| Desert90 | 06.08.2012 12:32 |
Hey danke für deine schnelle Antwort
Scan gerade fertig. Hier die Ergebnisse:
OTL Logfile: Code:
OTL logfile created on: 06.08.2012 12:35:39 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Yahia\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,97 Gb Total Physical Memory | 3,26 Gb Available Physical Memory | 82,12% Memory free
7,93 Gb Paging File | 7,29 Gb Available in Paging File | 91,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,08 Gb Total Space | 52,95 Gb Free Space | 17,76% Space Free | Partition Type: NTFS
Drive D: | 9,00 Mb Total Space | 5,24 Mb Free Space | 58,27% Space Free | Partition Type: NTFS
Computer Name: YAHIA-PC | User Name: Yahia | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.08.06 12:34:05 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Yahia\Desktop\OTL.exe
PRC - [2012.05.07 07:17:38 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
========== Modules (No Company Name) ==========
MOD - [2012.07.07 20:58:02 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2012.05.07 07:17:37 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2003.07.11 02:09:28 | 000,048,192 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\1031\NSEXTINT.DLL
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.03 21:18:39 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.07.03 21:15:34 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.05.07 07:17:38 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.01.31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2012.01.19 13:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.05.15 19:29:03 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.04.01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.03.28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011.03.09 19:24:44 | 002,708,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG10\avgfws.exe -- (avgfws)
SRV - [2011.02.08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009.09.14 07:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04)
SRV - [2009.09.14 07:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008.08.13 21:59:52 | 000,100,920 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.07.13 06:15:42 | 000,303,616 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.07.13 06:15:37 | 000,035,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.05.27 19:05:26 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011.04.05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011.03.16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011.03.01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011.02.22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011.02.10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011.01.07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010.08.04 21:17:14 | 001,342,064 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010.07.12 04:34:00 | 000,057,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2010.06.25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010.05.07 12:21:50 | 000,072,320 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SCL01164.sys -- (SCL01164)
DRV:64bit: - [2010.04.29 07:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2010.03.09 05:31:06 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.10.05 16:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.09.01 14:29:56 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2009.08.27 08:07:06 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 18:15:56 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.02.17 19:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009.01.05 08:47:54 | 000,518,272 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVerAF15DMBTH64.sys -- (AVerAF15DMBTH64)
DRV:64bit: - [2008.12.26 13:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer)
DRV:64bit: - [2008.06.27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008.03.13 09:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2008.02.18 16:57:38 | 000,031,744 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2007.08.09 02:21:00 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2007.02.16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2011.07.31 01:24:22 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.08.14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2007.02.16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2003.04.04 15:07:20 | 000,030,336 | ---- | M] (Politecnico di Torino) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\npf.sys -- (NPF)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 89 CA 75 D9 CF 70 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Veoh Web Player Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/firefox"
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8312
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.8.0191
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: npfax@microgaming.co.uk:2.1.0.19
FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {95123F2A-2126-4E2F-9BCB-15AF8813D69A}:1.9.1
FF - prefs.js..extensions.enabledItems: {184AA5E6-741D-464a-820E-94B3ABC2F3B4}:1.0
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1410
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Yahia\AppData\Roaming\Move Networks\plugins\npqmp071700000016.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Yahia\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Yahia\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2012.02.04 15:14:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.07 07:17:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.25 01:40:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Yahia\AppData\Roaming\Move Networks [2010.11.13 22:59:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{95123F2A-2126-4E2F-9BCB-15AF8813D69A}: C:\Users\Yahia\AppData\Local\{95123F2A-2126-4E2F-9BCB-15AF8813D69A}\ [2011.04.14 04:53:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Yahia\AppData\Roaming\5016 [2011.06.08 20:59:45 | 000,000,000 | ---D | M]
[2009.09.22 02:44:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yahia\AppData\Roaming\mozilla\Extensions
[2012.05.05 18:11:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yahia\AppData\Roaming\mozilla\Firefox\Profiles\zazn8ty2.default\extensions
[2011.03.27 16:18:40 | 000,000,000 | ---D | M] (TradeManager-Plugin) -- C:\Users\Yahia\AppData\Roaming\mozilla\Firefox\Profiles\zazn8ty2.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}
[2009.10.16 05:29:17 | 000,000,000 | ---D | M] ("Acces") -- C:\Users\Yahia\AppData\Roaming\mozilla\Firefox\Profiles\zazn8ty2.default\extensions\acces@zign.info
[2011.05.01 15:01:09 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Yahia\AppData\Roaming\mozilla\Firefox\Profiles\zazn8ty2.default\extensions\DTToolbar@toolbarnet.com
