| |
| |||||||
Log-Analyse und Auswertung: Certified-toolbar -Search Startseite ProblemWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
07.02.2013, 17:36
| #1 |
| |  Certified-toolbar -Search Startseite Problem Hallo, Mein Problem ist, dass die Startseite in Firefox und EI, search.certified-toolbar.com?si=41460&shortcut=true&tid=2937 bleibt ich glaube ich habe fast alles versucht um dieses Problem zu lösen, jedoch ohne Erfolg was ich bis jetzt gemacht habe, diese Programme gelöscht Updater Spyhunter complitly Hotspotshild Ccleaner dürchgeführt , Firefox und IE auf dem anfangszustand gebracht, aber immer noch ohne Erfolg ich hoffe, ich finde hier eine Lösung Auf dem PC habe ich ein anders Datum als gewöhllich , ein arabisches Datum Vielen Dank HijackTHis Code:
ATTFilter Scan saved at 12:41:11 ص, on 04/02/13
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\VIA_XHCI\usb3Monitor.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\CaptureWiz\Pro\CaptureWiz.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\No-IP\DUC30.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlug in_11_5_502_146.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlug in_11_5_502_146.exe
C:\Users\Gigabyte\Downloads\Programs\HijackThis.ex e
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 119.187.148.34:8000
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \IE\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [Module Loader] C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe -StartUpRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - Startup: CaptureWiz.lnk = C:\Program Files (x86)\CaptureWiz\Pro\CaptureWiz.exe
O4 - Startup: No-IP DUC.lnk = C:\Program Files (x86)\No-IP\DUC30.exe
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: ت&صدير إلى Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: تحميل الكل بواسطة Internet Download Manager - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download Manager - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {2d8ee268-8d7a-4996-b80b-8999ce8c7fe2} - C:\Users\Gigabyte\AppData\Roaming\DownTangoFTToolb ar\DownTangoFTToolbar.dll
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {625CA666-935A-EC18-CCEC-CCE04C544730} (Voice Helper Object) - hxxp://chatvoice.voicef.net/talkoknew.cab
O16 - DPF: {625CA666-935A-EC18-CCEC-CCE04C544777} (Sower Helper Object) - hxxp://serv3.7lavoice.net/tiktik.cab
O16 - DPF: {7253A666-804A-1108-A3DC-00E04C504788} (BMChat Control) - hxxp://5.10.68.82:1990/inc/bmchat.cab
O16 - DPF: {8855A666-683F-4D45-B6F1-549188BB79C1} (BMCVoice Control) - hxxp://floodserver19.ksavoice1.com/bmc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C6D67F2-E8BF-4709-BA39-238CCC9BF4A5}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208 .67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,15 6.154.71.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3C6D67F2-E8BF-4709-BA39-238CCC9BF4A5}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208 .67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,15 6.154.71.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3C6D67F2-E8BF-4709-BA39-238CCC9BF4A5}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208 .67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,15 6.154.71.1
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acunetix WVS Scheduler v8 (AcuWVSSchedulerv8) - Unknown owner - C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 8\WVSScheduler.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Hotspot Shield Service (hshld) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Unknown owner - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 14892 bytes
Code:
ATTFilter ComboFix 13-02-06.01 - Gigabyte 02/07/2013 4:49.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1256.966.1025.18.8154.6100 [GMT 3:00]
Running from: c:\users\Gigabyte\Downloads\Programs\ComboFix_2.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Gigabyte\AppData\Roaming\system32
c:\windows\system\VI30AUT.DLL
c:\windows\SysWow64\ftx32.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\tmp7F28.tmp
c:\windows\SysWow64\tmp7F29.tmp
c:\windows\SysWow64\wpcap.dll
D:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
-------\Service_vcs
.
.
((((((((((((((((((((((((( Files Created from 2013-01-07 to 2013-02-07 )))))))))))))))))))))))))))))))
.
.
