D:1.2.0.0
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6
FF - prefs.js..extensions.enabledAddons: %7B77f8c945-4b74-4bd6-a073-e0d1997edce8%7D:3.18.0.7
FF - prefs.js..extensions.enabledAddons: %7Be6308829-be2f-4f46-a847-c9d78591d9e9%7D:1.1
FF - prefs.js..extensions.enabledAddons: %7BEB9394A3-4AD6-4918-9537-31A1FD8E8EDF%7D:2.0
FF - prefs.js..extensions.enabledAddons: lyricsmonkey%40mendoni.net:1.111
FF - prefs.js..extensions.enabledAddons: %7B1FD91A9C-410C-4090-BBCC-55D3450EF433%7D:5.0.0.6767
FF - prefs.js..extensions.enabledAddons: %7B0153E448-190B-4987-BDE1-F256CADA672F%7D:15.0.6
FF - prefs.js..extensions.enabledAddons: fiddlerhook%40fiddler2.com:2.4.3.7
FF - prefs.js..extensions.enabledAddons: webbooster%40iminent.com:6.16.4.4
FF - prefs.js..extensions.enabledAddons: crossriderapp2258%40crossrider.com:0.91.139
FF - prefs.js..extensions.enabledAddons: %7Bad9a41d2-9a49-4fa6-a79e-71a0785364c8%7D:7.0
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40mysearchdial.com:1.6.0
FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.15.100013
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.3.0.9%20-%204
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2795622&SearchSource=2&CUI=SB_CUI&UM=UM_ID&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files\OnLive\Plugin\npolgdet.dll (OnLive)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\doniaali\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\doniaali\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\doniaali\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2012.10.17 23:03:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_13_2 [2013.05.03 10:22:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.01.10 20:49:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.11.09 17:22:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.11.09 17:22:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\51026cd8674e0@51026cd867519.com: C:\Users\doniaali\AppData\Roaming\Mozilla\Firefox\Profiles\kcuhzizm.default\extensions\51026cd8674e0@51026cd867519.com [2013.01.25 13:06:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\rzfk93hww@ayifooa-zpcm.co.uk: C:\Users\doniaali\AppData\Roaming\Mozilla\Firefox\Profiles\kcuhzizm.default\extensions\rzfk93hww@ayifooa-zpcm.co.uk [2013.03.26 23:20:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\hbfx-aua@iyyiwsiyie.com: C:\Users\doniaali\AppData\Roaming\Mozilla\Firefox\Profiles\kcuhzizm.default\extensions\hbfx-aua@iyyiwsiyie.com [2013.03.27 18:39:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files\Fiddler2\FiddlerHook [2013.04.13 12:44:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files\Iminent\webbooster@iminent.com [2013.05.01 12:06:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.20 14:14:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lyricsmonkey@mendoni.net: C:\Program Files\LyricsMonkey\FF\ [2013.04.28 11:36:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.20 14:14:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013.04.21 11:52:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\doniaali\AppData\Roaming\mozilla\Extensions
[2013.05.01 17:14:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\doniaali\AppData\Roaming\mozilla\Firefox\Profiles\kcuhzizm.default\extensions
[2013.04.21 11:52:46 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\doniaali\AppData\Roaming\mozilla\Firefox\Profiles\kcuhzizm.default\extensions\{377e5d4d-77e5-476a-8716-7e70a9272da0}
[2013.03.27 19:41:23 | 000,000,000 | ---D | M] (midicair Community Toolbar) -- C:\Users\doniaali\AppData\Roaming\mozilla\Firefox\Profiles\kcuhzizm.default\extensions\{77f8c945-4b74-4bd6-a073-e0d1997edce8}
[2012.07.27 09:59:38 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\doniaali\AppData\Roaming\mozilla\Firefox\Profiles\kcuhzizm.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2013.05.01 17:14:04 | 000,000,000 | ---D | M] (MySearchDial) -- C:\Users\doniaali\AppData\Roaming\mozilla\Firefox\Profiles\kcuhzizm.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
[2013.04.12 14:49:59 | 000,000,000 | ---D | M] ("QuickShare Widget") -- C:\Users\doniaali\AppData\Roaming\mozilla\Firefox\Profiles\kcuhzizm.default\extensions\{e6308829-be2f-4f46-a847-c9d78591d9e9}
[2013.02.25 19:11:10 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\doniaali\AppData\Roaming\mozilla\Firefox\Profiles\kcuhzizm.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2013.01.25 13:06:35 | 000,000,000 | ---D | M] (Browse2save) -- C:\Users\doniaali\AppData\Roaming\mozilla\Firefox\Profiles\kcuhzizm.default\extensions\51026cd8674e0@51026cd867519.com
[2013.05.01 17:14:09 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\doniaali\AppData\Roaming\mozilla\Firefox\Profiles\kcuhzizm.default\extensions\crossriderapp2258@crossrider.com
[2013.02.25 19:10:53 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\doniaali\AppData\Roaming\mozilla\Firefox\Profiles\kcuhzizm.default\extensions\ffxtlbr@delta.com
[2013.05.01 17:14:06 | 000,000,000 | ---D | M] (mysearchdial.com) -- C:\Users\doniaali\AppData\Roaming\mozilla\Firefox\Profiles\kcuhzizm.default\extensions\ffxtlbr@mysearchdial.com
[2013.03.27 18:39:06 | 000,000,000 | ---D | M] (Boroowsee2save) -- C:\Users\doniaali\AppData\Roaming\mozilla\Firefox\Profiles\kcuhzizm.default\extensions\hbfx-aua@iyyiwsiyie.com
[2013.03.26 23:20:48 | 000,000,000 | ---D | M] (BirowwsyE2savee) -- C:\Users\doniaali\AppData\Roaming\mozilla\Firefox\Profiles\kcuhzizm.default\extensions\rzfk93hww@ayifooa-zpcm.co.uk
[2013.04.03 14:42:36 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\doniaali\AppData\Roaming\mozilla\Firefox\Profiles\kcuhzizm.default\extensions\toolbar@ask.com
[2013.05.01 17:14:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\doniaali\AppData\Roaming\mozilla\Firefox\Profiles\kcuhzizm.default\extensions\crossriderapp2258@crossrider.com\chrome\content\extensionCode
[2013.04.20 14:15:31 | 000,532,430 | ---- | M] () (No name found) -- C:\Users\doniaali\AppData\Roaming\mozilla\firefox\profiles\kcuhzizm.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.05.01 14:02:32 | 000,006,473 | ---- | M] () -- C:\Users\doniaali\AppData\Roaming\mozilla\firefox\profiles\kcuhzizm.default\searchplugins\babylon.xml
[2013.05.01 14:02:32 | 000,006,473 | ---- | M] () -- C:\Users\doniaali\AppData\Roaming\mozilla\firefox\profiles\kcuhzizm.default\searchplugins\BrowserProtect.xml
[2013.03.27 19:39:42 | 000,000,919 | ---- | M] () -- C:\Users\doniaali\AppData\Roaming\mozilla\firefox\profiles\kcuhzizm.default\searchplugins\conduit.xml
[2013.05.01 12:05:27 | 000,001,294 | ---- | M] () -- C:\Users\doniaali\AppData\Roaming\mozilla\firefox\profiles\kcuhzizm.default\searchplugins\delta.xml
[2013.05.01 17:15:19 | 000,002,389 | ---- | M] () -- C:\Users\doniaali\AppData\Roaming\mozilla\firefox\profiles\kcuhzizm.default\searchplugins\Mysearchdial.xml
[2013.04.30 18:53:09 | 000,002,120 | ---- | M] () -- C:\Users\doniaali\AppData\Roaming\mozilla\firefox\profiles\kcuhzizm.default\searchplugins\MyStart Search.xml
[2013.04.21 11:51:59 | 000,002,646 | ---- | M] () -- C:\Users\doniaali\AppData\Roaming\mozilla\firefox\profiles\kcuhzizm.default\searchplugins\Search_Results.xml
[2013.04.12 14:56:46 | 000,022,907 | ---- | M] () -- C:\Users\doniaali\AppData\Roaming\mozilla\firefox\profiles\kcuhzizm.default\searchplugins\Web Search.xml
[2013.04.21 11:52:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.01.26 21:42:44 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\Program Files\mozilla firefox\extensions\adapter@babylontc.com
[2013.04.13 12:44:51 | 000,000,000 | ---D | M] (FiddlerHook) -- C:\PROGRAM FILES\FIDDLER2\FIDDLERHOOK
[2013.05.01 12:06:27 | 000,000,000 | ---D | M] ("Iminent Minibar") -- C:\PROGRAM FILES\IMINENT\WEBBOOSTER@IMINENT.COM
[2013.04.28 11:36:51 | 000,000,000 | ---D | M] ("Lyrics Monkey") -- C:\PROGRAM FILES\LYRICSMONKEY\FF
[2012.10.17 23:03:13 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPLGN
[2012.11.09 17:22:11 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2013.04.20 14:14:59 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.03.07 17:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.05.01 14:05:54 | 000,006,492 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2013.03.07 17:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.03.07 17:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.07 17:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.21 11:51:59 | 000,002,646 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2013.03.07 17:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.07 17:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: Mysearchdial Search
CHR - default_search_provider: Mysearchdial ()
CHR - default_search_provider: search_url = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=tugumsd&cd=2XzuyEtN2Y1L1QzutDtD0F0FtD0AtC0Bzy0EtB0C0CtB0A0BtN0D0Tzu0CyEzzyBtN1L2XzutBtFtBtFtCtFyCtCzztN1L1Czu2Z2Y1N2Y1H1B1Q&cr=144183255&ir=
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\doniaali\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\doniaali\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\doniaali\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: registryAccess (Enabled) = C:\Users\doniaali\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.15.37265_0\background/registryAccess.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: OnLive Game Client Detector (Enabled) = C:\Program Files\OnLive\Plugin\npolgdet.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files\Sony\Media Go\npmediago.dll
CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\doniaali\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Ask Toolbar = C:\Users\doniaali\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.15.37265_0\
CHR - Extension: QuickShare Widget = C:\Users\doniaali\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\
CHR - Extension: Google Docs = C:\Users\doniaali\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\doniaali\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\doniaali\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\doniaali\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Delta Toolbar = C:\Users\doniaali\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.3_0\
CHR - Extension: Iminent = C:\Users\doniaali\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl\6.16.5.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\doniaali\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: New tab for Chrome\u2122 = C:\Users\doniaali\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: Lyrics Monkey = C:\Users\doniaali\AppData\Local\Google\Chrome\User Data\Default\Extensions\khialnikbocfgkohdegnebhmmaifoglp\1.111_0\
CHR - Extension: SwissConverter 2.1 = C:\Users\doniaali\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhdidofdhbieclaekjnfcnfaoceobnco\10.15.0.62_0\
CHR - Extension: Skype Click to Call = C:\Users\doniaali\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_0\
CHR - Extension: Google Mail = C:\Users\doniaali\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013.04.30 17:31:35 | 000,010,555 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 198.167.139.193 google.com
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 317 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Lyrics Monkey) - {18CAEA74-C7E8-4D37-967F-1D01351BA398} - C:\Program Files\LyricsMonkey\lyricsmonkey.dll (MNDi Software)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.7.2\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {336D0C35-8A85-403a-B9D2-65C292C39087} - No CLSID value found.
O2 - BHO: (Search-Results Toolbar) - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~1\SEARCH~2\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O2 - BHO: (mixidj Helper Object) - {4D6A9BBF-402C-4301-B1EF-28D04F71D761} - C:\Program Files\mixidj\mixidj\1.8.4.1\bh\mixidj.dll (MixiDJ)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (midicair Toolbar) - {77f8c945-4b74-4bd6-a073-e0d1997edce8} - C:\Program Files\midicair\prxtbmid2.dll (Conduit Ltd.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\wajam.dll (Wajam)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (LyricsTube) - {B399EDE8-1525-458C-8DD9-31EADF632D06} - C:\Program Files\LyricsTube\lrcstube.dll (Hansen & Destar Apps)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Browse2save) - {B80652C1-907A-3E1D-D19E-031B4F489227} - C:\ProgramData\Browse2save\51026cd86767d.dll ()
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.16.16\bh\delta.dll (Delta-search.com)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\Softonic\1.5.21.0\bh\Softonic.dll (Softonic.com)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (mysearchdial Helper Object) - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\PROGRA~1\MYSEAR~1\bh\mysearchdial.dll (Ironsource Israel (2011) LTD)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (mysearchdial Toolbar) - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\PROGRA~1\MYSEAR~1\mysearchdialTlbr.dll (Ironsource Israel (2011) LTD)
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~1\SEARCH~2\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\Softonic\1.5.21.0\SoftonicTlbr.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (midicair Toolbar) - {77f8c945-4b74-4bd6-a073-e0d1997edce8} - C:\Program Files\midicair\prxtbmid2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.16.16\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.7.2\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (MixiDJ Toolbar) - {CA9B9C89-4662-4ADC-9C23-A452BECD5D19} - C:\Program Files\mixidj\mixidj\1.8.4.1\mixidjTlbr.dll (MixiDJ)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (midicair Toolbar) - {77F8C945-4B74-4BD6-A073-E0D1997EDCE8} - C:\Program Files\midicair\prxtbmid2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Iminent] C:\Program Files\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Telerik)
O9 - Extra 'Tools' menuitem : Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Telerik)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.202 193.189.244.194
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A1B9E2C-DECA-458F-8A2B-CBC31C89A90C}: DhcpNameServer = 44.0.0.253 44.0.0.3 44.0.0.4 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1957BA05-6631-4A34-A85E-80CEBD0EE152}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F6F9F58-CECB-4610-995C-BAFAEE0A16FC}: DhcpNameServer = 192.168.1.1 193.189.244.202 193.189.244.194
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~2\Wincert\WIN32C~1.DLL) - C:\ProgramData\Wincert\win32cert.dll ()
O20 - AppInit_DLLs: (c:\progra~1\search~2\datamngr\mgrldr.dll) - c:\progra~1\search~2\datamngr\mgrldr.dll ()
O20 - AppInit_DLLs: (c:\progra~1\websea~1\sprote~1.dll) - c:\progra~1\websea~1\sprote~1.dll ()
O20 - AppInit_DLLs: (c:\progra~1\browse~1\sprote~1.dll) - c:\progra~1\browse~1\sprote~1.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d8fbc4c0-8d98-11e2-a690-0025115aab59}\Shell - "" = AutoRun
O33 - MountPoints2\{d8fbc4c0-8d98-11e2-a690-0025115aab59}\Shell\AutoRun\command - "" = J:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\HTC_Sync_Manager_PC.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: x86 - (C:\Program Files\Search Results Toolbar\Datamngr\apcrtldr.dll) - C:\Program Files\Search Results Toolbar\Datamngr\apcrtldr.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.02 17:23:27 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Roaming\Malwarebytes