[2010.05.03 06:00:21 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Yahia\AppData\Roaming\mozilla\Firefox\Profiles\zazn8ty2.default\extensions\firefox@tvunetworks.com
[2011.04.09 17:04:33 | 000,000,000 | ---D | M] (Flash AX Control) -- C:\Users\Yahia\AppData\Roaming\mozilla\Firefox\Profiles\zazn8ty2.default\extensions\npfax@microgaming.co.uk
[2011.06.22 14:13:14 | 000,000,933 | ---- | M] () -- C:\Users\Yahia\AppData\Roaming\Mozilla\Firefox\Profiles\zazn8ty2.default\searchplugins\conduit.xml
[2010.03.30 12:26:11 | 000,002,055 | ---- | M] () -- C:\Users\Yahia\AppData\Roaming\Mozilla\Firefox\Profiles\zazn8ty2.default\searchplugins\daemon-search.xml
[2009.11.01 17:37:12 | 000,000,694 | ---- | M] () -- C:\Users\Yahia\AppData\Roaming\Mozilla\Firefox\Profiles\zazn8ty2.default\searchplugins\icq-search.xml
[2009.12.21 03:02:17 | 000,000,961 | ---- | M] () -- C:\Users\Yahia\AppData\Roaming\Mozilla\Firefox\Profiles\zazn8ty2.default\searchplugins\icqplugin-1.xml
[2010.10.29 06:36:43 | 000,000,961 | ---- | M] () -- C:\Users\Yahia\AppData\Roaming\Mozilla\Firefox\Profiles\zazn8ty2.default\searchplugins\icqplugin-10.xml
[2010.11.02 00:01:32 | 000,000,961 | ---- | M] () -- C:\Users\Yahia\AppData\Roaming\Mozilla\Firefox\Profiles\zazn8ty2.default\searchplugins\icqplugin-11.xml
[2011.01.31 20:26:01 | 000,000,961 | ---- | M] () -- C:\Users\Yahia\AppData\Roaming\Mozilla\Firefox\Profiles\zazn8ty2.default\searchplugins\icqplugin-12.xml
[2011.03.04 06:12:35 | 000,000,950 | ---- | M] () -- C:\Users\Yahia\AppData\Roaming\Mozilla\Firefox\Profiles\zazn8ty2.default\searchplugins\icqplugin-13.xml
[2011.03.05 19:25:29 | 000,000,950 | ---- | M] () -- C:\Users\Yahia\AppData\Roaming\Mozilla\Firefox\Profiles\zazn8ty2.default\searchplugins\icqplugin-14.xml
[2011.03.23 07:47:22 | 000,000,950 | ---- | M] () -- C:\Users\Yahia\AppData\Roaming\Mozilla\Firefox\Profiles\zazn8ty2.default\searchplugins\icqplugin-15.xml
[2011.07.22 18:58:42 | 000,000,950 | ---- | M] () -- C:\Users\Yahia\AppData\Roaming\Mozilla\Firefox\Profiles\zazn8ty2.default\searchplugins\icqplugin-16.xml
[2009.12.26 01:39:18 | 000,000,961 | ---- | M] () -- C:\Users\Yahia\AppData\Roaming\Mozilla\Firefox\Profiles\zazn8ty2.default\searchplugins\icqplugin-2.xml
[2010.02.20 07:55:06 | 000,000,961 | ---- | M] () -- C:\Users\Yahia\AppData\Roaming\Mozilla\Firefox\Profiles\zazn8ty2.default\searchplugins\icqplugin-3.xml
[2010.03.30 18:53:30 | 000,000,961 | ---- | M] () -- C:\Users\Yahia\AppData\Roaming\Mozilla\Firefox\Profiles\zazn8ty2.default\searchplugins\icqplugin-4.xml
[2010.06.24 09:58:45 | 000,000,961 | ---- | M] () -- C:\Users\Yahia\AppData\Roaming\Mozilla\Firefox\Profiles\zazn8ty2.default\searchplugins\icqplugin-5.xml
[2010.07.12 16:17:23 | 000,000,961 | ---- | M] () -- C:\Users\Yahia\AppData\Roaming\Mozilla\Firefox\Profiles\zazn8ty2.default\searchplugins\icqplugin-6.xml
[2010.09.09 04:34:31 | 000,000,961 | ---- | M] () -- C:\Users\Yahia\AppData\Roaming\Mozilla\Firefox\Profiles\zazn8ty2.default\searchplugins\icqplugin-7.xml
[2010.09.19 14:37:10 | 000,000,961 | ---- | M] () -- C:\Users\Yahia\AppData\Roaming\Mozilla\Firefox\Profiles\zazn8ty2.default\searchplugins\icqplugin-8.xml
[2010.10.20 22:15:10 | 000,000,961 | ---- | M] () -- C:\Users\Yahia\AppData\Roaming\Mozilla\Firefox\Profiles\zazn8ty2.default\searchplugins\icqplugin-9.xml
[2010.06.21 17:35:24 | 000,001,042 | ---- | M] () -- C:\Users\Yahia\AppData\Roaming\Mozilla\Firefox\Profiles\zazn8ty2.default\searchplugins\icqplugin.xml
[2012.01.10 07:16:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009.09.28 15:33:50 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.10.14 14:11:14 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.09.30 04:42:19 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2012.05.07 07:17:38 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.16 15:07:09 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.16 15:07:09 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.16 15:07:09 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 15:07:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 15:07:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 15:07:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - homepage:
CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = hxxp://www.bing.com/search?setmkt=de-DE&q={searchTerms}
CHR - default_search_provider: suggest_url = hxxp://api.bing.com/osjson.aspx?query={searchTerms}&language={language}
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Yahia\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Yahia\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Yahia\AppData\Local\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Yahia\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Yahia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Yahia\AppData\Roaming\Move Networks\plugins\npqmp071700000016.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Yahia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Yahia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AVG Safe Search = C:\Users\Yahia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: Google Mail = C:\Users\Yahia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Athan] C:\Program Files (x86)\Athan\Athan.exe (www.IslamicFinder.org)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [Quran_AR] C:\Program Files (x86)\Quran_AR\Quran_AR.exe (Search Truth Technologies)
O4 - HKCU..\Run: [alquds] C:\Program Files (x86)\alquds\alquds.exe ()
O4 - HKCU..\Run: [CPN Notifier] C:\Program Files (x86)\Cake Poker 2.0\PokerNotifier.exe File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EPSON SX125 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGGE.EXE /FU "C:\Windows\TEMP\E_S6F39.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [ManyCam] C:\Program Files (x86)\ManyCam 2.4\ManyCam.exe (ManyCam LLC)
O4 - HKCU..\Run: [WcsPlugInService] C:\Users\Yahia\AppData\Local\Microsoft\Windows\2737\WcsPlugInService.exe ()
O4 - Startup: C:\Users\Yahia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Yahia\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Yahia\Desktop\PartyPoker.lnk File not found
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2328F42-55A2-4DB2-ABEB-17372DB7E223}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{67fa34f6-3b85-11df-a35e-002618b2ab41}\Shell - "" = AutoRun
O33 - MountPoints2\{67fa34f6-3b85-11df-a35e-002618b2ab41}\Shell\AutoRun\command - "" = G:\raf-dk_cc.exe
O33 - MountPoints2\{f05ebca0-2b2c-11df-9d22-002618b2ab41}\Shell - "" = AutoRun
O33 - MountPoints2\{f05ebca0-2b2c-11df-9d22-002618b2ab41}\Shell\AutoRun\command - "" = G:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {217AA629-8C1C-9A74-A039-4BE5EAE8B7B0} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {D87C5A77-D260-15BB-AF18-DFDCDB16C702} - Themes Setup
