Incredibar mystart

1

Incredibar mystart

offline
  • qwasac 
  • Novi MyCity građanin
  • Pridružio: 17 Maj 2011
  • Poruke: 10

Pozdrav Ekipi
Ovo cudo mi se pojavljuje na Chromi ,citao probao sa Adwcleaner ,nesto kao izbrisao ..Al ne lezi Vraze eto ga opet .Ako neko ima vremena i volje nek pregleda ovo sto sam scenirao pa valjda je to to i nisam nesto zaboravio... Samo kad imate vremena ...jer ne '' jede hleba ''
Pozz
OTL logfile created on: 11/7/2012 7:45:29 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ciki\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 26.98% Memory free
7.60 Gb Paging File | 4.23 Gb Available in Paging File | 55.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.99 Gb Total Space | 333.10 Gb Free Space | 73.53% Space Free | Partition Type: NTFS
Drive D: | 12.48 Gb Total Space | 2.09 Gb Free Space | 16.74% Space Free | Partition Type: NTFS
Drive E: | 99.02 Mb Total Space | 95.08 Mb Free Space | 96.02% Space Free | Partition Type: FAT32

Computer Name: CIKI-PC | User Name: ciki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/07 19:45:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ciki\Downloads\OTL.exe
PRC - [2012/10/28 18:45:18 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/10/24 08:04:59 | 001,239,064 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/10/13 08:28:34 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012/09/05 20:20:25 | 022,749,096 | ---- | M] (InternetCalls) -- C:\Program Files (x86)\InternetCalls.com\InternetCalls\internetcalls.exe
PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/03 07:16:26 | 000,975,288 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2012/04/04 14:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/11/04 17:15:50 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2009/12/23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009/10/01 05:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/10/01 05:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/06/07 13:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NlsSrv32.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/28 18:45:17 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/10/24 08:04:57 | 000,460,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.96\ppgooglenaclpluginchrome.dll
MOD - [2012/10/24 08:04:55 | 012,435,992 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.96\PepperFlash\pepflashplayer.dll
MOD - [2012/10/24 08:04:54 | 004,005,912 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.96\pdf.dll
MOD - [2012/10/24 08:03:38 | 000,578,072 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.96\libglesv2.dll
MOD - [2012/10/24 08:03:37 | 000,123,928 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.96\libegl.dll
MOD - [2012/10/24 08:03:25 | 000,156,712 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.96\avutil-51.dll
MOD - [2012/10/24 08:03:24 | 000,275,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.96\avformat-54.dll
MOD - [2012/10/24 08:03:23 | 002,168,360 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.96\avcodec-54.dll
MOD - [2012/10/13 08:28:33 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012/06/13 19:48:49 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\26e0457a9776a0e9f23e3986686d90a5\System.ServiceProcess.ni.dll
MOD - [2012/06/13 07:01:19 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll
MOD - [2012/06/13 07:01:04 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll
MOD - [2012/06/13 07:00:53 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll
MOD - [2012/05/10 08:53:06 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll
MOD - [2012/05/10 05:57:31 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll
MOD - [2012/05/10 05:57:23 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll
MOD - [2012/05/10 05:57:16 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll
MOD - [2012/05/10 05:57:14 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll
MOD - [2012/05/10 05:57:07 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
MOD - [2012/02/29 17:56:54 | 000,049,064 | ---- | M] () -- C:\Program Files (x86)\Common Files\DFX\Dlls\dfxShared32.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