[2013.05.02 17:23:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.02 17:23:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.02 17:23:18 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.05.02 17:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.05.02 17:23:10 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\Programs
[2013.05.02 17:02:27 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Roaming\Avira
[2013.05.02 11:49:37 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.05.01 19:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.05.01 19:21:28 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.05.01 19:21:27 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.05.01 19:21:27 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.05.01 19:21:27 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.05.01 19:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.05.01 19:21:26 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.05.01 18:58:09 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013.05.01 15:42:52 | 000,000,000 | ---D | C] -- C:\Users\doniaali\Documents\Simply Super Software
[2013.05.01 14:32:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2013.05.01 14:32:24 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2013.05.01 14:32:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2013.05.01 14:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Pro
[2013.05.01 14:07:42 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Pro
[2013.05.01 14:07:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mysearchdial
[2013.05.01 14:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\mixiedj
[2013.05.01 14:06:31 | 000,000,000 | ---D | C] -- C:\Program Files\mixidj
[2013.05.01 14:05:54 | 000,000,000 | ---D | C] -- C:\Program Files\LyricsTube
[2013.05.01 12:50:57 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\ElevatedDiagnostics
[2013.05.01 12:50:07 | 000,000,000 | ---D | C] -- C:\Users\doniaali\Desktop\Neuer Ordner
[2013.05.01 12:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\DomaIQ Uninstaller
[2013.05.01 12:06:39 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Roaming\Iminent
[2013.05.01 12:06:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Iminent
[2013.05.01 12:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
[2013.05.01 12:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Umbrella
[2013.05.01 12:06:07 | 000,000,000 | ---D | C] -- C:\Program Files\Iminent
[2013.05.01 12:05:56 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
[2013.05.01 12:05:27 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Roaming\BabSolution
[2013.05.01 12:05:11 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Roaming\Delta
[2013.04.30 15:43:21 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MinecraftAlpha
[2013.04.30 15:43:20 | 000,000,000 | ---D | C] -- C:\Program Files\MinecraftAlpha
[2013.04.30 15:39:07 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Roaming\.minecraft
[2013.04.30 15:08:22 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{1C1ADA15-7B69-446F-8C10-7D6E2010A37E}
[2013.04.29 20:22:52 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Roaming\Google
[2013.04.29 20:22:39 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Roaming\Yahoo!
[2013.04.29 20:22:19 | 000,000,000 | ---D | C] -- C:\Users\doniaali\Documents\Eigene Scans
[2013.04.29 13:36:40 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{A268B594-CC53-456B-B1A0-456E64A44864}
[2013.04.28 11:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\LyricsMonkey
[2013.04.28 11:36:45 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{3F092477-FECE-46E9-BD40-4B67F8A78BB7}
[2013.04.27 20:02:00 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{C54D09C3-86BB-410C-95C6-84C51434A766}
[2013.04.27 19:57:10 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{D412F663-6BEF-4F88-A323-0290F2DA811C}
[2013.04.22 15:08:13 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{9E5F3EB2-F431-402D-8E0C-4B866651EDF2}
[2013.04.21 12:21:08 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{51212EAF-11F2-4CFD-B2C0-BEE9F391766F}
[2013.04.21 11:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Wincert
[2013.04.21 11:51:50 | 000,000,000 | ---D | C] -- C:\Program Files\Search Results Toolbar
[2013.04.21 11:51:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Datamngr
[2013.04.21 11:51:25 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\iLivid
[2013.04.21 00:20:42 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{3D9A8003-C964-42E3-8111-C03E821E6307}
[2013.04.20 10:15:32 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{7AC8426E-B33E-4A95-ADF6-F2223CB393F9}
[2013.04.19 21:06:03 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{C362B9EB-5829-4D94-8F4A-76DF3C85E012}
[2013.04.19 19:47:55 | 000,000,000 | ---D | C] -- C:\Users\doniaali\Downloads
[2013.04.19 09:05:37 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{0856E38D-F89A-4782-9420-DAAC9AD57C15}
[2013.04.18 15:50:57 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{FA9AB740-C850-4D22-9197-AD88FA659DD8}
[2013.04.17 12:02:32 | 000,000,000 | ---D | C] -- C:\Users\doniaali\Documents\Downloads
[2013.04.17 11:30:09 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{0E01C49D-B755-4DFF-B9ED-EFC4CD171A52}
[2013.04.16 09:52:49 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{0D2051E5-78D7-49F0-A674-175AFE374E53}
[2013.04.15 09:18:40 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{0D19E352-785E-424A-AC7B-455CCEA67C27}
[2013.04.13 18:28:47 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{4FB0FDF9-6BB4-4F8C-A2DB-AAD285F0B248}
[2013.04.13 15:01:17 | 000,000,000 | --SD | C] -- C:\Users\doniaali\Documents\MicroSys
[2013.04.13 15:01:17 | 000,000,000 | -HSD | C] -- C:\Users\doniaali\Documents\MSDCSC
[2013.04.13 12:45:11 | 000,000,000 | ---D | C] -- C:\Users\doniaali\Documents\Fiddler2
[2013.04.13 12:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\Fiddler2
[2013.04.12 19:05:58 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{39DA384A-3C2F-4A93-807A-2FBD4B4CFA2F}
[2013.04.12 06:55:16 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{193CEAFA-C947-406E-AD10-DC9D97E0195B}
[2013.04.11 17:16:06 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{4E21AF9B-8E89-43B1-AE79-EB0EE7723059}
[2013.04.11 15:12:30 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.11 15:12:29 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.04.11 15:12:28 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.04.11 15:12:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.04.11 15:12:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.04.11 15:12:27 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.04.11 15:12:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.04.11 15:12:26 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.04.11 12:35:09 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.04.11 12:35:06 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.04.11 12:35:05 | 003,958,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.04.11 12:35:05 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.04.11 12:34:58 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013.04.11 12:34:58 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2013.04.11 12:29:16 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{73076478-7532-4A83-B55F-D877A69F3623}
[2013.04.10 12:14:25 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{C07D17C0-76BE-4D3D-BE60-87809F4E2F36}
[2013.04.09 13:29:05 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{02B889D4-3C20-4D27-A3C3-FD6A7EF2860E}
[2013.04.08 12:10:22 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{20C4B2DC-C38F-48E1-8385-110EED1738C3}
[2013.04.07 02:49:55 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{F9EDD1F7-32D9-40D6-8E98-C46BF9C3776A}
[2013.04.06 11:11:07 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{0D269BC1-AF97-41EB-BF6E-B3238449D512}
[2013.04.04 10:47:28 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Local\{B5C779F1-9B81-430D-A772-820AE1DDB117}
[2013.04.03 13:59:58 | 000,000,000 | ---D | C] -- C:\Users\doniaali\Documents\My Cheat Tables
[2013.04.03 13:59:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.2
[2013.04.03 13:59:17 | 000,000,000 | ---D | C] -- C:\Program Files\Cheat Engine 6.2
[2013.04.03 13:59:13 | 000,000,000 | ---D | C] -- C:\Users\doniaali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
[2013.04.03 13:59:13 | 000,000,000 | ---D | C] -- C:\Program Files\FilesFrog Update Checker
[2013.04.03 13:59:01 | 000,000,000 | ---D | C] -- C:\Program Files\XingHaoLyrics
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.03 12:35:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.03 12:22:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1003UA.job
[2013.05.03 12:07:00 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\MySearchDial.job
[2013.05.03 11:53:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.03 11:48:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1006UA.job
[2013.05.03 11:30:01 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1003UA.job
[2013.05.03 10:29:58 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.03 10:29:58 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.03 10:22:34 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.03 10:22:30 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\spmonitor.job
[2013.05.03 10:22:30 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC.job
[2013.05.03 10:22:29 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\schedule!3036567561.job
[2013.05.03 10:22:29 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\RMAutoUpdate.job
[2013.05.03 10:22:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.03 10:21:57 | 2415,316,992 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.02 19:56:21 | 000,000,000 | ---- | M] () -- C:\END
[2013.05.02 18:59:59 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2013.05.02 17:40:18 | 000,735,702 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2013.05.02 17:40:18 | 000,698,008 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.02 17:40:18 | 000,654,880 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.02 17:40:18 | 000,152,474 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2013.05.02 17:40:18 | 000,148,632 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.02 17:40:18 | 000,121,752 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.02 17:33:48 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1003Core.job
[2013.05.02 17:23:21 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.02 15:39:20 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1006Core.job
[2013.05.02 15:11:28 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1003Core.job
[2013.05.02 15:11:28 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\PC Performer_DEFAULT.job
[2013.05.02 11:49:24 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.05.01 19:21:40 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.05.01 14:07:08 | 000,000,368 | ---- | M] () -- C:\Users\Public\Desktop\MySearchDial.url
[2013.05.01 13:13:58 | 000,002,343 | ---- | M] () -- C:\Users\doniaali\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013.05.01 12:06:29 | 000,000,596 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog
[2013.04.30 17:31:35 | 000,010,555 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.04.28 17:38:04 | 000,002,408 | ---- | M] () -- C:\{91CC7DA9-1967-46BE-AE98-27D5CCAF8CCA}
[2013.04.21 11:52:54 | 000,001,001 | ---- | M] () -- C:\Users\doniaali\Application Data\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk
[2013.04.20 17:09:15 | 000,002,304 | ---- | M] () -- C:\{8037E2D3-8763-4391-8F4E-5A4B5674A00E}
[2013.04.11 17:12:11 | 000,401,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.07 10:54:58 | 001,156,400 | ---- | M] () -- C:\Windows\System32\dmwu.exe
[2013.04.07 10:52:34 | 000,027,136 | ---- | M] () -- C:\Windows\System32\ImHttpComm.dll
[2013.04.04 14:57:45 | 000,002,960 | ---- | M] () -- C:\{178BCE50-8EF4-4611-93D1-37D2578FBC49}
[2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.02 17:23:21 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.01 19:21:40 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.05.01 14:07:53 | 000,000,284 | ---- | C] () -- C:\Windows\tasks\MySearchDial.job
[2013.05.01 14:07:08 | 000,000,368 | ---- | C] () -- C:\Users\Public\Desktop\MySearchDial.url
[2013.05.01 13:38:11 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1006UA.job
[2013.05.01 13:38:09 | 000,001,060 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1006Core.job
[2013.05.01 13:13:58 | 000,002,343 | ---- | C] () -- C:\Users\doniaali\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013.05.01 13:11:32 | 000,001,132 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1003UA.job
[2013.05.01 13:11:31 | 000,001,080 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1003Core.job
[2013.05.01 12:06:22 | 000,000,596 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog
[2013.04.28 17:38:02 | 000,002,408 | ---- | C] () -- C:\{91CC7DA9-1967-46BE-AE98-27D5CCAF8CCA}
[2013.04.21 11:52:54 | 000,001,007 | ---- | C] () -- C:\Users\doniaali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
[2013.04.21 11:52:53 | 000,001,001 | ---- | C] () -- C:\Users\doniaali\Application Data\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk
[2013.04.20 17:09:12 | 000,002,304 | ---- | C] () -- C:\{8037E2D3-8763-4391-8F4E-5A4B5674A00E}
[2013.04.13 12:44:51 | 000,001,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fiddler2.lnk
[2013.04.04 14:57:45 | 000,002,960 | ---- | C] () -- C:\{178BCE50-8EF4-4611-93D1-37D2578FBC49}
[2013.03.23 15:19:19 | 000,007,600 | ---- | C] () -- C:\Users\doniaali\AppData\Local\Resmon.ResmonCfg
[2013.03.23 14:29:56 | 000,000,098 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.10.01 21:12:18 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat.temp
[2012.09.27 16:46:01 | 001,156,400 | ---- | C] () -- C:\Windows\System32\dmwu.exe
[2012.08.31 13:13:21 | 000,027,136 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll
[2012.08.13 14:24:51 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2012.07.26 16:41:26 | 000,000,600 | ---- | C] () -- C:\Users\doniaali\PUTTY.RND
[2012.01.10 21:08:56 | 000,698,008 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2012.01.10 21:08:56 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2012.01.10 21:08:56 | 000,148,632 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2012.01.10 21:08:56 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2012.01.10 20:35:34 | 000,238,935 | ---- | C] () -- C:\Windows\hpwins26.dat
[2012.01.10 20:15:47 | 000,735,702 | ---- | C] () -- C:\Windows\System32\perfh013.dat
[2012.01.10 20:15:47 | 000,341,322 | ---- | C] () -- C:\Windows\System32\perfi013.dat
[2012.01.10 20:15:47 | 000,152,474 | ---- | C] () -- C:\Windows\System32\perfc013.dat
[2012.01.10 20:15:47 | 000,043,068 | ---- | C] () -- C:\Windows\System32\perfd013.dat
[2012.01.10 19:35:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.01.10 19:35:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >
         