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {E9D19E7E-62FC-ADB1-E746-5C954CE4F58D} - Microsoft Windows Media Player
ActiveX: {ECDDF984-0BF0-606E-9B01-50C953AED3C0} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
========== Files/Folders - Created Within 30 Days ==========
[2012.08.06 12:33:57 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Yahia\Desktop\OTL.exe
[2012.08.06 11:45:11 | 000,000,000 | ---D | C] -- C:\Users\Yahia\Desktop\tempdata
[2012.08.06 06:55:53 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Roaming\hellomoto
[2012.08.06 01:55:40 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{0EF85470-84F8-4EE8-8EA7-2A4AA797C256}
[2012.08.06 01:55:02 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{823D09EF-7B01-497A-8B39-84A7BCC236EF}
[2012.08.05 10:30:57 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{4281CF80-34B2-4DCA-BC63-6854F7F820D2}
[2012.08.05 10:30:45 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{5FB85774-9EB9-4729-9072-A61D2FF60064}
[2012.08.05 10:30:34 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{B6409F59-9A6F-47B3-9947-C7E4E0D12699}
[2012.08.05 10:30:20 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{5FD795C9-CB0D-428A-8EB6-FAD6415349CD}
[2012.08.04 22:29:58 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{8B3EF787-0191-44B5-A421-D3511212A2E5}
[2012.08.04 22:29:45 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{355A9483-3CFD-41E0-8054-0B64D6375CFE}
[2012.08.04 10:45:50 | 000,000,000 | ---D | C] -- C:\Users\Yahia\Desktop\PPD Domination
[2012.08.04 10:29:10 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{FCE64DFD-BD63-4287-9A26-ACB55CB98467}
[2012.08.04 00:34:21 | 000,000,000 | ---D | C] -- C:\Users\Yahia\Desktop\Ds
[2012.08.03 22:21:17 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{E5D74EA4-B01A-4B24-B04B-F3B4FAB5CA00}
[2012.08.03 22:20:57 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{242A3F63-F329-4D3C-A4D0-3DF815292728}
[2012.08.03 10:20:26 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{D5F8BA63-6594-4521-A015-159DD558F360}
[2012.08.03 10:20:15 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{7C91F095-DD1F-4767-A59C-45E366172D73}
[2012.08.03 10:20:03 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{BFE3CD26-F768-476B-AB4E-035B4A226ED9}
[2012.08.03 10:19:49 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{C1523B29-ACDA-4AF7-A2F6-3156C6EC1478}
[2012.08.03 07:00:36 | 000,969,368 | ---- | C] (Babylon Ltd.) -- C:\Users\Yahia\Desktop\Babylon9_setup.exe
[2012.08.02 22:18:58 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{1288F92D-55B5-4AF7-9A51-4D642E9EEEEC}
[2012.08.02 22:18:25 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{8C170C15-BD7B-4869-8C8D-3B837A7F80E2}
[2012.08.02 22:17:53 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{A143AA08-D305-4A66-8B45-31FA238FBB42}
[2012.08.02 22:16:23 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{CCEE1E7C-DC3A-4DAC-AC2F-F65B36C9ED53}
[2012.08.02 09:47:34 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{83D6F901-C925-4728-83CA-9EC086DBEDCE}
[2012.08.02 09:47:22 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{AF286E65-F918-4921-9174-4C7146EFE66E}
[2012.08.02 09:47:10 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{25E30DF5-0C07-4AA9-93E7-0BE28EB3FFF3}
[2012.08.01 21:46:31 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{D60E127F-5F8B-445E-BE4A-A386DB250D1D}
[2012.08.01 21:46:12 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{78C5ABCE-CEB2-4646-9DAA-9636D8EB21DA}
[2012.08.01 08:26:27 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{62027000-D345-4E95-8144-74ED69682E49}
[2012.08.01 08:26:15 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{10F557E1-FEEE-4D92-AF06-65F9BA7C5FCF}
[2012.07.31 20:25:44 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{50ABB95B-3AE6-4D0C-BD47-321E718F5AED}
[2012.07.31 20:25:31 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{6399F084-FEE5-4754-8B9F-CB1BB7B8AA0A}
[2012.07.31 08:05:53 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{41437DF6-3850-4FEC-A7F8-401667E8E062}
[2012.07.31 08:05:41 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{4186686E-C9C7-4C9A-8640-1DB7F8115CB1}
[2012.07.31 08:05:29 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{B571C292-9464-439B-B4ED-D1BC256562DC}
[2012.07.30 20:02:43 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{B5C6FA8E-F2C4-4E16-A194-6D58E296430F}
[2012.07.30 08:02:12 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{75F813FC-A354-48FF-A6C6-320869583BAA}
[2012.07.30 08:01:59 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{A426854C-8EC4-40FE-988D-7F5DD602757C}
[2012.07.30 04:11:34 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Palringo
[2012.07.30 04:11:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Palringo
[2012.07.29 20:01:07 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{FD0365F9-175A-42F9-A996-3038AB8E76B7}
[2012.07.29 20:00:36 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{0BDBB420-2CF0-480C-82A7-5CE1CA41CE85}
[2012.07.29 19:59:00 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{1C646F98-F67B-439B-9EC4-22CA9A2FE261}
[2012.07.29 06:50:42 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{339A410F-D3F9-41A9-AE38-CBD20CF786A8}
[2012.07.29 06:50:30 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{A2AFE4BB-75CC-4FF2-9355-74B6DA4FFEE5}
[2012.07.29 06:50:18 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{C40CE535-6812-4CD0-A139-70013314267D}
[2012.07.29 06:50:05 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{8DAFF9E9-430E-4F59-AA02-A1C2E50551A3}
[2012.07.28 18:49:47 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{EE0E51C0-10F9-4D19-8F89-C2460C68376F}
[2012.07.28 18:49:35 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{22CA18DD-033B-4E92-BD94-BC08CAE2C3FB}
[2012.07.28 06:49:19 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{4B0405F6-B00F-486A-9E44-96A4C752C46D}
[2012.07.28 06:49:08 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{EAA3F3FA-2190-49EC-B809-1C0B3930C629}
[2012.07.28 06:48:57 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{7E5286B8-4BF4-407F-8E11-84EEA62A76BD}
[2012.07.28 06:48:45 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{1C1D81D1-380E-425E-AE88-D148F6C65581}
[2012.07.27 18:48:05 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{B4760DF6-1BC8-4403-AABB-92274F71C7B8}
[2012.07.27 18:47:00 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{A783B3E3-050C-4569-B6AF-B9DD7BB88561}
[2012.07.27 11:58:46 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{B996EB10-9BEC-4F5F-AA18-48C630530E97}