========== Services (SafeList) ==========

SRV:64bit: - [2011/06/06 16:12:22 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2010/11/04 17:18:12 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2010/11/04 17:15:50 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/11/18 03:14:00 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/28 18:45:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/13 08:28:34 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/04 14:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/06/06 16:16:20 | 002,026,304 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/06/06 16:12:18 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/10/01 05:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/10/01 05:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/07 13:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NlsSrv32.exe -- (nlsX86cc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/19 09:02:08 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/09/19 09:02:06 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/06/20 08:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/04/04 14:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 11:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/01/11 07:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2012/01/10 21:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/10/14 03:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/09/13 14:55:48 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011/07/29 13:57:23 | 000,503,352 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/18 07:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/03 06:13:46 | 000,170,104 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010/07/29 12:31:26 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010/07/29 12:31:26 | 000,126,320 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2010/07/01 13:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010/01/27 03:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2009/12/30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/10/30 15:56:34 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/10/13 20:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/23 02:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/09/17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/08/30 01:16:41 | 000,504,880 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/08/30 01:16:41 | 000,032,304 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1100000.088\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/29 17:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2010/10/07 12:34:32 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/09/23 02:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/08/29 10:00:00 | 001,742,896 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\EX64.SYS -- (NAVEX15)
DRV - [2009/08/29 10:00:00 | 000,116,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20090829.019\ENG64.SYS -- (NAVENG)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/09/08 12:05:56 | 000,014,352 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\RMClock\RTCore64.sys -- (RTCore64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{5690D79A-2EDA-4E5E-819F-E4488A2D8C1B}: "URL" = ask.com/web?q={searchterms}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{EF9CB324-E56C-4449-AD2A-8B701A9A74F1}: "URL" = bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{5690D79A-2EDA-4E5E-819F-E4488A2D8C1B}: "URL" = ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{EF9CB324-E56C-4449-AD2A-8B701A9A74F1}: "URL" = bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = google.com
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{5690D79A-2EDA-4E5E-819F-E4488A2D8C1B}: "URL" = ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKCU\..\SearchScopes\{888501E6-30CF-4408-90AD-DEF5C7017ABB}: "URL" = websearch.ask.com/redirect?client=ie&tb.....=kw&q={searchTerms}&locale=&apn_ptnrs=5J&apn_dtid=YYYYYYYYDE&apn_uid=34fceae2-18ca-4a65-bc88-903373baa66d&apn_sauid=B781C628-1A40-480F-8343-D023DFE3AC90
IE - HKCU\..\SearchScopes\{EF9CB324-E56C-4449-AD2A-8B701A9A74F1}: "URL" = bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: fb_add_on@avm.de:1.6.3
FF - prefs.js..extensions.enabledAddons: ffxtlbr@Facemoods.com:1.4.0
FF - prefs.js..extensions.enabledAddons: nadir.kadem@gmail.com:2.1
FF - prefs.js..extensions.enabledAddons: spam@trashmail.net:2.6.2
FF - prefs.js..extensions.enabledAddons: wisestamp@wisestamp.com:3.11.21
FF - prefs.js..extensions.enabledAddons: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.15.0
FF - prefs.js..extensions.enabledAddons: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
FF - prefs.js..extensions.enabledAddons: support@vdownloader.com:3.9.1155
FF - prefs.js..extensions.enabledAddons: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.19
FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.2
FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.3.3
FF - prefs.js..extensions.enabledAddons: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.7.7
FF - prefs.js..extensions.enabledAddons: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.4.8.5
FF - prefs.js..extensions.enabledAddons: translator@zoli.bod:2.1.0.3
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.2
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.01
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.9.3
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\ciki\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\ciki\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\ciki\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ciki\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ciki\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Program Files (x86)\VDownloader\Addons\npVDownloader.dll (Vitzo)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/16 05:03:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4C0766D3-67A7-45a3-85A2-752F77312F32}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@vdownloader.com: C:\Program Files (x86)\VDownloader\Addons\FireFox [2012/05/29 21:17:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/28 18:45:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/28 18:45:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/01/28 22:09:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/28 18:45:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/28 18:45:02 | 000,000,000 | ---D | M]