--- --- ---

Da ist sehr viel Mist drauf...


Schritt 1

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

• WICHTIG: Speichere Combofix auf deinem Desktop.
• Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
• Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
• Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
• Wenn Combofix fertig ist, wird es ein Logfile erstellen.
• Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Schritt 3

Starte bitte die OTL.exe.

• Setze den Haken bei Scan all Users.
• Drücke auf den Quick Scan Button.
• Poste den Inhalt von OTL.txt hier in den Thread.

Bitte poste in deiner nächsten Antwort:

• Log von Adwcleaner
• Log von Combofix
• Log von OTL

Wenn ich es posten will steht da man kann 120000 Wörter Posten ;(

Dann poste die Logfiles einzeln und nicht alle im selben Post.

AdwCleaner Logfile:

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v2.300 - Logfile created 05/04/2013 at 11:05:44
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Ultimate  (32 bits)
# User : Ali - PHONIEX2012-PC
# Boot Mode : Normal
# Running from : C:\Users\Ali\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\search results toolbar
Deleted on reboot : C:\ProgramData\BetterSoft
File Deleted : C:\Windows\system32\dmwu.exe
File Deleted : C:\Windows\system32\ImhxxpComm.dll

***** [Registry] *****

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\Software\WNLT

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (de)

File : C:\Users\doniaali\AppData\Roaming\Mozilla\Firefox\Profiles\kcuhzizm.default\prefs.js

[OK] File is clean.

File : C:\Users\Ali\AppData\Roaming\Mozilla\Firefox\Profiles\bsfcdbf6.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\doniaali\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Ali\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1681 octets] - [04/05/2013 10:59:07]
AdwCleaner[S1].txt - [130177 octets] - [03/05/2013 17:52:55]
AdwCleaner[S2].txt - [1508 octets] - [04/05/2013 11:05:44]

########## EOF - C:\AdwCleaner[S2].txt - [1568 octets] ##########
         

--- --- ---




Noch Eine Frage Ich Habe Noch Eine Unbenutzte Windows 8 CD Kann Ich Sie im Pc reinstecken Und dann Auf Windows 8 Updaten obwohl ein Trojaner Auf Mein PC Ist ?