[2012.07.26 23:49:59 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{236A9098-C36B-479C-8AE6-925854E3EFFE}
[2012.07.26 23:49:45 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{B60A7FD1-D817-4D95-954F-15ED3B4B7B17}
[2012.07.26 23:46:38 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.07.26 23:43:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012.07.26 23:41:10 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012.07.26 23:40:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.07.26 23:39:35 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012.07.26 23:36:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2012.07.26 16:52:21 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{2D9F8BCF-50E6-4BE4-AA1B-B214842076F2}
[2012.07.26 16:51:52 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{FBA792FB-276D-4571-B5EB-C998DA747EE2}
[2012.07.26 16:51:36 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{DFA0D7D8-05A1-495F-9A15-82EBB9DE9C80}
[2012.07.26 16:51:04 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{E374012C-B703-4FDC-B13C-7B0CF92E388E}
[2012.07.26 02:43:38 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{D2064EC5-52BC-42E8-B4CC-09A6B6B2A50B}
[2012.07.26 02:43:26 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{25B01841-EB11-4A26-96F1-24258F0A4415}
[2012.07.25 14:42:41 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{4422EF76-F4D1-4B55-B7E5-4254C19A1D76}
[2012.07.25 14:41:11 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{C39A238A-679B-4B07-8CDE-1654BCEC174D}
[2012.07.25 02:18:10 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{DC5DA61B-3DAD-42D7-BAF3-DF2509DFD26A}
[2012.07.25 02:17:59 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{97D0D755-E2A1-4AB4-A5A0-AA96E896D67A}
[2012.07.25 02:17:47 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{8733D604-5C12-40F3-925C-CEA60B4B15F7}
[2012.07.24 14:17:05 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{45247487-4A6B-460C-AC65-5DB521B6F719}
[2012.07.24 14:16:48 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{C4B92C14-26C0-4595-AB0E-936F11093562}
[2012.07.23 16:09:49 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{85A0D449-3C82-4373-B4A8-E544168AF4B2}
[2012.07.23 16:09:38 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{BE9CA443-4D58-405F-A11D-818A0CDB4E9C}
[2012.07.23 16:09:26 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{73FBC1D0-0450-4543-AED7-7FDB5E53BA04}
[2012.07.23 16:09:15 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{69381B03-95B8-4953-9C1F-0BFBA7673A19}
[2012.07.23 04:08:48 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{C1647344-C1A0-4E22-9BCA-D681E387A0C6}
[2012.07.23 04:08:36 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{51C4D296-269C-4D69-A5CD-4841A4E68A92}
[2012.07.23 04:08:25 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{933818ED-CD77-4725-B4DC-955580D730F1}
[2012.07.23 04:08:12 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{3D2B49C4-4105-47C0-B95C-60F910AB8CE6}
[2012.07.22 16:07:58 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{06D1ED2C-F0D3-4D04-86EA-ED94AA3FC4EE}
[2012.07.22 16:07:46 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{560252A2-16E5-4EDF-B5D6-2A73ACED3BF7}
[2012.07.22 16:07:34 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{3C64B2E6-DEA5-4967-9784-3A997CF25A8A}
[2012.07.22 16:07:20 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{94910C7E-AEFF-4ED4-9C74-F106E69C26FD}
[2012.07.22 03:07:11 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{62395136-E8FD-4038-BD12-8769AC1F03E8}
[2012.07.22 03:06:59 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{446D8950-C4E6-4F6F-9B45-D74F226C67B5}
[2012.07.22 03:06:46 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{67784D1E-77E3-4636-B130-4EDD4F76C1A0}
[2012.07.22 03:06:29 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{19DE577B-D162-49EB-BD85-ED0A8365FB31}
[2012.07.21 17:48:51 | 000,000,000 | ---D | C] -- C:\Users\Yahia\Desktop\sd
[2012.07.21 15:05:14 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{5DD3FCF7-A217-44DB-94EB-7ACFE6EB747B}
[2012.07.21 06:18:26 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{9EAFE2DD-C14E-4704-AD53-95E2156E832C}
[2012.07.21 06:17:57 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{956F5994-547D-46F8-9DF9-E5B1A4C18ECA}
[2012.07.20 12:38:41 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{0123E025-F588-4B9D-BBF1-C626390319F2}
[2012.07.20 12:38:17 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{4AC9DABC-3CF6-4166-8296-C61EB2F52B8B}
[2012.07.20 12:37:58 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{D44D9390-2098-4715-98BE-46C0A5FED6A3}
[2012.07.20 12:36:58 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{7382BD5A-894E-4FCF-A573-803ED6F0AC7E}
[2012.07.19 20:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2012.07.19 13:00:50 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{166D5E31-F480-4764-8651-A2EFB1CE93E8}
[2012.07.19 13:00:39 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{44099E00-731D-471F-AA29-2EC43A40552B}
[2012.07.19 13:00:28 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{2853B45A-5101-4977-A274-BE693F1CE00F}
[2012.07.19 13:00:16 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{C39FB423-2DF1-48BF-9EA0-0B0775A8481A}
[2012.07.19 00:59:48 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{234AD9F4-B138-433D-AC79-8D3A12996646}
[2012.07.19 00:59:37 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{38726207-1422-482C-B16C-58D8C8BC2F66}
[2012.07.19 00:59:25 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{8BEE5514-71F9-4C2D-B16A-9191AB8A8A61}
[2012.07.19 00:59:12 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{1C99B0D4-5812-4334-A637-D92B58936E9B}
[2012.07.18 12:58:34 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{BABA9703-1CB9-440C-902F-B532F9905A7E}
[2012.07.18 12:57:57 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{72E6D32C-5EB2-4A42-9439-70DF63E82BA2}
[2012.07.18 01:08:25 | 000,000,000 | ---D | C] -- C:\Users\Yahia\Desktop\Quran_Complete_by_Abdul-Sammad
[2012.07.18 00:11:15 | 000,000,000 | ---D | C] -- C:\Users\Yahia\Desktop\Quran_Complete_by_Saad_Al-Ghamdi
[2012.07.18 00:07:09 | 000,000,000 | ---D | C] -- C:\Users\Yahia\Desktop\Quran_Complete_By_Al-Sudais
[2012.07.17 15:35:22 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{F91CB384-EC4A-41F9-B67B-03B1A597FC06}
[2012.07.17 15:35:10 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{97A7D110-3088-4DD3-B262-8CDC107C1CF2}
[2012.07.17 15:34:59 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{75D02C5E-D93B-49DD-BA36-CCF4BC82B670}
[2012.07.17 15:34:47 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{D2A9029D-750A-48FF-B549-F1E023412C97}