[2011/01/28 17:58:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ciki\AppData\Roaming\Mozilla\Extensions
[2012/11/04 08:04:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ciki\AppData\Roaming\Mozilla\Firefox\Profiles\6iaw2c7p.default\extensions
[2012/10/13 14:21:14 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\ciki\AppData\Roaming\Mozilla\Firefox\Profiles\6iaw2c7p.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012/02/22 22:18:10 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\ciki\AppData\Roaming\Mozilla\Firefox\Profiles\6iaw2c7p.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2012/01/17 09:39:51 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\ciki\AppData\Roaming\Mozilla\Firefox\Profiles\6iaw2c7p.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/01/28 18:07:31 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\ciki\AppData\Roaming\Mozilla\Firefox\Profiles\6iaw2c7p.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2012/10/21 15:29:52 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\ciki\AppData\Roaming\Mozilla\Firefox\Profiles\6iaw2c7p.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2012/05/14 17:47:51 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\ciki\AppData\Roaming\Mozilla\Firefox\Profiles\6iaw2c7p.default\extensions\fb_add_on@avm.de
[2011/04/02 17:13:55 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\ciki\AppData\Roaming\Mozilla\Firefox\Profiles\6iaw2c7p.default\extensions\support@predictad.com
[2012/08/23 07:17:40 | 000,101,871 | ---- | M] () (No name found) -- C:\Users\ciki\AppData\Roaming\Mozilla\Firefox\Profiles\6iaw2c7p.default\extensions\ciuvo-extension@icq.de.xpi
[2012/08/30 16:34:51 | 000,088,614 | ---- | M] () (No name found) -- C:\Users\ciki\AppData\Roaming\Mozilla\Firefox\Profiles\6iaw2c7p.default\extensions\extension@ciuvo.com.xpi
[2011/08/20 19:19:52 | 000,025,939 | ---- | M] () (No name found) -- C:\Users\ciki\AppData\Roaming\Mozilla\Firefox\Profiles\6iaw2c7p.default\extensions\ffxtlbr@Facemoods.com.xpi
[2012/10/28 17:08:36 | 000,214,127 | ---- | M] () (No name found) -- C:\Users\ciki\AppData\Roaming\Mozilla\Firefox\Profiles\6iaw2c7p.default\extensions\freehdsport@freehdsport.tv.xpi
[2012/07/31 12:59:18 | 000,221,380 | ---- | M] () (No name found) -- C:\Users\ciki\AppData\Roaming\Mozilla\Firefox\Profiles\6iaw2c7p.default\extensions\gophoto@gophoto.it.xpi
[2011/12/01 17:37:11 | 000,006,496 | ---- | M] () (No name found) -- C:\Users\ciki\AppData\Roaming\Mozilla\Firefox\Profiles\6iaw2c7p.default\extensions\nadir.kadem@gmail.com.xpi
[2012/08/07 19:49:05 | 000,217,069 | ---- | M] () (No name found) -- C:\Users\ciki\AppData\Roaming\Mozilla\Firefox\Profiles\6iaw2c7p.default\extensions\spam@trashmail.net.xpi
[2012/10/13 14:21:13 | 000,565,762 | ---- | M] () (No name found) -- C:\Users\ciki\AppData\Roaming\Mozilla\Firefox\Profiles\6iaw2c7p.default\extensions\toolbar@web.de.xpi
[2012/10/30 12:46:26 | 000,060,290 | ---- | M] () (No name found) -- C:\Users\ciki\AppData\Roaming\Mozilla\Firefox\Profiles\6iaw2c7p.default\extensions\translator@zoli.bod.xpi
[2012/05/22 13:59:36 | 001,771,909 | ---- | M] () (No name found) -- C:\Users\ciki\AppData\Roaming\Mozilla\Firefox\Profiles\6iaw2c7p.default\extensions\wisestamp@wisestamp.com.xpi
[2012/10/28 17:14:31 | 000,340,272 | ---- | M] () (No name found) -- C:\Users\ciki\AppData\Roaming\Mozilla\Firefox\Profiles\6iaw2c7p.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2012/06/17 20:24:56 | 000,139,950 | ---- | M] () (No name found) -- C:\Users\ciki\AppData\Roaming\Mozilla\Firefox\Profiles\6iaw2c7p.default\extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi
[2012/09/26 20:42:54 | 000,061,406 | ---- | M] () (No name found) -- C:\Users\ciki\AppData\Roaming\Mozilla\Firefox\Profiles\6iaw2c7p.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2012/07/29 19:25:50 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\ciki\AppData\Roaming\Mozilla\Firefox\Profiles\6iaw2c7p.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/05/17 21:39:44 | 000,002,009 | ---- | M] () -- C:\Users\ciki\AppData\Roaming\Mozilla\Firefox\Profiles\6iaw2c7p.default\searchplugins\divx-titlovicom.xml
[2012/10/13 14:21:22 | 000,002,273 | ---- | M] () -- C:\Users\ciki\AppData\Roaming\Mozilla\Firefox\Profiles\6iaw2c7p.default\searchplugins\englische-ergebnisse.xml
[2012/10/13 14:21:22 | 000,010,563 | ---- | M] () -- C:\Users\ciki\AppData\Roaming\Mozilla\Firefox\Profiles\6iaw2c7p.default\searchplugins\gmx-suche.xml
[2012/09/11 22:04:48 | 000,000,950 | ---- | M] () -- C:\Users\ciki\AppData\Roaming\Mozilla\Firefox\Profiles\6iaw2c7p.default\searchplugins\icqplugin-4.xml
[2012/10/14 08:55:51 | 000,000,950 | ---- | M] () -- C:\Users\ciki\AppData\Roaming\Mozilla\Firefox\Profiles\6iaw2c7p.default\searchplugins\icqplugin-5.xml
[2012/10/28 17:14:37 | 000,000,950 | ---- | M] () -- C:\Users\ciki\AppData\Roaming\Mozilla\Firefox\Profiles\6iaw2c7p.default\searchplugins\icqplugin-6.xml
[2012/10/13 14:21:22 | 000,002,432 | ---- | M] () -- C:\Users\ciki\AppData\Roaming\Mozilla\Firefox\Profiles\6iaw2c7p.default\searchplugins\lastminute.xml
[2012/07/13 17:28:55 | 000,000,786 | ---- | M] () -- C:\Users\ciki\AppData\Roaming\Mozilla\Firefox\Profiles\6iaw2c7p.default\searchplugins\subbiee.xml
[2012/10/13 14:21:21 | 000,005,545 | ---- | M] () -- C:\Users\ciki\AppData\Roaming\Mozilla\Firefox\Profiles\6iaw2c7p.default\searchplugins\webde-suche.xml
[2012/10/28 18:44:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/28 18:44:58 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/29 21:17:42 | 000,000,000 | ---D | M] (VDownloader) -- C:\PROGRAM FILES (X86)\VDOWNLOADER\ADDONS\FIREFOX
[2012/10/28 18:45:18 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/06/30 19:30:14 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/06/11 20:59:09 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/09/11 20:58:08 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/11 20:59:09 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010/12/13 13:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2012/06/11 20:59:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/11 20:59:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/11 20:59:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - homepage: start.facemoods.com/?a=ddr
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t
CHR - default_search_provider: suggest_url = suggestqueries.google.com/complete/search?q={searchTerms},
CHR - homepage: start.facemoods.com/?a=ddr