Combofix Logfile:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 13-05-04.01 - Ali 04.05.2013  11:20:16.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1033.18.3071.2014 [GMT 2:00]
ausgeführt von:: c:\users\Ali\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\BirowwsyE2savee
c:\users\Public\sdelevURL.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-04 bis 2013-05-04  ))))))))))))))))))))))))))))))
.
.
2013-05-04 09:28 . 2013-05-04 09:28	--------	d-----w-	c:\users\doniaali\AppData\Local\temp
2013-05-04 09:28 . 2013-05-04 09:28	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-02 15:23 . 2013-05-02 15:23	--------	d-----w-	c:\users\doniaali\AppData\Roaming\Malwarebytes
2013-05-02 15:23 . 2013-05-02 15:23	--------	d-----w-	c:\programdata\Malwarebytes
2013-05-02 15:23 . 2013-05-02 15:23	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-05-02 15:23 . 2013-04-04 12:50	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-05-02 15:23 . 2013-05-02 15:23	--------	d-----w-	c:\users\doniaali\AppData\Local\Programs
2013-05-02 15:02 . 2013-05-02 15:02	--------	d-----w-	c:\users\doniaali\AppData\Roaming\Avira
2013-05-02 09:49 . 2013-05-02 09:49	66656	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-05-01 17:21 . 2013-03-06 13:13	37352	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-05-01 17:21 . 2013-02-27 10:22	84744	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-05-01 17:21 . 2013-02-27 10:22	135136	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-05-01 17:21 . 2013-05-01 17:21	--------	d-----w-	c:\programdata\Avira
2013-05-01 17:21 . 2013-05-01 17:21	--------	d-----w-	c:\program files\Avira
2013-05-01 16:58 . 2013-05-01 16:58	--------	d-----w-	c:\windows\Sun
2013-05-01 12:32 . 2013-05-01 12:32	--------	d-----w-	c:\program files\Trojan Remover
2013-05-01 12:32 . 2013-05-01 12:32	--------	d-----w-	c:\programdata\Simply Super Software
2013-05-01 12:07 . 2013-05-01 12:07	--------	d-----w-	c:\program files\Driver Pro
2013-05-01 12:07 . 2013-05-01 12:07	--------	d-----w-	c:\program files\Mysearchdial
2013-05-01 12:06 . 2013-05-01 12:06	--------	d-----w-	c:\program files\mixiedj
2013-05-01 12:05 . 2013-05-01 12:05	--------	d-----w-	c:\program files\LyricsTube
2013-05-01 11:37 . 2013-05-01 11:37	--------	d-----w-	c:\users\Ali
2013-05-01 10:50 . 2013-05-01 10:50	--------	d-----w-	c:\users\doniaali\AppData\Local\ElevatedDiagnostics
2013-04-30 13:43 . 2013-04-30 13:43	--------	d-----w-	c:\program files\MinecraftAlpha
2013-04-30 13:39 . 2013-04-30 13:44	--------	d-----w-	c:\users\doniaali\AppData\Roaming\.minecraft
2013-04-29 18:22 . 2013-04-29 18:22	--------	d-----w-	c:\users\doniaali\AppData\Roaming\Yahoo!
2013-04-28 09:36 . 2013-04-28 09:36	--------	d-----w-	c:\program files\LyricsMonkey
2013-04-27 18:14 . 2013-04-12 13:58	1210728	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-21 09:53 . 2013-04-21 09:53	--------	d-----w-	c:\programdata\Wincert
2013-04-21 09:51 . 2013-05-03 15:53	--------	d-----w-	c:\program files\Search Results Toolbar
2013-04-21 09:51 . 2013-05-03 15:52	--------	d-----w-	c:\programdata\Datamngr
2013-04-20 12:14 . 2013-04-20 12:14	26520	----a-w-	c:\program files\Mozilla Firefox\plugin-hang-ui.exe
2013-04-13 10:44 . 2013-04-13 10:44	--------	d-----w-	c:\program files\Fiddler2
2013-04-11 10:35 . 2013-03-01 03:11	2345984	----a-w-	c:\windows\system32\win32k.sys
2013-04-11 10:35 . 2013-01-24 04:51	195816	----a-w-	c:\windows\system32\drivers\fvevol.sys
2013-04-11 10:35 . 2013-03-19 05:06	3902312	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-04-11 10:35 . 2013-03-19 05:06	3958120	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-04-11 10:35 . 2013-03-19 04:54	38912	----a-w-	c:\windows\system32\csrsrv.dll
2013-04-11 10:35 . 2013-03-19 02:50	69632	----a-w-	c:\windows\system32\smss.exe
2013-04-11 10:34 . 2013-02-12 15:13	2691072	----a-w-	c:\windows\system32\mstscax.dll
2013-04-11 10:34 . 2013-02-12 15:07	131072	----a-w-	c:\windows\system32\aaclient.dll
2013-04-11 10:34 . 2013-02-12 13:59	36864	----a-w-	c:\windows\system32\tsgqec.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-01 09:56 . 2011-03-28 17:36	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-03-27 17:41 . 2012-08-07 21:56	693976	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-03-27 17:41 . 2012-01-10 17:51	73432	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-22 19:37 . 2013-03-22 19:38	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-03-22 19:37 . 2012-08-24 11:16	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-03-22 19:37 . 2012-08-24 11:16	861088	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-03-06 12:51 . 2013-03-23 12:28	51144	----a-w-	c:\windows\system32\drivers\Soluto.sys
2013-02-12 13:51 . 2013-03-21 14:22	15872	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-02-05 07:25 . 2012-08-31 11:13	632656	----a-w-	c:\windows\system32\msvcr80.dll
2013-02-05 07:25 . 2012-08-31 11:13	554832	----a-w-	c:\windows\system32\msvcp80.dll
2013-02-05 07:25 . 2012-08-31 11:13	479232	----a-w-	c:\windows\system32\msvcm80.dll
2013-02-05 07:25 . 2011-06-11 00:58	773968	----a-w-	c:\windows\system32\msvcr100.dll
2013-02-05 07:25 . 2011-06-11 00:58	421200	----a-w-	c:\windows\system32\msvcp100.dll
2013-04-20 12:14 . 2013-03-27 17:31	263064	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~1\Yahoo!\Companion\Installs\cpn0\yt.dll" [2011-10-06 2015544]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{18CAEA74-C7E8-4D37-967F-1D01351BA398}]
2013-04-22 11:27	127488	----a-w-	c:\program files\LyricsMonkey\lyricsmonkey.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{B399EDE8-1525-458C-8DD9-31EADF632D06}]
2013-04-21 12:20	127488	----a-w-	c:\program files\LyricsTube\lrcstube.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MegaCloudNormal]
@="{03FB4211-3964-44E8-97D7-A2FA49CF5576}"
[HKEY_CLASSES_ROOT\CLSID\{03FB4211-3964-44E8-97D7-A2FA49CF5576}]
2012-12-19 15:57	244480	----a-w-	c:\users\doniaali\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MegaCloudModified]
@="{03FB4212-3964-44E8-97D7-A2FA49CF5576}"
[HKEY_CLASSES_ROOT\CLSID\{03FB4212-3964-44E8-97D7-A2FA49CF5576}]
2012-12-19 15:57	244480	----a-w-	c:\users\doniaali\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2MeagCloudError]
@="{03FB4213-3964-44E8-97D7-A2FA49CF5576}"
[HKEY_CLASSES_ROOT\CLSID\{03FB4213-3964-44E8-97D7-A2FA49CF5576}]
2012-12-19 15:57	244480	----a-w-	c:\users\doniaali\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Driver Pro"="c:\program files\Driver Pro\DPLauncher.exe" [2012-10-30 340512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2013-05-01 1648400]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-02 345312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSDMonitor]
2012-03-21 10:23	103896	----a-w-	c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" -osboot
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [x]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x32.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [x]
R4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R4 SolutoLauncherService;Soluto Launcher Service;c:\program files\Soluto\SolutoLauncherService.exe [x]
R4 SolutoRemoteService;Soluto Remote Service;c:\program files\Soluto\SolutoRemoteService.exe [x]
R4 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [x]
R4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1207020.003\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1207020.003\SYMEFA.SYS [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130412.001\BHDrvx86.sys [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130502.001\IDSvix86.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1207020.003\Ironx86.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1207020.003\SYMNETS.SYS [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-07 17:41]
.
2013-05-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1003Core.job
- c:\users\doniaali\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-07 15:25]
.
2013-05-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1003UA.job
- c:\users\doniaali\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-07 15:25]
.
2013-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-09 15:21]
.
2013-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-09 15:21]
.
2013-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1003Core.job
- c:\users\doniaali\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-01 11:11]
.
2013-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1003UA.job
- c:\users\doniaali\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-01 11:11]
.
2013-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1006Core.job
- c:\users\Ali\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-01 11:38]
.
2013-05-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1006UA.job
- c:\users\Ali\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-01 11:38]
.
2013-02-18 c:\windows\Tasks\MegaCloud Backup.job
- c:\users\doniaali\AppData\Roaming\MegaCloudBackup\MegaCloudBackup.exe [2012-12-23 14:43]
.
2013-05-04 c:\windows\Tasks\schedule!3036567561.job
- c:\programdata\BetterSoft\OptimizerPro\OptimizerPro.exe [2013-01-25 19:58]
.
2013-05-04 c:\windows\Tasks\SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC\sump.exe [2013-01-06 18:44]
.
2013-05-04 c:\windows\Tasks\spmonitor.job
- c:\program files\Uniblue\SpeedUpMyPC\spmonitor.exe [2013-01-06 18:44]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.mysearchdial.com/?f=1&a=tugumsd&cd=2XzuyEtN2Y1L1QzutDtD0F0FtD0AtC0Bzy0EtB0C0CtB0A0BtN0D0Tzu0CyEzzyBtN1L2XzutBtFtBtFtCtFyCtCzztN1L1Czu2Z2Y1N2Y1H1B1Q&cr=144183255&ir=
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=tugumsd&cd=2XzuyEtN2Y1L1QzutDtD0F0FtD0AtC0Bzy0EtB0C0CtB0A0BtN0D0Tzu0CyEzzyBtN1L2XzutBtFtBtFtCtFyCtCzztN1L1Czu2Z2Y1N2Y1H1B1Q&cr=144183255&ir=
TCP: DhcpNameServer = 192.168.1.1 193.189.244.202 193.189.244.194
FF - ProfilePath - c:\users\Ali\AppData\Roaming\Mozilla\Firefox\Profiles\bsfcdbf6.default\
FF - prefs.js: browser.search.selectedEngine - Mysearchdial
FF - ExtSQL: 2013-03-26 22:54; rzfk93hww@ayifooa-zpcm.co.uk; c:\users\doniaali\AppData\Roaming\Mozilla\Firefox\Profiles\kcuhzizm.default\extensions\rzfk93hww@ayifooa-zpcm.co.uk
FF - ExtSQL: 2013-03-27 17:39; hbfx-aua@iyyiwsiyie.com; c:\users\doniaali\AppData\Roaming\Mozilla\Firefox\Profiles\kcuhzizm.default\extensions\hbfx-aua@iyyiwsiyie.com
FF - ExtSQL: 2013-04-13 12:44; fiddlerhook@fiddler2.com; c:\program files\Fiddler2\FiddlerHook
FF - ExtSQL: 2013-04-21 11:52; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; c:\program files\Search Results Toolbar\Datamngr\FirefoxExtension
FF - ExtSQL: 2013-05-01 12:06; webbooster@iminent.com; c:\program files\Iminent\webbooster@iminent.com
FF - ExtSQL: 2013-05-01 12:17; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn
FF - ExtSQL: 2013-05-01 13:19; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_13_2
FF - ExtSQL: 2013-05-01 14:05; lrcsTube@hansanddeta.com; c:\program files\LyricsTube\FF
FF - ExtSQL: 2013-05-01 14:07; {ad9a41d2-9a49-4fa6-a79e-71a0785364c8}; c:\users\Ali\AppData\Roaming\Mozilla\Firefox\Profiles\bsfcdbf6.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
FF - ExtSQL: 2013-05-01 14:08; ffxtlbr@mysearchdial.com; c:\users\Ali\AppData\Roaming\Mozilla\Firefox\Profiles\bsfcdbf6.default\extensions\ffxtlbr@mysearchdial.com
FF - ExtSQL: 2013-05-01 14:08; {004de2fd-9e38-47b3-817e-ae06b15c09e7}; c:\users\Ali\AppData\Roaming\Mozilla\Firefox\Profiles\bsfcdbf6.default\extensions\{004de2fd-9e38-47b3-817e-ae06b15c09e7}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Google Update - c:\users\Phoniex 2012\AppData\Local\Google\Update\GoogleUpdate.exe
MSConfigStartUp-Messenger (Yahoo!) - ~c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
MSConfigStartUp-MicroUpdate - c:\msdcsc\msdcsc.exe
AddRemove-ilividtoolbargaw - c:\progra~1\SEARCH~2\Datamngr\SRTOOL~1\uninstall.exe
AddRemove-OPERATION7 - c:\mgameeu\OPERATION7\uninstall.exe
AddRemove-Optimizer Pro_is1 - c:\program files\Optimizer Pro\unins000.exe
AddRemove-Registry Mechanic_is1 - c:\program files\PC Tools Registry Mechanic\unins000.exe
AddRemove-SP_b0285714 - c:\program files\WebSearch\uninstall.exe
AddRemove-UDK-5dc36b4c-342c-4ec3-8171-b5c77ef18ec4 - c:\udk\UDK-2012-07\Binaries\UnSetup.exe
AddRemove-UDK-827ce8a6-e31a-4d2c-828a-3b0e9fc32cec - c:\udk\UDK-2011-12\Binaries\UnSetup.exe
AddRemove-{21EBF25E-60F7-E6DE-807D-2E46AF850107} - c:\progra~2\INSTAL~1\{ACF12~1\Setup.exe
AddRemove-{2A010C85-95B1-C809-CE48-5BD8D39073AD} - c:\progra~2\INSTAL~1\{A8A68~1\Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-04  11:30:45
ComboFix-quarantined-files.txt  2013-05-04 09:30
.
Vor Suchlauf: 6 Verzeichnis(se), 658.208.866.304 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 658.300.571.648 Bytes frei
.
- - End Of File - - BDA0E1CE24558F1EF3FB9183CA841FA6
         