2013-02-07 01:56 . 2013-02-07 01:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-06 02:51 . 2013-02-06 02:51 -------- d-----w- c:\users\Gigabyte\AppData\Roaming\TuneUp Software
2013-02-06 02:47 . 2013-02-06 03:21 -------- d-----w- c:\programdata\MFAData
2013-02-06 02:47 . 2013-02-06 03:19 -------- d-----w- c:\users\Gigabyte\AppData\Local\Avg2013
2013-02-06 02:47 . 2013-02-06 02:47 -------- d--h--w- c:\programdata\Common Files
2013-02-06 02:47 . 2013-02-06 02:47 -------- d-----w- c:\users\Gigabyte\AppData\Local\MFAData
2013-02-06 01:42 . 2013-02-06 01:41 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-02 13:14 . 2013-02-02 13:14 -------- d-----w- c:\users\Gigabyte\AppData\Roaming\Subversion
2013-02-02 12:55 . 2013-02-02 12:55 -------- d-----w- c:\users\Gigabyte\AppData\Local\Embarcadero
2013-02-02 12:55 . 2013-02-02 12:55 -------- d-----w- c:\users\Gigabyte\AppData\Roaming\DevJET
2013-02-02 12:53 . 2013-02-02 12:53 -------- d-----w- c:\users\Gigabyte\AppData\Local\Raize
2013-02-02 09:58 . 2013-02-02 09:58 -------- d-----w- c:\users\Gigabyte\AppData\Local\Apple Computer
2013-02-02 09:58 . 2013-02-02 10:38 -------- d-----w- c:\users\Gigabyte\AppData\Roaming\Apple Computer
2013-02-02 09:58 . 2013-02-04 11:47 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-02-02 09:58 . 2013-02-02 09:58 -------- d-----w- c:\programdata\Apple Computer
2013-02-02 09:58 . 2013-02-02 09:58 -------- d-----w- c:\users\Gigabyte\AppData\Local\Apple
2013-02-02 09:57 . 2013-02-02 09:58 -------- d-----w- c:\programdata\Apple
2013-02-02 09:51 . 2013-02-02 13:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-02 09:51 . 2012-12-14 13:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-01 21:24 . 2013-02-01 21:24 110080 ----a-r- c:\users\Gigabyte\AppData\Roaming\Microsoft\Installer\{46B04D53-4E34-4388-B6EE-80FAB66AEF9B}\IconF7A21AF7.exe
2013-02-01 21:24 . 2013-02-01 21:24 110080 ----a-r- c:\users\Gigabyte\AppData\Roaming\Microsoft\Installer\{46B04D53-4E34-4388-B6EE-80FAB66AEF9B}\IconD7F16134.exe
2013-02-01 21:24 . 2013-02-01 21:24 110080 ----a-r- c:\users\Gigabyte\AppData\Roaming\Microsoft\Installer\{46B04D53-4E34-4388-B6EE-80FAB66AEF9B}\IconCF33A0CE.exe
2013-02-01 21:24 . 2013-02-01 21:24 -------- d-----w- c:\program files (x86)\Enigma Software Group
2013-02-01 21:23 . 2013-02-07 01:14 -------- d-----w- c:\windows\46B04D534E344388B6EE80FAB66AEF9B.TMP
2013-02-01 20:49 . 2013-02-01 21:21 -------- d-----w- c:\windows\CD6329998BB745B5918E011545F6BB1D.TMP
2013-02-01 20:45 . 2013-02-01 20:45 -------- d-----w- c:\users\Gigabyte\AppData\Roaming\FinalBuilder7
2013-02-01 20:41 . 2013-02-01 20:41 -------- d-----w- c:\programdata\SUPERSetup
2013-02-01 20:25 . 2011-08-28 02:00 506880 ----a-w- c:\windows\SysWow64\CodeSiteExpressPkg160.bpl
2013-02-01 20:25 . 2013-02-01 20:25 -------- d-----w- c:\programdata\Raize
2013-02-01 20:25 . 2010-11-03 13:55 2457088 ----a-w- c:\windows\SysWow64\vcl150.bpl
2013-02-01 20:25 . 2011-08-28 02:00 36352 ----a-w- c:\windows\SysWow64\CodeSitePlugIns150.bpl
2013-02-01 20:25 . 2010-11-03 13:55 2150400 ----a-w- c:\windows\SysWow64\rtl150.bpl
2013-02-01 20:25 . 2013-02-01 20:25 -------- d-----w- c:\program files (x86)\Raize
2013-02-01 20:22 . 2013-02-01 20:22 -------- d-----w- c:\programdata\VSoft
2013-02-01 20:22 . 2013-02-02 13:16 -------- d-----w- c:\program files (x86)\FinalBuilder 7 XE2
2013-02-01 20:22 . 2013-02-01 20:22 -------- d-----w- c:\program files (x86)\Common Files\VSoft
2013-02-01 19:49 . 2013-02-01 19:59 -------- dc-h--w- c:\programdata\{EDA307AA-B5A4-4524-B840-2914497A9C3C}
2013-02-01 19:48 . 2011-08-15 06:10 1312768 ----a-w- c:\windows\SysWow64\Rave100VCL160.bpl
2013-02-01 19:48 . 2013-02-01 19:48 -------- d-----w- c:\program files (x86)\CollabNet