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.96\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.96\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.96\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\ciki\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\ciki\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: VDownloader (Enabled) = C:\Program Files (x86)\VDownloader\Addons\npVDownloader.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\ciki\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Entanglement = C:\Users\ciki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: AdBlock = C:\Users\ciki\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.47_0\
CHR - Extension: Google+ Hangouts = C:\Users\ciki\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbpgddbgniojgndnhlkjbkpknjhppkbk\1.3_0\
CHR - Extension: CRX Inspector = C:\Users\ciki\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmlpbkpknjcnfabomjkecmkigcphgomk\0.1.0.7_0\
CHR - Extension: Poppit = C:\Users\ciki\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (TBSB08970 Class) - {10ABDD5A-E10E-4AF2-95BA-FCB47C7C90A7} - Reg Error: Value error. File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Program Files (x86)\Speed Video Splitter\msdxm.ocx (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [Facebook Update] C:\Users\ciki\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_D5483A5457E81AB3854A69A45F23B01D] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - Startup: C:\Users\ciki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WISO Bewerbung-Reminder.lnk = C:\Program Files (x86)\Buhl\Bewerbung 2008\KCReminder.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\ciki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Преузми са Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\ciki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Преузми са Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} trial.trymicrosoftoffice.com/trialoaa/buyms...../wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{792D17F3-6462-4738-BC42-3242FC79F973}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\vnd.ms.radio - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Program Files (x86)\Speed Video Splitter\msdxm.ocx (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\lightscribecontrolpanel.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\lslauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\lightscribecontrolpanel.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\lslauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3620eeda-6e91-11e0-a29e-c80aa906f6b3}\Shell - "" = AutoRun
O33 - MountPoints2\{3620eeda-6e91-11e0-a29e-c80aa906f6b3}\Shell\AutoRun\command - "" = G:\iStudio.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/07 16:25:07 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{3A86DDB3-B326-4976-85EE-F8232F7DDB2D}
[2012/11/06 10:40:53 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{193B0F49-BED1-4F4A-A7EE-C9E38BBF6B09}
[2012/11/05 21:29:24 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{F14CFF08-F0E2-439F-8AC7-0B781A15DEDF}
[2012/11/05 08:52:09 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{86C9D3A5-8714-45C5-A09F-C4688F0E07D1}
[2012/11/04 20:51:45 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{915E4AF9-258C-4A1A-84CD-02E60E45492C}
[2012/11/04 07:10:45 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{33C244AF-CF0C-48B1-9787-9B2B038926F0}
[2012/11/03 17:54:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/11/03 07:25:56 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{8FF9471F-3F33-4733-A699-2CFE1A2F6320}
[2012/11/02 07:32:44 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{14DBE889-EB0B-49BC-AA00-FFBEB8BBD187}
[2012/11/01 21:46:49 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{761117C8-BE10-40AD-919A-A73D89875C4F}
[2012/11/01 09:46:13 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{FABF5F97-09CB-4928-9CD9-5C289D9E6F65}
[2012/10/31 21:45:44 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{D3F6F44F-49EE-4CEE-B30C-194F1B114D7A}
[2012/10/30 09:58:59 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{D6CBFEFD-C183-4E72-8B01-D11D1DC64F25}
[2012/10/29 19:00:53 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{E394AD18-863B-4249-87A7-669FBD82CD07}
[2012/10/28 22:11:50 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{19B46890-9F28-4B5B-A24E-7476F3DBB0D1}
[2012/10/28 18:44:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/28 17:09:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Perion
[2012/10/28 17:09:00 | 000,829,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100.dll
[2012/10/28 17:09:00 | 000,608,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcp100.dll
[2012/10/28 17:08:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gophoto.it
[2012/10/28 17:08:36 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LSHunter.TV
[2012/10/28 09:41:11 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{D67E2644-0061-4630-8555-4B74262B2C05}
[2012/10/27 21:40:31 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{D2861983-9575-45B3-A729-74A9699E239C}
[2012/10/27 09:40:06 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{B9A766B8-B1B8-4884-AE7A-A985D9AE2047}
[2012/10/26 08:11:15 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{109F2E55-E92E-49E4-ADF4-C75EAB597F18}
[2012/10/25 18:21:53 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{69042B75-7C46-41A1-8DDB-9BC23C0C713C}
[2012/10/25 06:21:28 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{86DD61D0-FE95-46A5-97F8-7102E24EAAB2}
[2012/10/24 06:43:43 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{05C3E16D-398D-49C7-BA95-BE17FCB56AD8}
[2012/10/23 20:12:54 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{81AA2B21-2EC5-4139-B2CE-3F05818B4BBA}
[2012/10/23 08:12:30 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{886E60F4-6019-4700-B4BE-28C0F1B6B196}
[2012/10/22 20:24:08 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{3ADE906F-B314-4268-A8D8-DEC8AD77835A}
[2012/10/22 08:23:44 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{751ED5E6-2C27-4496-975F-22C997E702BA}
[2012/10/21 22:55:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 120%
[2012/10/21 11:20:33 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{36D1731E-A49D-4C96-8A09-2038D300D4E0}
[2012/10/20 11:42:13 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{583F738B-7826-4444-BD7A-880BEE83855F}
[2012/10/19 20:17:33 | 000,000,000 | ---D | C] -- C:\Users\ciki\Eden 2012 DVDRip Xvid AC3 Legend-Rg
[2012/10/19 14:46:30 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{CC3C7DB6-CFDD-4737-B1EF-6C34B1D828B8}
[2012/10/18 19:17:47 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{99652DB3-6ECD-47FB-ADAF-A48C8B6202E7}
[2012/10/17 20:35:49 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{8807B55D-778A-4A30-9672-D9D0E81F67D6}