--- --- ---

OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 04.05.2013 12:08:07 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ali\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 54,09% Memory free
6,00 Gb Paging File | 4,48 Gb Available in Paging File | 74,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 683,54 Gb Total Space | 613,16 Gb Free Space | 89,70% Space Free | Partition Type: NTFS
 
Computer Name: PHONIEX2012-PC | User Name: Ali | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Ali\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe ()
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Ali\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Ali\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
MOD - C:\Users\Ali\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll ()
MOD - C:\Users\Ali\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll ()
MOD - C:\Users\Ali\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()
MOD - C:\Users\doniaali\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SolutoLauncherService) -- C:\Program Files\Soluto\SolutoLauncherService.exe (Soluto)
SRV - (SolutoService) -- C:\Program Files\Soluto\SolutoService.exe (Soluto)
SRV - (SolutoRemoteService) -- C:\Program Files\Soluto\SolutoRemoteService.exe (Soluto)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe (Symantec Corporation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (cpuz136) -- C:\Windows\TEMP\cpuz136\cpuz136_x32.sys File not found
DRV - (catchme) -- C:\Users\Ali\AppData\Local\Temp\catchme.sys File not found
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130412.001\BHDrvx86.sys (Symantec Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (Soluto) -- C:\Windows\System32\drivers\Soluto.sys (Soluto LTD.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130503.004\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130503.004\NAVENG.SYS (Symantec Corporation)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130502.001\IDSvix86.sys (Symantec Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (SymNetS) -- C:\Windows\System32\drivers\NIS\1207020.003\symnets.sys (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\NIS\1207020.003\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\NIS\1207020.003\srtspx.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\NIS\1207020.003\symefa.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\NIS\1207020.003\symds.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\NIS\1207020.003\ironx86.sys (Symantec Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Mysearchdial Search
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B: "URL" = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=tugumsd&cd=2XzuyEtN2Y1L1QzutDtD0F0FtD0AtC0Bzy0EtB0C0CtB0A0BtN0D0Tzu0CyEzzyBtN1L2XzutBtFtBtFtCtFyCtCzztN1L1Czu2Z2Y1N2Y1H1B1Q&cr=144183255&ir=
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Mysearchdial Search
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{00D97DCD-0F1B-9E5E-12E7-5CEFB03B92DA}: "URL" = hxxp://mixidj.claro-search.com/?q={searchTerms}&affID=121139&babsrc=SP_ss&mntrId=acfdc2ab00000000000000ff0a1b9e2c
IE - HKCU\..\SearchScopes\{03E20AEB-A087-4051-B257-4DDED14A788A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=9AECE661-299F-4582-8DBD-8B0DEC9FD6BB&apn_sauid=195B3A27-E04C-4222-9ACE-CB7141A92C5A
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Mysearchdial"
FF - prefs.js..browser.search.selectedEngine: "Mysearchdial"
FF - prefs.js..extensions.enabledAddons: {004de2fd-9e38-47b3-817e-ae06b15c09e7}:1.0
FF - prefs.js..extensions.enabledAddons: %7B004de2fd-9e38-47b3-817e-ae06b15c09e7%7D:1.1
FF - prefs.js..extensions.enabledAddons: %7B1FD91A9C-410C-4090-BBCC-55D3450EF433%7D:5.0.0.6767
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ali\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ali\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2012.10.17 23:03:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_13_2 [2013.05.04 12:02:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.01.10 20:49:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.11.09 17:22:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.11.09 17:22:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\51026cd8674e0@51026cd867519.com: C:\Users\doniaali\AppData\Roaming\Mozilla\Firefox\Profiles\kcuhzizm.default\extensions\51026cd8674e0@51026cd867519.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\rzfk93hww@ayifooa-zpcm.co.uk: C:\Users\doniaali\AppData\Roaming\Mozilla\Firefox\Profiles\kcuhzizm.default\extensions\rzfk93hww@ayifooa-zpcm.co.uk [2013.03.26 23:20:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\hbfx-aua@iyyiwsiyie.com: C:\Users\doniaali\AppData\Roaming\Mozilla\Firefox\Profiles\kcuhzizm.default\extensions\hbfx-aua@iyyiwsiyie.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files\Fiddler2\FiddlerHook [2013.04.13 12:44:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.20 14:14:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lrcsTube@hansanddeta.com: C:\Program Files\LyricsTube\FF\ [2013.05.01 14:05:55 | 000,000,000 | ---D | M]
 
[2013.05.01 14:07:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ali\AppData\Roaming\mozilla\Extensions
[2013.05.01 14:08:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ali\AppData\Roaming\mozilla\Firefox\Profiles\bsfcdbf6.default\extensions
[2013.05.01 14:08:17 | 000,000,000 | ---D | M] ("QuickShare Widget") -- C:\Users\Ali\AppData\Roaming\mozilla\Firefox\Profiles\bsfcdbf6.default\extensions\{004de2fd-9e38-47b3-817e-ae06b15c09e7}
[2013.05.01 14:07:58 | 000,000,000 | ---D | M] (MySearchDial) -- C:\Users\Ali\AppData\Roaming\mozilla\Firefox\Profiles\bsfcdbf6.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
[2013.05.01 14:08:00 | 000,000,000 | ---D | M] (mysearchdial.com) -- C:\Users\Ali\AppData\Roaming\mozilla\Firefox\Profiles\bsfcdbf6.default\extensions\ffxtlbr@mysearchdial.com
[2013.05.01 14:08:27 | 000,002,389 | ---- | M] () -- C:\Users\Ali\AppData\Roaming\mozilla\firefox\profiles\bsfcdbf6.default\searchplugins\Mysearchdial.xml
[2013.05.03 17:53:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\SEARCH RESULTS TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2013.04.20 14:14:59 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.03.07 17:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.07 17:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.03.07 17:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.07 17:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.07 17:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.07 17:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ali\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ali\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ali\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: registryAccess (Enabled) = C:\Users\Ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.15.37265_1\background/registryAccess.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files\Sony\Media Go\npmediago.dll
CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: LyricsTube = C:\Users\Ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\bebdghdpchfhbbmfeddkijldlpnkbjkk\1.111_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Lyrics Monkey = C:\Users\Ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\khialnikbocfgkohdegnebhmmaifoglp\1.111_1\
CHR - Extension: Skype Click to Call = C:\Users\Ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_1\
CHR - Extension: MySearchDial = C:\Users\Ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\8.0.1_0\
 