[2012.07.17 03:34:18 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{4ACBE691-4AD1-4841-B564-2F8E586F1AB0}
[2012.07.17 03:34:07 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{66905453-6128-44E6-B45F-2BC4C82B0877}
[2012.07.16 15:33:06 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{99980CAD-26F9-498B-A039-B85D7A752732}
[2012.07.16 15:32:39 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{36BCBC30-A480-46AA-8BB5-54707775BD22}
[2012.07.16 02:30:07 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{51B90EE8-3C8C-4BA8-B18F-6EF16F3F9210}
[2012.07.16 02:29:55 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{5526889E-9EFB-4A44-945C-EEA80AE0BCC4}
[2012.07.16 02:29:43 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{744A922C-5514-479C-8414-B0961A2E0ACF}
[2012.07.16 02:29:29 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{D0BFE2AA-9B66-4488-B90F-77B67CF5C1E1}
[2012.07.15 14:29:15 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{464004E5-E0C6-4930-987C-9988A695976B}
[2012.07.15 14:29:02 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{5EB07B2B-1F3B-449D-A14A-FA073DCA075C}
[2012.07.15 02:28:34 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{8FD693AB-84BD-4AFC-BA57-BE67165BCB4C}
[2012.07.15 02:28:22 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{D876108C-F362-44B3-A5BF-618112E42CAD}
[2012.07.14 14:27:45 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{262FBEC5-716C-4340-A56A-AD333C309D2C}
[2012.07.14 14:27:33 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{6D4EB43A-EDF7-4458-BC57-A3D1FD456C94}
[2012.07.14 14:27:22 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{2E69B23B-B4B4-4524-A9DF-13F3BA22DB13}
[2012.07.14 14:27:09 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{B690F67D-35D2-480F-BE3C-E96385192970}
[2012.07.14 12:34:58 | 000,000,000 | ---D | C] -- C:\Users\Yahia\Desktop\CloneCD 5.3.1.4 Final.Crack
[2012.07.14 10:53:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft
[2012.07.14 02:26:40 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{046C8A56-3878-4AFF-B54B-5F58238F1568}
[2012.07.14 02:26:28 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{D8F8C2F5-B6BC-4E0F-A9F0-0BEFC39C0230}
[2012.07.14 02:26:15 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{4CC835D1-3459-4FA6-8560-81201D687BF3}
[2012.07.14 02:26:01 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{B76F275E-C599-4D92-85F3-03E16977AD71}
[2012.07.13 14:25:43 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{65C7DF0F-53B0-437B-84B8-F20DE8A32BA6}
[2012.07.13 14:25:28 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{ECAED802-D313-4549-B8AD-52118CFE3227}
[2012.07.13 14:25:13 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{70EA2673-3D7A-4C46-8AC0-2F29A7D5CCA3}
[2012.07.13 14:24:29 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{B81011CF-7016-4D37-8A76-65CE7E8B90A6}
[2012.07.13 02:23:50 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{038B4604-8E1C-40F7-8833-B8954299D025}
[2012.07.13 02:23:29 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{BCDEDB82-778F-47E3-82D2-70886E853C27}
[2012.07.13 02:23:17 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{47E24C52-9CFD-4C4F-AF3A-97DFB9AC34C1}
[2012.07.13 02:23:00 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{5ADFB1C9-00BE-448D-9E41-0E24D0F62731}
[2012.07.12 21:19:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2012.07.12 14:22:41 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{D26D63F4-56CA-490D-985A-CE59DC3654E1}
[2012.07.12 14:22:27 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{4AC56F13-5DBF-4310-88AA-145BF9FF65E8}
[2012.07.12 14:22:15 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{BE6D6BAF-9D4C-4435-96E4-7E7ED475BA17}
[2012.07.12 14:22:01 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{07D2FCAB-43D4-45C2-81BB-3A5DA9781354}
[2012.07.12 14:21:48 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{5576951B-69FD-4810-B4E3-83F3EEF0A950}
[2012.07.12 14:07:32 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{42D18238-F56B-4F4F-ABB3-02D457EDECD5}
[2012.07.12 13:46:48 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{2FD5F4B8-EDD0-4A0D-A057-9C4554025334}
[2012.07.11 20:51:49 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{C280B903-453B-4BC3-B869-AA0F80073AB8}
[2012.07.11 20:51:20 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{7479A320-6498-4D83-AA9B-B4E2E93689C4}
[2012.07.11 20:50:55 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{77EF14B2-7A0A-4566-878F-9B3D55CFA25B}
[2012.07.11 06:51:50 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{92E4C855-AC95-416A-BA92-686DC7498634}
[2012.07.11 06:51:37 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{0BAA9EEB-95C6-4738-AF8B-8D0CA5FFC4B0}
[2012.07.11 06:51:25 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{1D0268E4-EB4C-438F-9D5E-288204993317}
[2012.07.11 06:51:08 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{7F5285FF-5F35-4A85-819B-763ED64840E0}
[2012.07.10 19:44:17 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Roaming\XBMC
[2012.07.10 19:39:40 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XBMC
[2012.07.10 19:39:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XBMC
[2012.07.10 17:59:01 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{A8839F81-0F0B-4B02-BF76-45D39C02349F}
[2012.07.10 17:57:37 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{7C6DFDE0-6EE9-4592-8478-8ACBB8EA4A86}
[2012.07.09 17:58:25 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{A81815AC-C417-4BC3-BD4B-49398319CB4D}
[2012.07.09 17:58:13 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{405B1AAD-EBDF-429F-B36F-8E766AD4676C}
[2012.07.09 17:58:01 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{649B3ABA-E275-4B7B-81BD-15AB90E8844A}
[2012.07.09 17:57:48 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{EDECA624-2603-4544-821F-365DB1438859}
[2012.07.09 04:54:31 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{DFBB16DC-1044-4904-AE21-0C461DFF5C67}
[2012.07.09 04:54:19 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{44432D08-C21B-4151-872D-90B36C16738F}
[2012.07.09 04:54:07 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{A3B5D7B5-BCC2-48AC-9EA7-54459AC6A73D}
[2012.07.08 16:53:37 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{722AC631-6E20-460D-AD51-DA708BA51DCE}
[2012.07.08 16:53:10 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{5E3B9E72-6630-4046-81E7-D5E3D330C000}
[2012.07.08 03:16:08 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{D431A7BE-1A0A-470D-897A-02BA69509112}
[2012.07.08 03:15:56 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{58AE1222-2AE2-4593-B751-A4CCF8E9F917}
[2012.07.08 03:15:45 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{9CC61A9A-07B4-4EC1-A061-517C3F699993}