[2012/10/17 08:31:15 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{AE389DEC-2317-43BA-B39A-882E3CE0C929}
[2012/10/16 20:30:40 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{CEA5DE2B-4A53-4D46-89F4-DFB8EF3AF813}
[2012/10/16 08:30:15 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{E08B272C-BDA9-4592-88DE-AD4662909F19}
[2012/10/15 18:36:32 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{FFBD2DD9-1C7C-40A2-9326-4AC83EC0A143}
[2012/10/14 20:54:03 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{385864E0-BA86-41DD-98F7-70DDD6B7A33A}
[2012/10/14 08:53:36 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{75206380-B654-4FBF-83A1-1B1614BD48C9}
[2012/10/13 20:43:46 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{D4EA6FEF-D90D-4618-AB2D-1A12A3979229}
[2012/10/13 08:43:11 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{546FE018-1918-428F-8417-977A7425C20C}
[2012/10/13 08:31:36 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/10/13 08:18:58 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/10/13 07:50:39 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\CRE
[2012/10/12 20:42:36 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{FB6B064F-F253-453F-900D-4773179EA279}
[2012/10/12 08:42:11 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{2E177D7C-E887-4120-8ED4-A147CB90B105}
[2012/10/11 16:12:06 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{5BB2DB11-1791-4838-A3FC-2BAC15722177}
[2012/10/10 20:53:08 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{728921E1-5211-4A72-8E21-B9F9FDA47DB0}
[2012/10/10 08:52:34 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{0ACE15B7-8CA8-452C-B9BE-93B451F854C5}
[2012/10/10 08:27:52 | 000,000,000 | ---D | C] -- C:\Users\ciki\4.0
[2012/10/10 08:27:51 | 000,000,000 | ---D | C] -- C:\Users\ciki\.tfo4
[2012/10/09 20:52:09 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{D0CD0AE5-A04A-4688-8D28-464DE3D78789}
[2012/10/09 19:16:51 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/10/09 19:16:51 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/10/09 19:16:51 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/10/09 19:16:50 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/10/09 19:16:49 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/10/09 19:16:49 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/10/09 19:16:48 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/10/09 19:16:48 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/10/09 19:16:48 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/10/09 19:16:48 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/10/09 19:16:47 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/10/09 19:16:47 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/10/09 19:16:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/09 19:16:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/09 19:16:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/09 19:16:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/10/09 19:16:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/10/09 19:16:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/09 19:16:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/09 19:16:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/10/09 19:16:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/09 19:16:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/10/09 19:16:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/10/09 19:16:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/09 19:16:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/10/09 19:16:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/10/09 19:16:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/09 19:16:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/09 19:16:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/10/09 19:16:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/10/09 19:16:45 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/10/09 19:16:45 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/09 19:16:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/09 19:16:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/10/09 19:16:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/09 19:16:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/09 19:16:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/09 19:16:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/09 19:16:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/10/09 19:16:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/10/09 19:16:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/09 19:16:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/09 19:16:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/10/09 19:16:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/09 19:16:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/09 19:16:43 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/10/09 19:16:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/10/09 19:16:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/10/09 19:16:42 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/09 19:16:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/09 19:16:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/09 19:16:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/09 19:16:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/10/09 19:16:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/09 19:16:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/10/09 19:16:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/10/09 19:16:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/10/09 19:16:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/10/09 19:16:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/09 19:16:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/10/09 19:16:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/09 19:16:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/09 19:16:41 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/10/09 19:16:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/09 19:16:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/10/09 19:16:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/10/09 19:16:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/10/09 19:16:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/10/09 19:16:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/10/09 19:16:20 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/10/09 19:16:18 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/10/09 19:15:47 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/10/09 19:15:44 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/10/09 19:15:41 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/10/09 19:15:40 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/10/09 19:08:41 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{84122DAF-4D84-47BA-8DDC-4D78510E6AA1}