O1 HOSTS File: ([2013.04.30 17:31:35 | 000,010,555 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 198.167.139.193 google.com
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 317 more lines...
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Lyrics Monkey) - {18CAEA74-C7E8-4D37-967F-1D01351BA398} - C:\Program Files\LyricsMonkey\lyricsmonkey.dll (MNDi Software)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (LyricsTube) - {B399EDE8-1525-458C-8DD9-31EADF632D06} - C:\Program Files\LyricsTube\lrcstube.dll (Hansen & Destar Apps)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKCU..\Run: [Driver Pro] C:\Program Files\Driver Pro\DPLauncher.exe (PC Utilities Pro)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Telerik)
O9 - Extra 'Tools' menuitem : Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Telerik)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.202 193.189.244.194
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A1B9E2C-DECA-458F-8A2B-CBC31C89A90C}: DhcpNameServer = 44.0.0.253 44.0.0.3 44.0.0.4 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1957BA05-6631-4A34-A85E-80CEBD0EE152}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F6F9F58-CECB-4610-995C-BAFAEE0A16FC}: DhcpNameServer = 192.168.1.1 193.189.244.202 193.189.244.194
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.04 11:30:48 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Local\temp
[2013.05.04 11:28:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.04 11:17:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.04 11:17:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.04 11:17:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.04 11:13:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.04 11:13:15 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.04 10:57:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ali\Desktop\OTL.exe
[2013.05.03 17:49:17 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Roaming\Malwarebytes
[2013.05.02 17:23:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.02 17:23:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.02 17:23:18 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.05.02 17:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.05.02 11:49:37 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.05.01 19:35:49 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Roaming\Avira
[2013.05.01 19:29:34 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Roaming\Apple Computer
[2013.05.01 19:29:34 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Local\Apple Computer
[2013.05.01 19:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.05.01 19:21:28 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.05.01 19:21:27 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.05.01 19:21:27 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.05.01 19:21:27 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.05.01 19:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.05.01 19:21:26 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.05.01 18:58:20 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Roaming\Download Manager
[2013.05.01 18:58:09 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013.05.01 18:49:33 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Local\Macromedia
[2013.05.01 14:32:31 | 000,000,000 | ---D | C] -- C:\Users\Ali\Documents\Simply Super Software
[2013.05.01 14:32:31 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Roaming\Simply Super Software
[2013.05.01 14:32:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2013.05.01 14:32:24 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2013.05.01 14:32:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2013.05.01 14:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Pro
[2013.05.01 14:07:43 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Roaming\Driver Pro
[2013.05.01 14:07:42 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Pro
[2013.05.01 14:07:04 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Roaming\mysearchdial
[2013.05.01 14:07:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mysearchdial
[2013.05.01 14:06:44 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Roaming\Mozilla
[2013.05.01 14:06:44 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Local\Mozilla
[2013.05.01 14:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\mixiedj
[2013.05.01 14:05:54 | 000,000,000 | ---D | C] -- C:\Program Files\LyricsTube
[2013.05.01 14:04:15 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Local\ElevatedDiagnostics
[2013.05.01 13:41:04 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.05.01 13:39:06 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Roaming\Adobe
[2013.05.01 13:38:55 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Roaming\Google
[2013.05.01 13:38:42 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Roaming\Yahoo!
[2013.05.01 13:38:08 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Local\Google
[2013.05.01 13:37:30 | 000,000,000 | R--D | C] -- C:\Users\Ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.05.01 13:37:30 | 000,000,000 | R--D | C] -- C:\Users\Ali\Searches
[2013.05.01 13:37:30 | 000,000,000 | R--D | C] -- C:\Users\Ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.05.01 13:37:30 | 000,000,000 | -H-D | C] -- C:\Users\Ali\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013.05.01 13:37:24 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Roaming\Identities
[2013.05.01 13:37:23 | 000,000,000 | R--D | C] -- C:\Users\Ali\Contacts
[2013.05.01 13:37:09 | 000,000,000 | --SD | C] -- C:\Users\Ali\AppData\Roaming\Microsoft
[2013.05.01 13:37:09 | 000,000,000 | R--D | C] -- C:\Users\Ali\Videos
[2013.05.01 13:37:09 | 000,000,000 | R--D | C] -- C:\Users\Ali\Saved Games
[2013.05.01 13:37:09 | 000,000,000 | R--D | C] -- C:\Users\Ali\Pictures
[2013.05.01 13:37:09 | 000,000,000 | R--D | C] -- C:\Users\Ali\Music
[2013.05.01 13:37:09 | 000,000,000 | R--D | C] -- C:\Users\Ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.05.01 13:37:09 | 000,000,000 | R--D | C] -- C:\Users\Ali\Links
[2013.05.01 13:37:09 | 000,000,000 | R--D | C] -- C:\Users\Ali\Favorites
[2013.05.01 13:37:09 | 000,000,000 | R--D | C] -- C:\Users\Ali\Downloads
[2013.05.01 13:37:09 | 000,000,000 | R--D | C] -- C:\Users\Ali\Documents
[2013.05.01 13:37:09 | 000,000,000 | R--D | C] -- C:\Users\Ali\Desktop
[2013.05.01 13:37:09 | 000,000,000 | R--D | C] -- C:\Users\Ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.05.01 13:37:09 | 000,000,000 | -HSD | C] -- C:\Users\Ali\AppData\Local\Temporary Internet Files
[2013.05.01 13:37:09 | 000,000,000 | -HSD | C] -- C:\Users\Ali\Templates
[2013.05.01 13:37:09 | 000,000,000 | -HSD | C] -- C:\Users\Ali\Start Menu
[2013.05.01 13:37:09 | 000,000,000 | -HSD | C] -- C:\Users\Ali\SendTo
[2013.05.01 13:37:09 | 000,000,000 | -HSD | C] -- C:\Users\Ali\Recent
[2013.05.01 13:37:09 | 000,000,000 | -HSD | C] -- C:\Users\Ali\PrintHood
[2013.05.01 13:37:09 | 000,000,000 | -HSD | C] -- C:\Users\Ali\NetHood
[2013.05.01 13:37:09 | 000,000,000 | -HSD | C] -- C:\Users\Ali\Documents\My Videos
[2013.05.01 13:37:09 | 000,000,000 | -HSD | C] -- C:\Users\Ali\Documents\My Pictures
[2013.05.01 13:37:09 | 000,000,000 | -HSD | C] -- C:\Users\Ali\Documents\My Music
[2013.05.01 13:37:09 | 000,000,000 | -HSD | C] -- C:\Users\Ali\My Documents
[2013.05.01 13:37:09 | 000,000,000 | -HSD | C] -- C:\Users\Ali\Local Settings
[2013.05.01 13:37:09 | 000,000,000 | -HSD | C] -- C:\Users\Ali\AppData\Local\History
[2013.05.01 13:37:09 | 000,000,000 | -HSD | C] -- C:\Users\Ali\Cookies
[2013.05.01 13:37:09 | 000,000,000 | -HSD | C] -- C:\Users\Ali\Application Data
[2013.05.01 13:37:09 | 000,000,000 | -HSD | C] -- C:\Users\Ali\AppData\Local\Application Data
[2013.05.01 13:37:09 | 000,000,000 | -H-D | C] -- C:\Users\Ali\AppData
[2013.05.01 13:37:09 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Local\Microsoft Help
[2013.05.01 13:37:09 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Local\Microsoft
[2013.05.01 13:37:09 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Roaming\Macromedia
[2013.04.30 15:43:20 | 000,000,000 | ---D | C] -- C:\Program Files\MinecraftAlpha
[2013.04.28 11:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\LyricsMonkey
[2013.04.21 11:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Wincert
[2013.04.21 11:51:50 | 000,000,000 | ---D | C] -- C:\Program Files\Search Results Toolbar
[2013.04.21 11:51:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Datamngr
[2013.04.13 12:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\Fiddler2
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.04 12:08:09 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.04 12:08:09 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.04 12:03:25 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.04 12:03:25 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\schedule!3036567561.job
[2013.05.04 12:03:24 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\spmonitor.job
[2013.05.04 12:03:24 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC.job
[2013.05.04 12:00:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.04 12:00:20 | 2415,316,992 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.04 11:53:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.04 11:48:02 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1006UA.job
[2013.05.04 11:35:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.04 11:30:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1003UA.job
[2013.05.04 11:22:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1003UA.job
[2013.05.04 10:57:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ali\Desktop\OTL.exe
[2013.05.03 17:50:37 | 000,628,743 | ---- | M] () -- C:\Users\Ali\Desktop\adwcleaner.exe
[2013.05.03 13:48:00 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1006Core.job
[2013.05.03 13:22:01 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1003Core.job
[2013.05.02 17:40:18 | 000,735,702 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2013.05.02 17:40:18 | 000,698,008 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.02 17:40:18 | 000,654,880 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.02 17:40:18 | 000,152,474 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2013.05.02 17:40:18 | 000,148,632 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.02 17:40:18 | 000,121,752 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.02 17:33:48 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1003Core.job
[2013.05.02 17:23:21 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.02 11:49:24 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.05.01 20:54:23 | 2518,579,200 | ---- | M] () -- C:\Users\Ali\Documents\9200.16384.WIN8_RTM.120725-1247_X86FRE_ENTERPRISE_EVAL_DE-DE-HRM_CENA_X86FREE_DE-DE_DV5.ISO
[2013.05.01 14:07:46 | 000,000,984 | ---- | M] () -- C:\Users\Ali\Desktop\Driver Pro.lnk
[2013.05.01 14:07:08 | 000,000,368 | ---- | M] () -- C:\Users\Public\Desktop\MySearchDial.url
[2013.05.01 14:07:04 | 000,572,439 | ---- | M] () -- C:\Users\Ali\AppData\Local\mysearchdial.crx
[2013.05.01 13:41:11 | 000,002,316 | ---- | M] () -- C:\Users\Ali\Desktop\Google Chrome.lnk
[2013.05.01 13:41:04 | 000,002,318 | ---- | M] () -- C:\Users\Ali\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013.05.01 13:38:39 | 000,001,407 | ---- | M] () -- C:\Users\Ali\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013.05.01 12:06:29 | 000,000,596 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog
[2013.04.30 17:31:35 | 000,010,555 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.04.28 17:38:04 | 000,002,408 | ---- | M] () -- C:\{91CC7DA9-1967-46BE-AE98-27D5CCAF8CCA}
[2013.04.20 17:09:15 | 000,002,304 | ---- | M] () -- C:\{8037E2D3-8763-4391-8F4E-5A4B5674A00E}
[2013.04.11 17:12:11 | 000,401,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.04 14:57:45 | 000,002,960 | ---- | M] () -- C:\{178BCE50-8EF4-4611-93D1-37D2578FBC49}
[2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.04 11:17:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.04 11:17:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.04 11:17:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.04 11:17:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.04 11:17:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.03 17:50:35 | 000,628,743 | ---- | C] () -- C:\Users\Ali\Desktop\adwcleaner.exe
[2013.05.02 17:23:21 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.01 18:58:23 | 2518,579,200 | ---- | C] () -- C:\Users\Ali\Documents\9200.16384.WIN8_RTM.120725-1247_X86FRE_ENTERPRISE_EVAL_DE-DE-HRM_CENA_X86FREE_DE-DE_DV5.ISO
[2013.05.01 14:07:46 | 000,000,984 | ---- | C] () -- C:\Users\Ali\Desktop\Driver Pro.lnk
[2013.05.01 14:07:42 | 000,572,439 | ---- | C] () -- C:\Users\Ali\AppData\Local\mysearchdial.crx
[2013.05.01 14:07:08 | 000,000,368 | ---- | C] () -- C:\Users\Public\Desktop\MySearchDial.url
[2013.05.01 13:41:04 | 000,002,318 | ---- | C] () -- C:\Users\Ali\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013.05.01 13:41:04 | 000,002,316 | ---- | C] () -- C:\Users\Ali\Desktop\Google Chrome.lnk
[2013.05.01 13:38:39 | 000,001,407 | ---- | C] () -- C:\Users\Ali\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013.05.01 13:38:11 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1006UA.job
[2013.05.01 13:38:09 | 000,001,060 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1006Core.job
[2013.05.01 13:37:31 | 000,001,413 | ---- | C] () -- C:\Users\Ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.05.01 13:37:09 | 000,000,290 | ---- | C] () -- C:\Users\Ali\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013.05.01 13:37:09 | 000,000,272 | ---- | C] () -- C:\Users\Ali\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013.05.01 13:11:32 | 000,001,132 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1003UA.job
[2013.05.01 13:11:31 | 000,001,080 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1003Core.job
[2013.05.01 12:06:22 | 000,000,596 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog
[2013.04.28 17:38:02 | 000,002,408 | ---- | C] () -- C:\{91CC7DA9-1967-46BE-AE98-27D5CCAF8CCA}
[2013.04.20 17:09:12 | 000,002,304 | ---- | C] () -- C:\{8037E2D3-8763-4391-8F4E-5A4B5674A00E}
[2013.04.13 12:44:51 | 000,001,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fiddler2.lnk
[2013.04.04 14:57:45 | 000,002,960 | ---- | C] () -- C:\{178BCE50-8EF4-4611-93D1-37D2578FBC49}
[2013.03.23 14:29:56 | 000,000,098 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.10.01 21:12:18 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat.temp
[2012.08.13 14:24:51 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2012.01.10 21:08:56 | 000,698,008 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2012.01.10 21:08:56 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2012.01.10 21:08:56 | 000,148,632 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2012.01.10 21:08:56 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2012.01.10 20:35:34 | 000,238,935 | ---- | C] () -- C:\Windows\hpwins26.dat
[2012.01.10 20:15:47 | 000,735,702 | ---- | C] () -- C:\Windows\System32\perfh013.dat
[2012.01.10 20:15:47 | 000,341,322 | ---- | C] () -- C:\Windows\System32\perfi013.dat
[2012.01.10 20:15:47 | 000,152,474 | ---- | C] () -- C:\Windows\System32\perfc013.dat
[2012.01.10 20:15:47 | 000,043,068 | ---- | C] () -- C:\Windows\System32\perfd013.dat
[2012.01.10 19:35:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.01.10 19:35:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.05.01 14:07:53 | 000,000,000 | ---D | M] -- C:\Users\Ali\AppData\Roaming\Driver Pro
[2013.05.01 14:07:53 | 000,000,000 | ---D | M] -- C:\Users\Ali\AppData\Roaming\mysearchdial
[2013.05.01 14:32:31 | 000,000,000 | ---D | M] -- C:\Users\Ali\AppData\Roaming\Simply Super Software
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >
         

--- --- ---

OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 04.05.2013 12:08:07 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ali\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 54,09% Memory free
6,00 Gb Paging File | 4,48 Gb Available in Paging File | 74,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 683,54 Gb Total Space | 613,16 Gb Free Space | 89,70% Space Free | Partition Type: NTFS
 