2013-02-01 19:48 . 2013-02-01 19:48 -------- d-----w- c:\program files (x86)\DevJet
2013-02-01 19:48 . 2013-02-01 19:48 -------- d-----w- c:\program files (x86)\FastReports
2013-02-01 19:42 . 2013-02-04 10:17 -------- d-----w- c:\programdata\Embarcadero
2013-02-01 19:42 . 2013-02-02 12:55 -------- d-----w- c:\users\Gigabyte\AppData\Roaming\Embarcadero
2013-02-01 19:42 . 2013-02-01 19:42 -------- d-----w- c:\program files (x86)\Common Files\CodeGear Shared
2013-02-01 19:42 . 2013-02-01 19:42 -------- d-----w- c:\program files (x86)\Common Files\Borland Shared
2013-02-01 19:42 . 2013-02-01 19:42 -------- d-----w- c:\program files (x86)\Embarcadero
2013-02-01 19:30 . 2013-02-01 20:45 -------- d-----w- c:\users\Gigabyte\AppData\Roaming\Anvisoft
2013-02-01 19:30 . 2013-02-01 19:30 -------- d-----w- c:\programdata\Anvisoft
2013-02-01 19:30 . 2013-02-01 19:30 -------- d-----w- c:\program files (x86)\Anvisoft
2013-02-01 18:55 . 2013-02-01 20:21 -------- d--h--w- c:\programdata\{46A13B26-D605-4DC3-8770-D0F4A0C3565D}
2013-02-01 18:54 . 2013-02-01 18:54 -------- d-----w- c:\users\Gigabyte\AppData\Local\PackageAware
2013-02-01 17:41 . 2013-02-01 17:41 -------- d-----w- c:\program files (x86)\Uniblue
2013-01-31 02:07 . 2013-01-31 02:07 -------- d-----w- c:\program files (x86)\NTCore
2013-01-31 01:54 . 2013-01-31 01:54 -------- d-----w- c:\programdata\IsolatedStorage
2013-01-29 05:20 . 2013-02-01 08:05 -------- d-----w- c:\users\Gigabyte\AppData\Local\Remove Toolbar Buddy
2013-01-29 05:20 . 2011-09-08 16:08 587768 ----a-w- c:\windows\SysWow64\Codejock.SkinFramework.Unicode.v15.1.3.0908.ocx
2013-01-29 05:20 . 2011-09-08 16:08 509944 ----a-w- c:\windows\SysWow64\Codejock.ShortcutBar.Unicode.v15.1.3.0908.ocx
2013-01-29 05:20 . 2011-09-08 16:08 1140728 ----a-w- c:\windows\SysWow64\Codejock.PropertyGrid.Unicode.v15.1.3.0908.ocx
2013-01-29 05:20 . 2011-09-08 16:08 833528 ----a-w- c:\windows\SysWow64\Codejock.DockingPane.Unicode.v15.1.3.0908.ocx
2013-01-29 05:20 . 2011-09-08 16:08 1906680 ----a-w- c:\windows\SysWow64\Codejock.Controls.Unicode.v15.1.3.0908.ocx
2013-01-29 05:20 . 2013-01-29 05:20 -------- d-----w- c:\program files (x86)\Scorpio Software
2013-01-29 05:20 . 2011-09-08 16:07 2717688 ----a-w- c:\windows\SysWow64\Codejock.CommandBars.Unicode.v15.1.3.0908.ocx
2013-01-29 04:55 . 2013-01-29 04:55 -------- d-----w- c:\programdata\Adguard
2013-01-29 04:54 . 2013-01-29 05:01 -------- d-----w- c:\program files (x86)\Adguard
2013-01-27 14:47 . 2013-01-27 15:20 -------- d-----w- C:\Perl
2013-01-27 09:31 . 2013-01-27 09:31 -------- d-----w- c:\program files (x86)\Acunetix
2013-01-27 09:31 . 2013-01-27 09:31 -------- d-----w- c:\programdata\Acunetix WVS 8
2013-01-27 08:59 . 2013-01-27 08:59 -------- d-----w- c:\users\Gigabyte\AppData\Roaming\URSoft
2013-01-27 08:59 . 2013-01-27 08:59 -------- d-----w- c:\program files (x86)\Your Uninstaller! 7
2013-01-26 12:48 . 2013-01-27 07:49 -------- d-----w- c:\users\Gigabyte\.zenmap
2013-01-26 12:47 . 2013-01-26 12:47 -------- d-----w- c:\program files\WinPcap
2013-01-26 12:46 . 2013-01-26 12:47 -------- d-----w- c:\program files (x86)\Nmap
2013-01-20 06:16 . 2013-01-20 06:16 42184 ----a-w- c:\windows\system32\drivers\taphss6.sys
2013-01-20 06:07 . 2013-01-20 06:07 42696 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2013-01-19 12:39 . 2013-01-19 12:39 -------- dc----w- c:\users\Gigabyte\AppData\Local\MigWiz
2013-01-15 22:39 . 2013-01-15 22:39 -------- d-----w- c:\program files\ComPlus Applications
2013-01-15 06:19 . 2013-01-15 06:19 -------- d-----w- c:\program files (x86)\VideoDownloadConverter_4zEI
2013-01-15 06:08 . 2013-01-15 07:40 -------- d-----w- c:\program files (x86)\Twitter Hacker Pro
2013-01-15 04:03 . 2013-01-15 04:03 -------- d-----w- c:\program files (x86)\Web Publish