[2012.07.08 03:15:33 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{4D71CA1A-6274-44B9-8964-062D99ADD58F}
[2012.07.07 15:14:55 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{47403F87-7CD8-4C84-BD1B-C53DECEBB61C}
[2012.07.07 15:14:02 | 000,000,000 | ---D | C] -- C:\Users\Yahia\AppData\Local\{79D21C90-F86F-41CD-9CCA-B254E1A964D7}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Yahia\AppData\Roaming\*.tmp files -> C:\Users\Yahia\AppData\Roaming\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.08.06 12:34:05 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Yahia\Desktop\OTL.exe
[2012.08.06 12:29:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.06 12:28:56 | 3193,769,984 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.06 12:24:31 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.06 11:32:08 | 000,009,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.06 11:32:07 | 000,009,776 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.06 11:31:35 | 103,105,639 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.08.06 06:58:03 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.06 06:46:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-799653249-3173222804-4025605599-1001UA.job
[2012.08.06 04:16:34 | 000,521,709 | ---- | M] () -- C:\Users\Yahia\Desktop\yahia2222.jpg
[2012.08.06 02:57:23 | 000,022,145 | ---- | M] () -- C:\Users\Yahia\Desktop\me.jpg
[2012.08.05 13:38:12 | 000,566,478 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012.08.05 07:46:03 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-799653249-3173222804-4025605599-1001Core.job
[2012.08.04 11:43:04 | 000,053,647 | ---- | M] () -- C:\Users\Yahia\Desktop\Karma.eBay.pdf
[2012.08.04 10:45:23 | 000,696,284 | ---- | M] () -- C:\Users\Yahia\Desktop\PPD Domination.rar
[2012.08.03 07:00:38 | 000,969,368 | ---- | M] (Babylon Ltd.) -- C:\Users\Yahia\Desktop\Babylon9_setup.exe
[2012.08.02 22:25:21 | 000,002,449 | ---- | M] () -- C:\Users\Yahia\Desktop\Google Chrome.lnk
[2012.07.31 22:22:16 | 000,442,512 | ---- | M] () -- C:\Users\Yahia\Desktop\IMG_20120731_210415.jpg
[2012.07.29 20:03:42 | 000,234,993 | ---- | M] () -- C:\Users\Yahia\Desktop\Earn money with tumblr porn blog Easy and Fun.pdf
[2012.07.29 09:39:33 | 003,180,146 | ---- | M] () -- C:\Users\Yahia\Desktop\Google_Images.pdf
[2012.07.28 20:31:24 | 000,445,009 | ---- | M] () -- C:\Users\Yahia\Desktop\IMG_20120514_154539.jpg
[2012.07.28 02:55:53 | 000,014,462 | ---- | M] () -- C:\Users\Yahia\Desktop\521969_177598859027788_1204092112_n.jpg
[2012.07.27 05:35:55 | 000,004,536 | ---- | M] () -- C:\Users\Yahia\Desktop\p.jpg
[2012.07.26 08:04:36 | 000,103,265 | ---- | M] () -- C:\Users\Yahia\Desktop\weenies_failproof_method.pdf
[2012.07.26 07:22:23 | 000,014,780 | ---- | M] () -- C:\Users\Yahia\Desktop\336840422.jpg
[2012.07.24 01:30:47 | 000,062,671 | ---- | M] () -- C:\Users\Yahia\Desktop\IMG-20120717-WA0003.jpg
[2012.07.22 11:43:18 | 1201,871,052 | ---- | M] () -- C:\Users\Yahia\Desktop\Quran_Complete_By_Al-Sudais.rar
[2012.07.22 04:17:08 | 2615,315,353 | ---- | M] () -- C:\Users\Yahia\Desktop\Quran_Complete_by_Abdul-Sammad.rar
[2012.07.21 20:16:18 | 000,000,501 | ---- | M] () -- C:\Users\Yahia\Desktop\import.REG
[2012.07.21 19:12:23 | 3402,956,854 | ---- | M] () -- C:\Users\Yahia\Desktop\Sar.rar
[2012.07.21 17:20:38 | 1051,286,133 | ---- | M] () -- C:\Users\Yahia\Desktop\sarah.rar
[2012.07.21 17:11:04 | 000,020,313 | ---- | M] () -- C:\Users\Yahia\Desktop\DSC16367854.jpg
[2012.07.18 02:16:26 | 2846,592,934 | ---- | M] () -- C:\Users\Yahia\Desktop\Quran_Complete_by_Saad_Al-Ghamdi.rar
[2012.07.17 02:42:33 | 000,036,876 | ---- | M] () -- C:\Users\Yahia\Desktop\ane.jpg
[2012.07.15 14:25:08 | 000,141,068 | ---- | M] () -- C:\Users\Yahia\Desktop\penis.jpg
[2012.07.14 10:53:55 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\CloneCD.lnk
[2012.07.14 01:40:23 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.14 01:32:11 | 000,000,048 | ---- | M] () -- C:\Users\Yahia\AppData\Local\YAHIA-PC.cfg
[2012.07.13 06:15:42 | 000,303,616 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2012.07.13 06:15:37 | 000,035,328 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2012.07.12 21:19:36 | 000,001,865 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2012.07.12 14:13:36 | 002,916,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.11 15:13:54 | 000,040,185 | ---- | M] () -- C:\Users\Yahia\Desktop\buli.jpg
[2012.07.09 18:34:35 | 001,002,344 | ---- | M] () -- C:\Users\Yahia\Desktop\img022.jpg
[2012.07.09 18:10:33 | 001,037,769 | ---- | M] () -- C:\Users\Yahia\Desktop\img021.jpg
[2012.07.07 21:27:34 | 000,021,493 | ---- | M] () -- C:\Users\Yahia\Desktop\pic.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Yahia\AppData\Roaming\*.tmp files -> C:\Users\Yahia\AppData\Roaming\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.08.06 04:16:33 | 000,521,709 | ---- | C] () -- C:\Users\Yahia\Desktop\yahia2222.jpg
[2012.08.06 02:53:42 | 000,022,145 | ---- | C] () -- C:\Users\Yahia\Desktop\me.jpg
[2012.08.04 11:43:01 | 000,053,647 | ---- | C] () -- C:\Users\Yahia\Desktop\Karma.eBay.pdf
[2012.08.04 10:45:11 | 000,696,284 | ---- | C] () -- C:\Users\Yahia\Desktop\PPD Domination.rar
[2012.07.31 22:22:10 | 000,442,512 | ---- | C] () -- C:\Users\Yahia\Desktop\IMG_20120731_210415.jpg
[2012.07.29 20:03:36 | 000,234,993 | ---- | C] () -- C:\Users\Yahia\Desktop\Earn money with tumblr porn blog Easy and Fun.pdf
[2012.07.29 09:37:38 | 003,180,146 | ---- | C] () -- C:\Users\Yahia\Desktop\Google_Images.pdf
[2012.07.28 20:31:18 | 000,445,009 | ---- | C] () -- C:\Users\Yahia\Desktop\IMG_20120514_154539.jpg
[2012.07.28 02:56:16 | 000,014,462 | ---- | C] () -- C:\Users\Yahia\Desktop\521969_177598859027788_1204092112_n.jpg
[2012.07.27 05:35:50 | 000,004,536 | ---- | C] () -- C:\Users\Yahia\Desktop\p.jpg
[2012.07.26 23:44:33 | 000,001,265 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012.07.26 23:43:34 | 000,001,334 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012.07.26 23:42:13 | 000,001,418 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012.07.26 08:04:33 | 000,103,265 | ---- | C] () -- C:\Users\Yahia\Desktop\weenies_failproof_method.pdf
[2012.07.26 07:22:19 | 000,014,780 | ---- | C] () -- C:\Users\Yahia\Desktop\336840422.jpg
[2012.07.24 01:30:42 | 000,062,671 | ---- | C] () -- C:\Users\Yahia\Desktop\IMG-20120717-WA0003.jpg
[2012.07.22 04:21:43 | 1201,871,052 | ---- | C] () -- C:\Users\Yahia\Desktop\Quran_Complete_By_Al-Sudais.rar
[2012.07.22 03:40:34 | 2615,315,353 | ---- | C] () -- C:\Users\Yahia\Desktop\Quran_Complete_by_Abdul-Sammad.rar
[2012.07.21 20:16:18 | 000,000,501 | ---- | C] () -- C:\Users\Yahia\Desktop\import.REG
[2012.07.21 18:34:42 | 3402,956,854 | ---- | C] () -- C:\Users\Yahia\Desktop\Sar.rar