[2012/10/09 06:45:47 | 000,000,000 | ---D | C] -- C:\Users\ciki\AppData\Local\{EA571962-AACF-4B84-9EAB-D3FBD9C50248}
[2011/02/20 19:16:39 | 001,291,624 | ---- | C] (Microsoft Corporation) -- C:\Users\ciki\wlsetup-web.exe
[2011/02/11 19:37:31 | 002,649,016 | ---- | C] (VS Revo Group Ltd.) -- C:\Users\ciki\revo191setup.exe
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/07 19:52:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/07 19:01:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1680820528-395719371-245008140-1000UA.job
[2012/11/07 18:58:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/07 18:21:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1680820528-395719371-245008140-1000UA.job
[2012/11/07 17:58:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/07 17:01:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1680820528-395719371-245008140-1000Core.job
[2012/11/07 16:46:40 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/07 16:46:40 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/07 16:43:41 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/07 16:43:41 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/07 16:43:41 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/07 16:39:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/07 16:39:15 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/05 21:28:45 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForciki.job
[2012/11/04 08:01:44 | 000,540,977 | ---- | M] () -- C:\Users\ciki\Desktop\adwcleaner.exe
[2012/11/03 17:54:06 | 000,002,215 | ---- | M] () -- C:\Users\ciki\Desktop\Google Chrome.lnk
[2012/10/30 12:46:21 | 000,002,044 | ---- | M] () -- C:\Users\ciki\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/10/21 23:29:24 | 000,000,225 | ---- | M] () -- C:\Users\ciki\Documents\ax_files.xml
[2012/10/21 23:21:02 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1680820528-395719371-245008140-1000Core.job
[2012/10/21 23:06:07 | 000,001,140 | ---- | M] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
[2012/10/21 19:03:09 | 000,149,504 | ---- | M] () -- C:\Users\ciki\AppData\Roaming\chrtmp
[2012/10/16 16:52:06 | 000,004,314 | ---- | M] () -- C:\Users\ciki\Documents\La Cara Oculta [.mds
[2012/10/16 16:52:05 | 967,606,272 | ---- | M] () -- C:\Users\ciki\Documents\La Cara Oculta [.iso
[2012/10/13 08:28:34 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/10/13 08:28:34 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/10/13 07:48:44 | 000,001,358 | ---- | M] () -- C:\Users\ciki\Desktop\Free YouTube to MP3 Converter.lnk
[2012/10/09 21:09:59 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/10/09 07:54:34 | 010,220,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/04 08:01:34 | 000,540,977 | ---- | C] () -- C:\Users\ciki\Desktop\adwcleaner.exe
[2012/11/04 07:31:00 | 002,682,454 | ---- | C] () -- C:\Users\ciki\Desktop\Serif Konjevic- Sanjam je Sanjam je uzivo na TOP MUSIC.ts.m4a
[2012/11/03 17:54:06 | 000,002,215 | ---- | C] () -- C:\Users\ciki\Desktop\Google Chrome.lnk
[2012/11/03 17:53:15 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/03 17:53:14 | 000,001,102 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/21 22:55:32 | 000,001,140 | ---- | C] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
[2012/10/16 16:52:06 | 000,004,314 | ---- | C] () -- C:\Users\ciki\Documents\La Cara Oculta [.mds
[2012/10/16 16:49:17 | 967,606,272 | ---- | C] () -- C:\Users\ciki\Documents\La Cara Oculta [.iso
[2012/08/12 09:46:43 | 000,000,248 | ---- | C] () -- C:\Windows\BUHL.INI
[2012/05/29 21:17:43 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe
[2012/03/05 22:49:53 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012/03/05 22:48:05 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2012/01/20 11:30:09 | 000,554,496 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll
[2012/01/10 21:27:26 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2012/01/10 21:27:26 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2012/01/10 21:27:26 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2012/01/10 20:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/11/16 17:40:02 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2011/11/16 17:40:02 | 000,012,031 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-Jardinains!.dat
[2011/10/31 11:22:42 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/10/31 11:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/10/31 11:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/10/31 11:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/10/31 11:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/10/16 16:51:38 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2011/10/02 14:58:04 | 000,002,017 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011/09/13 15:09:48 | 2147,483,647 | ---- | C] () -- C:\Users\ciki\vigneta.tc
[2011/09/09 17:12:23 | 000,000,291 | ---- | C] () -- C:\Windows\pwc61s.INI
[2011/05/08 20:25:55 | 000,000,000 | ---- | C] () -- C:\Users\ciki\AppData\Roaming\wklnhst.dat
[2011/05/01 11:31:42 | 000,006,656 | ---- | C] () -- C:\Users\ciki\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/25 12:57:30 | 000,000,006 | ---- | C] () -- C:\Users\ciki\AppData\Roaming\start
[2011/04/25 12:52:02 | 000,000,006 | ---- | C] () -- C:\Users\ciki\AppData\Roaming\completescan
[2011/04/25 12:48:14 | 000,000,010 | ---- | C] () -- C:\Users\ciki\AppData\Roaming\install
[2011/04/25 12:46:39 | 000,000,136 | ---- | C] () -- C:\Users\ciki\AppData\Roaming\1.gif
[2011/03/19 11:49:37 | 000,001,854 | ---- | C] () -- C:\Users\ciki\AppData\Roaming\GhostObjGAFix.xml
[2011/02/20 17:55:51 | 008,280,563 | ---- | C] () -- C:\Users\ciki\Dara Bubamara - 2010 - 04 - Ne Planiram.mp3
[2011/02/11 19:58:44 | 019,491,357 | ---- | C] () -- C:\Users\ciki\rsapi.exe.cgi
[2011/02/04 19:40:52 | 000,001,041 | ---- | C] () -- C:\Windows\wiso.ini
[2011/01/28 22:02:27 | 000,149,504 | ---- | C] () -- C:\Users\ciki\AppData\Roaming\chrtmp
[2011/01/28 22:02:22 | 002,256,519 | ---- | C] () -- C:\Users\ciki\AppData\Roaming\winrar-x64-393d.exe
[2011/01/28 18:28:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/09/30 16:16:05 | 001,796,096 | ---- | C] () -- C:\Users\ciki\Lang_de-DE.msi
[2010/09/30 16:15:33 | 218,817,640 | ---- | C] () -- C:\Users\ciki\TUU.cab
[2010/09/28 16:47:05 | 003,532,475 | ---- | C] () -- C:\Users\ciki\Handbuch.pdf