Computer Name: PHONIEX2012-PC | User Name: Ali | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Ali\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe ()
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Ali\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Ali\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
MOD - C:\Users\Ali\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll ()
MOD - C:\Users\Ali\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll ()
MOD - C:\Users\Ali\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()
MOD - C:\Users\doniaali\AppData\Roaming\MegaCloud\MegaCloudShellExt.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SolutoLauncherService) -- C:\Program Files\Soluto\SolutoLauncherService.exe (Soluto)
SRV - (SolutoService) -- C:\Program Files\Soluto\SolutoService.exe (Soluto)
SRV - (SolutoRemoteService) -- C:\Program Files\Soluto\SolutoRemoteService.exe (Soluto)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe (Symantec Corporation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (cpuz136) -- C:\Windows\TEMP\cpuz136\cpuz136_x32.sys File not found
DRV - (catchme) -- C:\Users\Ali\AppData\Local\Temp\catchme.sys File not found
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130412.001\BHDrvx86.sys (Symantec Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (Soluto) -- C:\Windows\System32\drivers\Soluto.sys (Soluto LTD.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130503.004\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130503.004\NAVENG.SYS (Symantec Corporation)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130502.001\IDSvix86.sys (Symantec Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (SymNetS) -- C:\Windows\System32\drivers\NIS\1207020.003\symnets.sys (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\NIS\1207020.003\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\NIS\1207020.003\srtspx.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\NIS\1207020.003\symefa.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\NIS\1207020.003\symds.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\NIS\1207020.003\ironx86.sys (Symantec Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Mysearchdial Search
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B: "URL" = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=tugumsd&cd=2XzuyEtN2Y1L1QzutDtD0F0FtD0AtC0Bzy0EtB0C0CtB0A0BtN0D0Tzu0CyEzzyBtN1L2XzutBtFtBtFtCtFyCtCzztN1L1Czu2Z2Y1N2Y1H1B1Q&cr=144183255&ir=
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Mysearchdial Search
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{00D97DCD-0F1B-9E5E-12E7-5CEFB03B92DA}: "URL" = hxxp://mixidj.claro-search.com/?q={searchTerms}&affID=121139&babsrc=SP_ss&mntrId=acfdc2ab00000000000000ff0a1b9e2c
IE - HKCU\..\SearchScopes\{03E20AEB-A087-4051-B257-4DDED14A788A}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=9AECE661-299F-4582-8DBD-8B0DEC9FD6BB&apn_sauid=195B3A27-E04C-4222-9ACE-CB7141A92C5A
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Mysearchdial"
FF - prefs.js..browser.search.selectedEngine: "Mysearchdial"
FF - prefs.js..extensions.enabledAddons: {004de2fd-9e38-47b3-817e-ae06b15c09e7}:1.0
FF - prefs.js..extensions.enabledAddons: %7B004de2fd-9e38-47b3-817e-ae06b15c09e7%7D:1.1
FF - prefs.js..extensions.enabledAddons: %7B1FD91A9C-410C-4090-BBCC-55D3450EF433%7D:5.0.0.6767
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ali\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ali\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2012.10.17 23:03:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_13_2 [2013.05.04 12:02:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.01.10 20:49:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.11.09 17:22:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.11.09 17:22:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\51026cd8674e0@51026cd867519.com: C:\Users\doniaali\AppData\Roaming\Mozilla\Firefox\Profiles\kcuhzizm.default\extensions\51026cd8674e0@51026cd867519.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\rzfk93hww@ayifooa-zpcm.co.uk: C:\Users\doniaali\AppData\Roaming\Mozilla\Firefox\Profiles\kcuhzizm.default\extensions\rzfk93hww@ayifooa-zpcm.co.uk [2013.03.26 23:20:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\hbfx-aua@iyyiwsiyie.com: C:\Users\doniaali\AppData\Roaming\Mozilla\Firefox\Profiles\kcuhzizm.default\extensions\hbfx-aua@iyyiwsiyie.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: C:\Program Files\Fiddler2\FiddlerHook [2013.04.13 12:44:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.20 14:14:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lrcsTube@hansanddeta.com: C:\Program Files\LyricsTube\FF\ [2013.05.01 14:05:55 | 000,000,000 | ---D | M]
 
[2013.05.01 14:07:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ali\AppData\Roaming\mozilla\Extensions
[2013.05.01 14:08:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ali\AppData\Roaming\mozilla\Firefox\Profiles\bsfcdbf6.default\extensions
[2013.05.01 14:08:17 | 000,000,000 | ---D | M] ("QuickShare Widget") -- C:\Users\Ali\AppData\Roaming\mozilla\Firefox\Profiles\bsfcdbf6.default\extensions\{004de2fd-9e38-47b3-817e-ae06b15c09e7}
[2013.05.01 14:07:58 | 000,000,000 | ---D | M] (MySearchDial) -- C:\Users\Ali\AppData\Roaming\mozilla\Firefox\Profiles\bsfcdbf6.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
[2013.05.01 14:08:00 | 000,000,000 | ---D | M] (mysearchdial.com) -- C:\Users\Ali\AppData\Roaming\mozilla\Firefox\Profiles\bsfcdbf6.default\extensions\ffxtlbr@mysearchdial.com
[2013.05.01 14:08:27 | 000,002,389 | ---- | M] () -- C:\Users\Ali\AppData\Roaming\mozilla\firefox\profiles\bsfcdbf6.default\searchplugins\Mysearchdial.xml
[2013.05.03 17:53:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\SEARCH RESULTS TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2013.04.20 14:14:59 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.03.07 17:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.07 17:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.03.07 17:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.07 17:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.07 17:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.07 17:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ali\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ali\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ali\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: registryAccess (Enabled) = C:\Users\Ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.15.37265_1\background/registryAccess.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files\Sony\Media Go\npmediago.dll
CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: LyricsTube = C:\Users\Ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\bebdghdpchfhbbmfeddkijldlpnkbjkk\1.111_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Lyrics Monkey = C:\Users\Ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\khialnikbocfgkohdegnebhmmaifoglp\1.111_1\
CHR - Extension: Skype Click to Call = C:\Users\Ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.6.0.11664_1\
CHR - Extension: MySearchDial = C:\Users\Ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\8.0.1_0\
 