2013-01-15 04:02 . 2013-01-15 04:02 -------- d-----w- c:\windows\msapps
2013-01-15 01:09 . 2013-01-15 01:09 -------- d-----w- c:\program files\BreakPoint Software
2013-01-14 23:39 . 2013-01-14 23:39 -------- d-----w- c:\program files\Enigma Software Group
2013-01-14 23:39 . 2013-02-01 20:50 -------- d-----w- c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2013-01-14 23:39 . 2013-02-01 21:23 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-01-14 23:09 . 2012-02-23 11:24 24408 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2013-01-13 20:45 . 2013-01-13 20:45 -------- d-----w- c:\users\Gigabyte\AppData\Local\Vitalwerks
2013-01-13 20:45 . 2013-01-15 00:24 -------- d-----w- c:\program files (x86)\No-IP
2013-01-13 18:01 . 2009-07-22 08:17 78872 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2013-01-13 18:01 . 2009-07-22 08:17 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2013-01-13 18:01 . 2009-07-22 08:17 79896 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2013-01-13 18:01 . 2009-07-22 08:17 111640 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2013-01-13 18:00 . 2013-01-13 18:00 -------- d-----w- c:\windows\system32\RsFx
2013-01-13 18:00 . 2013-01-13 18:00 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2013-01-13 17:59 . 2013-01-13 17:59 -------- d-----w- c:\program files\Microsoft.NET
2013-01-13 17:57 . 2013-01-13 17:57 -------- d-----w- c:\program files\Microsoft Sync Framework
2013-01-13 17:57 . 2013-01-13 17:57 -------- d-----w- c:\program files\Microsoft Synchronization Services
2013-01-13 17:57 . 2013-01-13 17:57 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2013-01-13 17:57 . 2013-01-13 17:57 -------- d-----w- c:\programdata\PreEmptive Solutions
2013-01-13 17:54 . 2013-01-13 18:02 2371296 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2013-01-13 17:51 . 2013-01-13 17:57 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0
2013-01-13 17:51 . 2013-01-13 17:53 -------- d-----w- c:\program files (x86)\Microsoft F#
2013-01-13 17:51 . 2013-01-13 17:52 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
2013-01-13 17:51 . 2013-01-13 17:52 -------- d-----w- c:\program files (x86)\HTML Help Workshop
2013-01-13 17:49 . 2013-01-13 17:49 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2013-01-13 17:49 . 2013-01-13 17:49 -------- d-----w- c:\windows\symbols
2013-01-13 17:49 . 2013-01-13 17:49 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2013-01-13 17:49 . 2013-01-13 17:49 -------- d-----w- c:\program files\Microsoft Help Viewer
2013-01-12 19:54 . 2013-01-12 19:54 -------- d-----w- c:\program files (x86)\DownTangoFTToolbar
2013-01-12 19:54 . 2013-01-12 19:54 -------- d-----w- c:\users\Gigabyte\AppData\Roaming\DownTangoFTToolbar
2013-01-12 19:54 . 2013-01-03 04:18 15360 ----a-w- c:\windows\Launcher.exe
2013-01-12 19:53 . 2013-01-12 19:53 -------- d-----w- c:\users\Gigabyte\AppData\Local\DownTango
2013-01-12 19:53 . 2013-01-12 19:57 -------- d-----w- c:\program files (x86)\Red Sky
2013-01-11 11:47 . 2013-02-06 01:41 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-01-11 11:47 . 2013-02-06 01:41 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-01-11 11:46 . 2013-01-11 11:46 -------- d-----w- c:\programdata\McAfee
2013-01-10 14:47 . 2008-06-24 10:45 1414440 ----a-w- c:\windows\SysWow64\ShellManager310E2D762.dll
2013-01-10 13:36 . 2013-01-10 13:36 -------- d-----w- c:\programdata\IObit
2013-01-10 13:36 . 2013-01-11 11:53 -------- d-----w- c:\users\Gigabyte\AppData\Roaming\IObit
2013-01-10 13:36 . 2013-02-02 13:13 -------- d-----w- c:\program files (x86)\IObit
2013-01-10 13:34 . 2013-01-10 13:34 -------- d-----w- c:\programdata\BlueSprig