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 178 bytes -> C:\ProgramData\Temp:6724CB45

< End of report >

mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozdrav,



Korak 1.

Pokreni Start -> Control Panel -> Programs and Features i deinstaliraj sledece programe:

Java(TM) 6 Update 31
Java(TM) 7 Update 5
Java 7 Update 7


Potom poseti ovu adresu i instaliraj najnoviju verziju --> http://www.java.com/en/download/index.jsp



Imas ostatke Symantec-a. Preuzmi ovaj alat kako bi ih uklonio. Restartuj racunar.



Korak 2

Ponovo pokreni program OTL dvoklikom na ikonu.

U bijeli okvir prozora gdje piše Custom Scans/Fixes iskopirati sljedeći tekst:

:OTL
IE:64bit: - HKLM\..\SearchScopes\{5690D79A-2EDA-4E5E-819F-E4488A2D8C1B}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{5690D79A-2EDA-4E5E-819F-E4488A2D8C1B}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKCU\..\SearchScopes\{5690D79A-2EDA-4E5E-819F-E4488A2D8C1B}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKCU\..\SearchScopes\{888501E6-30CF-4408-90AD-DEF5C7017ABB}: "URL" = http://websearch.ask.com/redirect?client=ie&tb.....=kw&q={searchTerms}&locale=&apn_ptnrs=5J&apn_dtid=YYYYYYYYDE&apn_uid=34fceae2-18ca-4a65-bc88-903373baa66d&apn_sauid=B781C628-1A40-480F-8343-D023DFE3AC90
CHR - homepage: http://start.facemoods.com/?a=ddr
CHR - default_search_provider: suggest_url = http://suggestqueries.google.com/complete/search?q={searchTerms},
CHR - homepage: http://start.facemoods.com/?a=ddr
O2 - BHO: (TBSB08970 Class) - {10ABDD5A-E10E-4AF2-95BA-FCB47C7C90A7} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.