[2012.07.21 17:46:41 | 003,182,498 | ---- | C] () -- C:\Users\Yahia\Documents\souria ya 7abebaty.mp3
[2012.07.21 17:11:45 | 1051,286,133 | ---- | C] () -- C:\Users\Yahia\Desktop\sarah.rar
[2012.07.21 17:11:04 | 000,020,313 | ---- | C] () -- C:\Users\Yahia\Desktop\DSC16367854.jpg
[2012.07.18 01:39:37 | 2846,592,934 | ---- | C] () -- C:\Users\Yahia\Desktop\Quran_Complete_by_Saad_Al-Ghamdi.rar
[2012.07.17 02:42:33 | 000,036,876 | ---- | C] () -- C:\Users\Yahia\Desktop\ane.jpg
[2012.07.15 14:25:08 | 000,141,068 | ---- | C] () -- C:\Users\Yahia\Desktop\penis.jpg
[2012.07.14 10:53:55 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\CloneCD.lnk
[2012.07.14 10:37:41 | 000,000,296 | ---- | C] () -- C:\Key.CloneCD
[2012.07.14 01:32:11 | 000,000,048 | ---- | C] () -- C:\Users\Yahia\AppData\Local\YAHIA-PC.cfg
[2012.07.12 21:19:36 | 000,001,865 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2012.07.12 21:19:35 | 000,001,877 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2012.07.11 15:13:54 | 000,040,185 | ---- | C] () -- C:\Users\Yahia\Desktop\buli.jpg
[2012.07.09 18:12:40 | 001,002,344 | ---- | C] () -- C:\Users\Yahia\Desktop\img022.jpg
[2012.07.09 18:07:03 | 001,037,769 | ---- | C] () -- C:\Users\Yahia\Desktop\img021.jpg
[2012.07.07 21:27:34 | 000,021,493 | ---- | C] () -- C:\Users\Yahia\Desktop\pic.jpg
[2012.01.03 09:28:06 | 002,570,286 | ---- | C] () -- C:\Windows\SysWow64\abgx360.exe
[2011.09.09 18:27:47 | 000,000,001 | ---- | C] () -- C:\ProgramData\flagposition.out
[2011.08.05 02:03:43 | 000,290,816 | ---- | C] () -- C:\Windows\SysWow64\nmapserv.exe
[2011.08.05 02:03:42 | 000,452,096 | ---- | C] () -- C:\Windows\SysWow64\nmap.exe
[2011.07.22 13:29:06 | 000,097,160 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011.06.09 04:17:09 | 000,000,013 | ---- | C] () -- C:\Users\Yahia\AppData\Roaming\urhtps.dat
[2011.04.14 04:53:49 | 000,000,120 | ---- | C] () -- C:\Users\Yahia\AppData\Local\Gwiloguqu.dat
[2011.04.14 04:53:49 | 000,000,000 | ---- | C] () -- C:\Users\Yahia\AppData\Local\Xjetafo.bin
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.02.25 21:26:25 | 000,105,292 | ---- | C] () -- C:\Windows\restart.exe
[2010.09.01 00:12:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.07.08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe
[2009.12.20 12:19:09 | 000,001,587 | ---- | C] () -- C:\Users\Yahia\.recently-used.xbel
[2009.11.17 23:08:48 | 000,000,123 | ---- | C] () -- C:\Users\Yahia\AppData\Roaming\burnaware.ini
[2009.11.03 08:04:10 | 000,011,264 | ---- | C] () -- C:\Users\Yahia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002.07.01 16:13:30 | 000,000,243 | -HS- | C] () -- C:\ProgramData\system16driver.dat
========== LOP Check ==========
[2009.10.16 05:53:08 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\.ABC
[2010.06.03 23:32:01 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\4BF6A55B4842BB8C1B483A5DF7A54EAC
[2011.06.08 20:59:45 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\5016
[2012.07.13 21:43:02 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\abgx360
[2011.07.20 18:19:10 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\Abolnu
[2011.04.23 14:40:33 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\Absolute Poker
[2011.07.29 07:48:27 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\AVG10
[2010.11.12 00:43:25 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\Avnex
[2009.09.27 05:56:13 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\Betraiser
[2011.07.22 13:36:39 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\BitDefender
[2012.07.13 06:31:52 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\BOM
[2012.02.17 21:35:03 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\CasinoOnNet
[2010.03.30 12:27:40 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\DAEMON Tools Lite
[2010.03.09 05:40:57 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\DAEMON Tools Pro
[2009.09.24 00:27:18 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\DeepBurner
[2011.12.11 20:00:38 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\EPSON
[2011.06.12 22:57:35 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\ESET
[2012.07.22 11:32:06 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\FileZilla
[2010.08.25 10:05:37 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\Foxit Software
[2009.12.20 12:19:15 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\gtk-2.0
[2012.08.06 06:56:04 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\hellomoto
[2012.08.02 22:41:35 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\ICQ
[2009.12.10 00:31:05 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\ImgBurn
[2009.09.24 20:21:17 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\IrfanView
[2011.06.08 20:59:31 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\kock
[2009.12.22 02:48:44 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\Leadertech
[2012.06.18 16:47:58 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\Lern-o-Mat
[2011.01.31 18:50:12 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\ManyCam
[2009.11.17 20:57:26 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\MessengerDiscovery 2
[2011.04.08 18:39:59 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\Microgaming
[2011.05.05 13:32:48 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\mkvtoolnix
[2011.10.27 03:35:25 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\Notepad++
[2009.10.29 00:01:58 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\OpenOffice.org
[2011.12.23 21:32:12 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\PacificPoker
[2010.09.09 04:56:08 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\Paltalk
[2011.07.31 01:27:15 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\PC Suite
[2009.10.17 00:39:32 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\Pharaohs Secret
[2011.04.05 22:47:12 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\pokerth
[2011.07.22 13:30:00 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\QuickScan
[2011.08.28 21:57:39 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\Samsung
[2010.05.20 10:33:23 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\ScummVM
[2010.12.05 17:32:05 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\SlySoft
[2010.02.21 10:36:26 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\Sony
[2010.02.21 10:32:46 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\Sony Setup
[2011.04.22 13:52:20 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\SparVoip
[2010.03.30 11:57:51 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\Sports Interactive
[2009.10.13 03:08:45 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\StoneLoops