O1 HOSTS File: ([2013.04.30 17:31:35 | 000,010,555 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 198.167.139.193 google.com
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 198.167.139.193 Google
O1 - Hosts: 317 more lines...
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Lyrics Monkey) - {18CAEA74-C7E8-4D37-967F-1D01351BA398} - C:\Program Files\LyricsMonkey\lyricsmonkey.dll (MNDi Software)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (LyricsTube) - {B399EDE8-1525-458C-8DD9-31EADF632D06} - C:\Program Files\LyricsTube\lrcstube.dll (Hansen & Destar Apps)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKCU..\Run: [Driver Pro] C:\Program Files\Driver Pro\DPLauncher.exe (PC Utilities Pro)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Telerik)
O9 - Extra 'Tools' menuitem : Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Telerik)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.202 193.189.244.194
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A1B9E2C-DECA-458F-8A2B-CBC31C89A90C}: DhcpNameServer = 44.0.0.253 44.0.0.3 44.0.0.4 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1957BA05-6631-4A34-A85E-80CEBD0EE152}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F6F9F58-CECB-4610-995C-BAFAEE0A16FC}: DhcpNameServer = 192.168.1.1 193.189.244.202 193.189.244.194
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.04 11:30:48 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Local\temp
[2013.05.04 11:28:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.04 11:17:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.04 11:17:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.04 11:17:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.04 11:13:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.04 11:13:15 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.04 10:57:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ali\Desktop\OTL.exe
[2013.05.03 17:49:17 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Roaming\Malwarebytes
[2013.05.02 17:23:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.02 17:23:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.02 17:23:18 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.05.02 17:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.05.02 11:49:37 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.05.01 19:35:49 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Roaming\Avira
[2013.05.01 19:29:34 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Roaming\Apple Computer
[2013.05.01 19:29:34 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Local\Apple Computer
[2013.05.01 19:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.05.01 19:21:28 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.05.01 19:21:27 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.05.01 19:21:27 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.05.01 19:21:27 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.05.01 19:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.05.01 19:21:26 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.05.01 18:58:20 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Roaming\Download Manager
[2013.05.01 18:58:09 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013.05.01 18:49:33 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Local\Macromedia
[2013.05.01 14:32:31 | 000,000,000 | ---D | C] -- C:\Users\Ali\Documents\Simply Super Software
[2013.05.01 14:32:31 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Roaming\Simply Super Software
[2013.05.01 14:32:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2013.05.01 14:32:24 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2013.05.01 14:32:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2013.05.01 14:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Pro
[2013.05.01 14:07:43 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Roaming\Driver Pro
[2013.05.01 14:07:42 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Pro
[2013.05.01 14:07:04 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Roaming\mysearchdial
[2013.05.01 14:07:02 | 000,000,000 | ---D | C] -- C:\Program Files\Mysearchdial
[2013.05.01 14:06:44 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Roaming\Mozilla
[2013.05.01 14:06:44 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Local\Mozilla
[2013.05.01 14:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\mixiedj
[2013.05.01 14:05:54 | 000,000,000 | ---D | C] -- C:\Program Files\LyricsTube
[2013.05.01 14:04:15 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Local\ElevatedDiagnostics
[2013.05.01 13:41:04 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.05.01 13:39:06 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Roaming\Adobe
[2013.05.01 13:38:55 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Roaming\Google
[2013.05.01 13:38:42 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Roaming\Yahoo!
[2013.05.01 13:38:08 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Local\Google
[2013.05.01 13:37:30 | 000,000,000 | R--D | C] -- C:\Users\Ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.05.01 13:37:30 | 000,000,000 | R--D | C] -- C:\Users\Ali\Searches
[2013.05.01 13:37:30 | 000,000,000 | R--D | C] -- C:\Users\Ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.05.01 13:37:30 | 000,000,000 | -H-D | C] -- C:\Users\Ali\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013.05.01 13:37:24 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Roaming\Identities
[2013.05.01 13:37:23 | 000,000,000 | R--D | C] -- C:\Users\Ali\Contacts
[2013.05.01 13:37:09 | 000,000,000 | --SD | C] -- C:\Users\Ali\AppData\Roaming\Microsoft
[2013.05.01 13:37:09 | 000,000,000 | R--D | C] -- C:\Users\Ali\Videos
[2013.05.01 13:37:09 | 000,000,000 | R--D | C] -- C:\Users\Ali\Saved Games
[2013.05.01 13:37:09 | 000,000,000 | R--D | C] -- C:\Users\Ali\Pictures
[2013.05.01 13:37:09 | 000,000,000 | R--D | C] -- C:\Users\Ali\Music
[2013.05.01 13:37:09 | 000,000,000 | R--D | C] -- C:\Users\Ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.05.01 13:37:09 | 000,000,000 | R--D | C] -- C:\Users\Ali\Links
[2013.05.01 13:37:09 | 000,000,000 | R--D | C] -- C:\Users\Ali\Favorites
[2013.05.01 13:37:09 | 000,000,000 | R--D | C] -- C:\Users\Ali\Downloads
[2013.05.01 13:37:09 | 000,000,000 | R--D | C] -- C:\Users\Ali\Documents
[2013.05.01 13:37:09 | 000,000,000 | R--D | C] -- C:\Users\Ali\Desktop
[2013.05.01 13:37:09 | 000,000,000 | R--D | C] -- C:\Users\Ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.05.01 13:37:09 | 000,000,000 | -HSD | C] -- C:\Users\Ali\AppData\Local\Temporary Internet Files
[2013.05.01 13:37:09 | 000,000,000 | -HSD | C] -- C:\Users\Ali\Templates
[2013.05.01 13:37:09 | 000,000,000 | -HSD | C] -- C:\Users\Ali\Start Menu
[2013.05.01 13:37:09 | 000,000,000 | -HSD | C] -- C:\Users\Ali\SendTo
[2013.05.01 13:37:09 | 000,000,000 | -HSD | C] -- C:\Users\Ali\Recent
[2013.05.01 13:37:09 | 000,000,000 | -HSD | C] -- C:\Users\Ali\PrintHood
[2013.05.01 13:37:09 | 000,000,000 | -HSD | C] -- C:\Users\Ali\NetHood
[2013.05.01 13:37:09 | 000,000,000 | -HSD | C] -- C:\Users\Ali\Documents\My Videos
[2013.05.01 13:37:09 | 000,000,000 | -HSD | C] -- C:\Users\Ali\Documents\My Pictures
[2013.05.01 13:37:09 | 000,000,000 | -HSD | C] -- C:\Users\Ali\Documents\My Music
[2013.05.01 13:37:09 | 000,000,000 | -HSD | C] -- C:\Users\Ali\My Documents
[2013.05.01 13:37:09 | 000,000,000 | -HSD | C] -- C:\Users\Ali\Local Settings
[2013.05.01 13:37:09 | 000,000,000 | -HSD | C] -- C:\Users\Ali\AppData\Local\History
[2013.05.01 13:37:09 | 000,000,000 | -HSD | C] -- C:\Users\Ali\Cookies
[2013.05.01 13:37:09 | 000,000,000 | -HSD | C] -- C:\Users\Ali\Application Data
[2013.05.01 13:37:09 | 000,000,000 | -HSD | C] -- C:\Users\Ali\AppData\Local\Application Data
[2013.05.01 13:37:09 | 000,000,000 | -H-D | C] -- C:\Users\Ali\AppData
[2013.05.01 13:37:09 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Local\Microsoft Help
[2013.05.01 13:37:09 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Local\Microsoft
[2013.05.01 13:37:09 | 000,000,000 | ---D | C] -- C:\Users\Ali\AppData\Roaming\Macromedia
[2013.04.30 15:43:20 | 000,000,000 | ---D | C] -- C:\Program Files\MinecraftAlpha
[2013.04.28 11:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\LyricsMonkey
[2013.04.21 11:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Wincert
[2013.04.21 11:51:50 | 000,000,000 | ---D | C] -- C:\Program Files\Search Results Toolbar
[2013.04.21 11:51:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Datamngr
[2013.04.13 12:44:50 | 000,000,000 | ---D | C] -- C:\Program Files\Fiddler2
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.04 12:08:09 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.04 12:08:09 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.04 12:03:25 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.04 12:03:25 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\schedule!3036567561.job
[2013.05.04 12:03:24 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\spmonitor.job
[2013.05.04 12:03:24 | 000,000,252 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC.job
[2013.05.04 12:00:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.04 12:00:20 | 2415,316,992 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.04 11:53:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.04 11:48:02 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1006UA.job
[2013.05.04 11:35:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.04 11:30:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1003UA.job
[2013.05.04 11:22:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1003UA.job
[2013.05.04 10:57:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ali\Desktop\OTL.exe
[2013.05.03 17:50:37 | 000,628,743 | ---- | M] () -- C:\Users\Ali\Desktop\adwcleaner.exe
[2013.05.03 13:48:00 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1006Core.job
[2013.05.03 13:22:01 | 000,001,080 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1003Core.job
[2013.05.02 17:40:18 | 000,735,702 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2013.05.02 17:40:18 | 000,698,008 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.02 17:40:18 | 000,654,880 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.02 17:40:18 | 000,152,474 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2013.05.02 17:40:18 | 000,148,632 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.02 17:40:18 | 000,121,752 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.02 17:33:48 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1003Core.job
[2013.05.02 17:23:21 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.02 11:49:24 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.05.01 20:54:23 | 2518,579,200 | ---- | M] () -- C:\Users\Ali\Documents\9200.16384.WIN8_RTM.120725-1247_X86FRE_ENTERPRISE_EVAL_DE-DE-HRM_CENA_X86FREE_DE-DE_DV5.ISO
[2013.05.01 14:07:46 | 000,000,984 | ---- | M] () -- C:\Users\Ali\Desktop\Driver Pro.lnk
[2013.05.01 14:07:08 | 000,000,368 | ---- | M] () -- C:\Users\Public\Desktop\MySearchDial.url
[2013.05.01 14:07:04 | 000,572,439 | ---- | M] () -- C:\Users\Ali\AppData\Local\mysearchdial.crx
[2013.05.01 13:41:11 | 000,002,316 | ---- | M] () -- C:\Users\Ali\Desktop\Google Chrome.lnk
[2013.05.01 13:41:04 | 000,002,318 | ---- | M] () -- C:\Users\Ali\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013.05.01 13:38:39 | 000,001,407 | ---- | M] () -- C:\Users\Ali\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013.05.01 12:06:29 | 000,000,596 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog
[2013.04.30 17:31:35 | 000,010,555 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.04.28 17:38:04 | 000,002,408 | ---- | M] () -- C:\{91CC7DA9-1967-46BE-AE98-27D5CCAF8CCA}
[2013.04.20 17:09:15 | 000,002,304 | ---- | M] () -- C:\{8037E2D3-8763-4391-8F4E-5A4B5674A00E}
[2013.04.11 17:12:11 | 000,401,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.04 14:57:45 | 000,002,960 | ---- | M] () -- C:\{178BCE50-8EF4-4611-93D1-37D2578FBC49}
[2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.04 11:17:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.04 11:17:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.04 11:17:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.04 11:17:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.04 11:17:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.03 17:50:35 | 000,628,743 | ---- | C] () -- C:\Users\Ali\Desktop\adwcleaner.exe
[2013.05.02 17:23:21 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.01 18:58:23 | 2518,579,200 | ---- | C] () -- C:\Users\Ali\Documents\9200.16384.WIN8_RTM.120725-1247_X86FRE_ENTERPRISE_EVAL_DE-DE-HRM_CENA_X86FREE_DE-DE_DV5.ISO
[2013.05.01 14:07:46 | 000,000,984 | ---- | C] () -- C:\Users\Ali\Desktop\Driver Pro.lnk
[2013.05.01 14:07:42 | 000,572,439 | ---- | C] () -- C:\Users\Ali\AppData\Local\mysearchdial.crx
[2013.05.01 14:07:08 | 000,000,368 | ---- | C] () -- C:\Users\Public\Desktop\MySearchDial.url
[2013.05.01 13:41:04 | 000,002,318 | ---- | C] () -- C:\Users\Ali\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013.05.01 13:41:04 | 000,002,316 | ---- | C] () -- C:\Users\Ali\Desktop\Google Chrome.lnk
[2013.05.01 13:38:39 | 000,001,407 | ---- | C] () -- C:\Users\Ali\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013.05.01 13:38:11 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1006UA.job
[2013.05.01 13:38:09 | 000,001,060 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1006Core.job
[2013.05.01 13:37:31 | 000,001,413 | ---- | C] () -- C:\Users\Ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.05.01 13:37:09 | 000,000,290 | ---- | C] () -- C:\Users\Ali\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013.05.01 13:37:09 | 000,000,272 | ---- | C] () -- C:\Users\Ali\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013.05.01 13:11:32 | 000,001,132 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1003UA.job
[2013.05.01 13:11:31 | 000,001,080 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1284104535-1330685443-564435093-1003Core.job
[2013.05.01 12:06:22 | 000,000,596 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog
[2013.04.28 17:38:02 | 000,002,408 | ---- | C] () -- C:\{91CC7DA9-1967-46BE-AE98-27D5CCAF8CCA}
[2013.04.20 17:09:12 | 000,002,304 | ---- | C] () -- C:\{8037E2D3-8763-4391-8F4E-5A4B5674A00E}
[2013.04.13 12:44:51 | 000,001,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fiddler2.lnk
[2013.04.04 14:57:45 | 000,002,960 | ---- | C] () -- C:\{178BCE50-8EF4-4611-93D1-37D2578FBC49}
[2013.03.23 14:29:56 | 000,000,098 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012.10.01 21:12:18 | 000,000,370 | ---- | C] () -- C:\Windows\hpwmdl26.dat.temp
[2012.08.13 14:24:51 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2012.01.10 21:08:56 | 000,698,008 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2012.01.10 21:08:56 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2012.01.10 21:08:56 | 000,148,632 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2012.01.10 21:08:56 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2012.01.10 20:35:34 | 000,238,935 | ---- | C] () -- C:\Windows\hpwins26.dat
[2012.01.10 20:15:47 | 000,735,702 | ---- | C] () -- C:\Windows\System32\perfh013.dat
[2012.01.10 20:15:47 | 000,341,322 | ---- | C] () -- C:\Windows\System32\perfi013.dat
[2012.01.10 20:15:47 | 000,152,474 | ---- | C] () -- C:\Windows\System32\perfc013.dat
[2012.01.10 20:15:47 | 000,043,068 | ---- | C] () -- C:\Windows\System32\perfd013.dat
[2012.01.10 19:35:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.01.10 19:35:05 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.05.01 14:07:53 | 000,000,000 | ---D | M] -- C:\Users\Ali\AppData\Roaming\Driver Pro
[2013.05.01 14:07:53 | 000,000,000 | ---D | M] -- C:\Users\Ali\AppData\Roaming\mysearchdial
[2013.05.01 14:32:31 | 000,000,000 | ---D | M] -- C:\Users\Ali\AppData\Roaming\Simply Super Software
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >
         

--- --- ---


Kann ich eine Windows 8 CD benutzen und dann alles Updaten trotz Trojaner

Bist du online?

Hi,

Zitat:

Kann ich eine Windows 8 CD benutzen und dann alles Updaten trotz Trojaner

Ja, du kannst jetzt problemlos die Festplatte formatieren und danach Windows 8 installieren. (Aber zuerst sauber formatieren und nicht nur drüberinstallieren.)

Kannst du mir dass mit der Festplatte alles in Einer Naricht erklären bitte, wäre Bert , danke im vorraus