2013-01-10 13:34 . 2013-01-10 13:34 -------- d-----w- c:\program files (x86)\BlueSprig
2013-01-10 13:20 . 2013-01-10 13:20 -------- d-----w- c:\users\Gigabyte\AppData\Local\Programs
2013-01-10 13:15 . 2013-01-10 13:15 -------- d-----w- c:\users\Gigabyte\AppData\Roaming\Malwarebytes
2013-01-10 13:15 . 2013-01-10 13:15 -------- d-----w- c:\programdata\Malwarebytes
2013-01-09 12:09 . 2013-01-09 12:09 -------- d-----w- c:\users\Gigabyte\AppData\Roaming\Composer
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-02 09:42 . 2012-07-14 22:01 30528 ----a-w- c:\windows\GVTDrv64.sys
2013-02-02 09:42 . 2012-07-14 22:01 25640 ----a-w- c:\windows\gdrv.sys
2013-01-09 12:26 . 2012-07-14 17:19 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 12:26 . 2012-07-14 17:19 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-11 13:53 . 2012-11-16 20:44 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-12-11 13:53 . 2012-11-16 20:44 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-09 20:34 . 2012-12-09 20:34 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2012-12-09 20:34 . 2012-12-09 20:34 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-12-09 20:34 . 2012-12-09 20:34 133632 ----a-w- c:\windows\system32\OpenAL32.dll
2012-12-09 20:34 . 2012-12-09 20:34 110592 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-11-29 19:20 . 2012-11-29 19:20 106000 ----a-w- c:\windows\system32\Packet.dll
2012-11-29 19:20 . 2012-11-29 19:20 369168 ----a-w- c:\windows\system32\wpcap.dll
2012-11-29 19:20 . 2012-11-29 19:20 35344 ----a-w- c:\windows\system32\drivers\npf.sys
2012-11-16 18:55 . 2012-11-16 18:55 2549120 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-02-20 3425688]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-12-08 969104]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 574296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-01-12 5028464]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-27 291608]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-01 90448]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-10-29 1573584]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe" [2008-11-24 237693]
"Module Loader"="c:\program files (x86)\Creative\Shared Files\Module Loader\DLLML.exe" [2007-07-23 57344]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Gigabyte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CaptureWiz.lnk - c:\program files (x86)\CaptureWiz\Pro\CaptureWiz.exe [2012-11-9 3074688]
No-IP DUC.lnk - c:\program files (x86)\No-IP\DUC30.exe [2010-6-19 1423520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-12-09 79360]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 esgiguard;esgiguard; [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-08-13 25640]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2013-02-02 30528]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-08-30 160256]
R3 MSICDSetup;MSICDSetup;E:\CDriver64.sys [x]
R3 Pcouffin64;Low level access layer for CD devices;c:\windows\system32\Drivers\pcouffin64a.sys [2012-07-14 82048]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2010-01-07 448512]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2013-01-20 42184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;ÎÏãÉ Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-20 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 iusb3hcs;ÈÑäÇãÌ ÊÔÛíá ÊÍæíá ÌåÇÒ ÊÍßã ãÖíÝ Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-27 16152]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-11-02 21616]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-04-03 224048]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-04-03 130864]