[2010.07.10 18:03:13 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\SYBEX.eurofahrschule2010.DEA6744BBD64092B439DF6F6F66EE152DA36E9C6.1
[2012.01.21 23:10:50 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\TeamViewer
[2010.08.16 14:30:45 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\temp
[2010.07.22 15:12:15 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\Tific
[2011.06.08 21:43:01 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\UAs
[2012.07.19 01:13:41 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\uTorrent
[2010.12.01 02:38:07 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\VoipBuster
[2010.12.01 02:50:59 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\VoipCheapCom
[2010.03.01 14:33:09 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\VoipStunt
[2010.01.23 10:34:29 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\Weaverslave
[2011.07.20 18:25:30 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\Wobo
[2012.07.10 20:04:49 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\XBMC
[2011.10.18 20:03:52 | 000,000,000 | ---D | M] -- C:\Users\Yahia\AppData\Roaming\xmldm
[2012.03.16 17:49:38 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2011.07.31 01:49:20 | 000,000,000 | -H-D | M] -- C:\$AVG
[2010.04.03 01:25:35 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.12.26 01:02:39 | 000,000,000 | ---D | M] -- C:\Betfair JPC
[2009.09.22 12:29:53 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.03.12 21:56:27 | 000,000,000 | ---D | M] -- C:\Casino
[2012.07.30 06:44:05 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.09.22 02:39:49 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.06.10 17:50:26 | 000,000,000 | -HSD | M] -- C:\found.000
[2009.09.22 23:55:12 | 000,000,000 | ---D | M] -- C:\Intel
[2012.02.20 17:13:59 | 000,000,000 | ---D | M] -- C:\Microgaming
[2011.08.01 11:17:04 | 000,000,000 | ---D | M] -- C:\Nexon
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2010.01.23 10:34:14 | 000,000,000 | ---D | M] -- C:\phpkid
[2012.06.28 20:34:00 | 000,000,000 | ---D | M] -- C:\Poker
[2011.04.23 14:37:35 | 000,000,000 | ---D | M] -- C:\Poker Application
[2012.08.06 11:30:30 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.08.05 10:45:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2012.07.09 16:22:40 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.09.22 02:39:49 | 000,000,000 | -HSD | M] -- C:\Programme
[2009.10.13 06:56:01 | 000,000,000 | ---D | M] -- C:\Programs
[2009.09.22 02:39:50 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.03.13 18:19:32 | 000,000,000 | ---D | M] -- C:\RedKings JPC
[2010.07.22 01:32:51 | 000,000,000 | ---D | M] -- C:\SIERRA
[2012.07.28 01:10:50 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.12.05 04:04:39 | 000,000,000 | ---D | M] -- C:\Team17
[2011.06.07 16:53:35 | 000,000,000 | ---D | M] -- C:\Temp
[2009.11.09 02:32:05 | 000,000,000 | R--D | M] -- C:\Users
[2010.02.15 04:18:42 | 000,000,000 | ---D | M] -- C:\usf
[2011.01.02 09:18:12 | 000,000,000 | ---D | M] -- C:\UT2004
[2012.07.26 23:46:38 | 000,000,000 | ---D | M] -- C:\Windows
< %PROGRAMFILES%\*.exe >
< %LOCALAPPDATA%\*.exe >
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: IASTORV.SYS >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: USER32.DLL >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %USERPROFILE%\*.* >
[2009.12.20 12:19:09 | 000,001,587 | ---- | M] () -- C:\Users\Yahia\.recently-used.xbel
[2012.08.06 12:39:49 | 010,223,616 | -HS- | M] () -- C:\Users\Yahia\NTUSER.DAT
[2012.08.06 12:39:49 | 000,262,144 | -HS- | M] () -- C:\Users\Yahia\ntuser.dat.LOG1
[2009.09.22 02:40:12 | 000,000,000 | -HS- | M] () -- C:\Users\Yahia\ntuser.dat.LOG2
[2009.09.22 02:59:07 | 000,065,536 | -HS- | M] () -- C:\Users\Yahia\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2009.09.22 02:59:07 | 000,524,288 | -HS- | M] () -- C:\Users\Yahia\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2009.09.22 02:59:07 | 000,524,288 | -HS- | M] () -- C:\Users\Yahia\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2009.09.22 02:40:12 | 000,000,020 | -HS- | M] () -- C:\Users\Yahia\ntuser.ini
[2011.09.20 17:04:20 | 000,000,000 | ---- | M] () -- C:\Users\Yahia\Sti_Trace.log
< %USERPROFILE%\Local Settings\Temp\*.exe >
< %USERPROFILE%\Local Settings\Temp\*.dll >
< %USERPROFILE%\Application Data\*.exe >
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
========== Files - Unicode (All) ==========
[2012.04.27 22:51:49 | 000,000,076 | ---- | M] ()(C:\Users\Yahia\Desktop\???? ??? ???.html) -- C:\Users\Yahia\Desktop\رامز ابو خرا.html
[2012.02.27 00:04:13 | 000,000,076 | ---- | C] ()(C:\Users\Yahia\Desktop\???? ??? ???.html) -- C:\Users\Yahia\Desktop\رامز ابو خرا.html
[2011.11.18 21:05:46 | 000,480,056 | ---- | M] ()(C:\Users\Yahia\Desktop\×× ????? ????????? × ??? Pa?Äs?????s?? × 4 × ?v?? ×&´?? × ?o?g?? ×××_18_11_2011@20_04_55.wav) -- C:\Users\Yahia\Desktop\×× عمران الفلسطيني × ∂έя PαζÄsтιиέиsέя × 4 × э√эя ×&´и∂ × ζoиgέя ×××_18_11_2011@20_04_55.wav
[2011.11.18 21:05:46 | 000,480,056 | ---- | C] ()(C:\Users\Yahia\Desktop\×× ????? ????????? × ??? Pa?Äs?????s?? × 4 × ?v?? ×&´?? × ?o?g?? ×××_18_11_2011@20_04_55.wav) -- C:\Users\Yahia\Desktop\×× عمران الفلسطيني × ∂έя PαζÄsтιиέиsέя × 4 × э√эя ×&´и∂ × ζoиgέя ×××_18_11_2011@20_04_55.wav
[2011.01.05 13:44:20 | 000,473,656 | ---- | M] ()(C:\Users\Yahia\Documents\×× ????? ????????? × ??? Pa?Äs?????s?? × 4 × ?v?? ×&´?? × ?o?g?? ×××_05_01_2011@12_28_23.wav) -- C:\Users\Yahia\Documents\×× عمران الفلسطيني × ∂έя PαζÄsтιиέиsέя × 4 × э√эя ×&´и∂ × ζoиgέя ×××_05_01_2011@12_28_23.wav
[2011.01.05 13:44:20 | 000,473,656 | ---- | C] ()(C:\Users\Yahia\Documents\×× ????? ????????? × ??? Pa?Äs?????s?? × 4 × ?v?? ×&´?? × ?o?g?? ×××_05_01_2011@12_28_23.wav) -- C:\Users\Yahia\Documents\×× عمران الفلسطيني × ∂έя PαζÄsтιиέиsέя × 4 × э√эя ×&´и∂ × ζoиgέя ×××_05_01_2011@12_28_23.wav
[2011.01.05 13:44:13 | 000,416,056 | ---- | M] ()(C:\Users\Yahia\Documents\×× ????? ????????? × ??? Pa?Äs?????s?? × 4 × ?v?? ×&´?? × ?o?g?? ×××_05_01_2011@12_35_12.wav) -- C:\Users\Yahia\Documents\×× عمران الفلسطيني × ∂έя PαζÄsтιиέиsέя × 4 × э√эя ×&´и∂ × ζoиgέя ×××_05_01_2011@12_35_12.wav
[2011.01.05 13:44:13 | 000,416,056 | ---- | C] ()(C:\Users\Yahia\Documents\×× ????? ????????? × ??? Pa?Äs?????s?? × 4 × ?v?? ×&´?? × ?o?g?? ×××_05_01_2011@12_35_12.wav) -- C:\Users\Yahia\Documents\×× عمران الفلسطيني × ∂έя PαζÄsтιиέиsέя × 4 × э√эя ×&´и∂ × ζoиgέя ×××_05_01_2011@12_35_12.wav
========== Alternate Data Streams ==========
@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Cake Poker 2.0:MID
< End of report >
--- --- ---
Die Extra Logfile ist irgendwie verschwunden und ich finde die nicht mehr -.-
Ist sie denn notwendig oder reicht das erstmal?
Kann man die irgendwo wiederfinden? |