Klikni taster Run Fix;

Izvještaj koji dobiješ iskopiraj ovde u poruci.

offline
  • qwasac 
  • Novi MyCity građanin
  • Pridružio: 17 Maj 2011
  • Poruke: 10

Poz
Evo po tvojim uputama nadam se da je to to...
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5690D79A-2EDA-4E5E-819F-E4488A2D8C1B}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5690D79A-2EDA-4E5E-819F-E4488A2D8C1B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5690D79A-2EDA-4E5E-819F-E4488A2D8C1B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5690D79A-2EDA-4E5E-819F-E4488A2D8C1B}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5690D79A-2EDA-4E5E-819F-E4488A2D8C1B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5690D79A-2EDA-4E5E-819F-E4488A2D8C1B}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{888501E6-30CF-4408-90AD-DEF5C7017ABB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{888501E6-30CF-4408-90AD-DEF5C7017ABB}\ not found.
Use Chrome's Settings page to change the HomePage.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to change the HomePage.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10ABDD5A-E10E-4AF2-95BA-FCB47C7C90A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10ABDD5A-E10E-4AF2-95BA-FCB47C7C90A7}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.

OTL by OldTimer - Version 3.2.69.0 log created on 11072012_212618

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Kakvo je sada stanje?

offline
  • qwasac 
  • Novi MyCity građanin
  • Pridružio: 17 Maj 2011
  • Poruke: 10

Evo restartovo ...
Ne znam gdje pogrijesih ...opet je tu Mystart by incredibar prozor

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Mozes li da postavis Screen Shot da vidim kako to izgleda...
http://www.mycity.rs/Pitanja-i-predlozi/Pravljenje-screenshota.html

offline
  • qwasac 
  • Novi MyCity građanin
  • Pridružio: 17 Maj 2011
  • Poruke: 10

Napisano: 07 Nov 2012 21:54

Jel to to



Dopuna: 07 Nov 2012 22:53

nemas ideje ... nema veze ..hvala na trudu u svakom slucaju
Pozz

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Imam ideju Smile

Odradi detaljno po ovoj temi, to bi trebalo da resi problem --> http://www.mycity.rs/Zastita/Kako-izbeci-i-ukloniti-toolbar-ove.html

offline
  • qwasac 
  • Novi MyCity građanin
  • Pridružio: 17 Maj 2011
  • Poruke: 10

Pozz
Kad bi vise ljudi bilo kao ti ... Hvala ti na trudu i pomoci .. Tako jednostavno ali detaljno objasnjeno i lako za nas ''obicne smrtnike ''
Ostaj mi zdravo

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Arrow To bi bilo to. Racunar je čist što se malware-a tiče. Potrebno je da ispratiš sledeće korake...



Arrow Preuzmi i pokreni OTC. Klikni na CleanUp. Ovim ce biti obrisani korisceni alati.



Arrow Preporučujem da za zaštitu USB memorijskih uredjaja koristiš MCShield v2. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad, a pokazao se kao jedan od najboljih vidova zaštite od malware-a koji se prenosi putem USB mem. uređaja. Skineš, instaliraš, ubodeš USB mem. uređaj, izvrši se skeniranje nakon čega dobiješ obaveštenje da je uređaj čist (ukoliko je stvarno tako); ili dobiješ log u kome vidiš informacije o malware-u koji je nađen i obrisan.


Home Page MCShield-a ::Anti-Malware Tool:: v2: http://amf.mycity.rs/mcshield/

Više o MCShield-u možeš saznati u ovim temama:
v1: http://www.mycity.rs/MyCity-Laboratorija/MCShield.html
v2: http://www.mycity.rs/MyCity-Laboratorija/MCShield-v2.html




Arrow Obavezno poseti temu "Testirajte da li vam je pretraživač ranjiv", pročitaj i isprati link koji stoji u njoj.
Link do teme je: http://www.mycity.rs/Web-browseri/Testirajte-da-li.....anjiv.html




TwinHeadedEagle (AMF Tim)

Ko je trenutno na forumu
 

Ukupno su 1372 korisnika na forumu :: 25 registrovanih, 3 sakrivenih i 1344 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: aramis s, Areal84, bestguarder, Bobrock1, cifra, Djokislav, FileFinder, Georgius, hyla, jackreacher011011, Koca Popovic, ladro, laki_bb, maCvele, Mi lao shu, Milometer, Oscar, Parker, stegonosa, vathra, Volkhov-M, vukdra, W123, zlaya011, zzapNDjuric99