S2 AcuWVSSchedulerv8;Acunetix WVS Scheduler v8;c:\program files (x86)\Acunetix\Web Vulnerability Scanner 8\WVSScheduler.exe [2011-11-16 914568]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-11 85280]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-07-06 145008]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-01-31 3289208]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-20 378984]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-10-23 2848168]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-16 363800]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2012-01-10 27760]
S3 iusb3hub;ÈÑäÇãÌ ÊÔÛíá áæÍÉ æÕá Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-27 356120]
S3 iusb3xhc;ÈÑäÇãÌ ÊÔÛíá ÌåÇÒ ÊÍßã ãÖíÝ Intel(R) USB 3.0 ÇáÞÇÈá ááãÏ;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-27 787736]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2009-08-05 1134208]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-08-11 104560]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-01-07 448512]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-04-03 147248]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-04-03 166192]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-01-10 2184816]
S3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys [2012-01-20 205312]
S3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys [2012-01-20 254464]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 12:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VIAxHCUtl"="c:\via_xhci\usb3Monitor.exe" [2011-07-12 331776]
"Creative SB Monitoring Utility"="sbavmon.dll" [2008-12-01 103424]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\system32\blank.htm
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyServer = 119.187.148.34:8000
uInternet Settings,ProxyOverride = <local>
IE: ÊÍãíá Çáßá ÈæÇÓØÉ Internet Download Manager - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: ÊÍãíá ÈæÇÓØÉ Internet Download Manager - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: {{2d8ee268-8d7a-4996-b80b-8999ce8c7fe2} - {e327b07a-0e11-4fd4-bef2-b2c5605b59c6} -
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3C6D67F2-E8BF-4709-BA39-238CCC9BF4A5}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
DPF: {625CA666-935A-EC18-CCEC-CCE04C544730} - hxxp://chatvoice.voicef.net/talkoknew.cab
DPF: {625CA666-935A-EC18-CCEC-CCE04C544777} - hxxp://serv3.7lavoice.net/tiktik.cab
DPF: {7253A666-804A-1108-A3DC-00E04C504788} - hxxp://5.10.68.82:1990/inc/bmchat.cab
DPF: {8855A666-683F-4D45-B6F1-549188BB79C1} - hxxp://floodserver19.ksavoice1.com/bmc.cab
FF - ProfilePath - c:\users\Gigabyte\AppData\Roaming\Mozilla\Firefox\Profiles\s1f60sr8.default-1360201126740\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - ExtSQL: 2013-02-07 04:31; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-02-07 05:02:39 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-07 02:02
.
Pre-Run: 401,418,940,416 bytes free
Post-Run: 400,809,275,392 bytes free
.
- - End Of File - - A352C792CF6BBB53FDF540532D070AF5
Getsysteminfo Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.04.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Gigabyte :: GIGABYTE-PC [Administrator] 23/03/34 05:43:48 م mbam-log-2013-02-04 (17-43-48).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 220571 Laufzeit: 2 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
| Themen zu Certified-toolbar -Search Startseite Problem |
| adobe, antivir, antivirus, avast, avg, avira, bho, bonjour, certified-toolbar, defender, desktop, enigma, excel, firefox, flash player, installation, internet, internet explorer, mozilla, no-ip, object, openvpn, plug-in, problem, realtek, security, software, startseite, startseite firefox, systemcare, usb, vdeck.exe, virtualbox, visual studio, windows |
Baum-Darstellung