| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Mahnungsemail mit Rechnung im Anhang, das öffnen des Anhangs ist fehlgeschlagen, und durch scan habe ich 15 mit trojaner infizierte objekte.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.03.2013, 00:47
| #1 |
 |  Mahnungsemail mit Rechnung im Anhang, das öffnen des Anhangs ist fehlgeschlagen, und durch scan habe ich 15 mit trojaner infizierte objekte. Hallo habe am 12.03.13 eine mahnungs email bekommen mit der aufforderung einen hohen betrag an eine mir unbekannte person zu zahlen, es stand aber keine kontonummer oder bankleitzahl dabei, es stand nur man sollte den anhang öffnen da würde dann weiteres erläutert werden. Habe den Anhang gedownloadede und konnte ihn anschließend nicht öffnen, mein pc hat nur angefangen zu spinnen, firefox reagiert gar nicht mehr... bin dann zufällig bei googeln meines problems über die rechnung, auf diese seite gekommen und habe gleich einen scan mit dem empfohlenen malware bytes programm durgeführt. Herausgekommen dabei wurden 15 durch trojaner infizierte objekte auf meinem pc angezeigt, habe den bericht dazu wie empholen kopiert. HIer ist er : Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.12.10 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 majdi ameni elvira :: MAJDIAMENIELVIR [Administrator] Schutz: Aktiviert 13.03.2013 00:29:51 mbam-log-2013-03-13 (00-29-51).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 205997 Laufzeit: 3 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|knzmwzkc (Trojan.Ransom.ED) -> Daten: C:\Users\majdi ameni elvira\Sbblisr\nnnsznswzkc.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|KB00430485.exe (Trojan.Agent.KBGen) -> Daten: "C:\Users\majdi ameni elvira\AppData\Roaming\KB00430485.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 13 C:\Users\majdi ameni elvira\Downloads\mplayer_Setup.exe (PUP.Bundle.Installer.OI) -> Keine Aktion durchgeführt. C:\Users\majdi ameni elvira\Sbblisr\nnnsznswzkc.exe (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\majdi ameni elvira\AppData\Local\Temp\dootxjffdo.pre (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\majdi ameni elvira\AppData\Local\Temp\dtdqonxojf.pre (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\majdi ameni elvira\AppData\Local\Temp\eggupgapvu.pre (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\majdi ameni elvira\AppData\Local\Temp\njjjddntdj.pre (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\majdi ameni elvira\AppData\Local\Temp\qttqxfodtq.pre (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\majdi ameni elvira\AppData\Local\Temp\rsszhrsblr.pre (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\majdi ameni elvira\AppData\Local\Temp\rsszlrhzni.pre (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\majdi ameni elvira\AppData\Local\Temp\sirbznbsil.pre (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\majdi ameni elvira\AppData\Local\Temp\vgpeglvagp.pre (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\majdi ameni elvira\AppData\Local\Temp\Temp2_Mahnung vom 12.03.2013.zip\Mahnung vom 12.03.2013.com (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\majdi ameni elvira\Downloads\tuto_firefox.exe (Trojan.Eorezo) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Hoffe mir kann jemand beim bereinigen helfen, da ich kaum plan habe mit pc und system und so weiter, würde am liebsten eigentlich meinen pc ganz platt machen, er spinnt schon seit langem..Vielen dank im vorraus. |
|
13.03.2013, 14:43
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Mahnungsemail mit Rechnung im Anhang, das öffnen des Anhangs ist fehlgeschlagen, und durch scan habe ich 15 mit trojaner infizierte objekte. Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
14.03.2013, 01:08
| #3 |
| | Mahnungsemail mit Rechnung im Anhang, das öffnen des Anhangs ist fehlgeschlagen, und durch scan habe ich 15 mit trojaner infizierte objekte. hi, ok also das tut mir echt leid aber ich muss jetzt ein paar dumme fragen zuerst stellen...ich bin auch nur ne frau ohne jegliche technik kenntnisse...soo also logfile wääre dann was??! dieser bericht vom virusscan ?? und nein ich hab nur diesen scan vom malwarebytes Anti-Malware gemacht und bei meiner frage reinkopiert..
__________________und warum verschicken die leute so viren..was bringt das denen?? haben die damit zugriff auf meine daten??   und soll ich dann jetzt im die logfiles in eine codebox reinpacken?? un was heißt klicke im EDITOR auf das # symbol. Es erscheinen zwei Klammerausdrücke . und was ist ein curser? und welche codetags? es tut mir echt leid ich hab echt kein plan grade...  Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.12.10 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 majdi ameni elvira :: MAJDIAMENIELVIR [Administrator] Schutz: Aktiviert 13.03.2013 00:29:51 mbam-log-2013-03-13 (00-29-51).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 205997 Laufzeit: 3 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|knzmwzkc (Trojan.Ransom.ED) -> Daten: C:\Users\majdi ameni elvira\Sbblisr\nnnsznswzkc.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|KB00430485.exe (Trojan.Agent.KBGen) -> Daten: "C:\Users\majdi ameni elvira\AppData\Roaming\KB00430485.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 13 C:\Users\majdi ameni elvira\Downloads\mplayer_Setup.exe (PUP.Bundle.Installer.OI) -> Keine Aktion durchgeführt. C:\Users\majdi ameni elvira\Sbblisr\nnnsznswzkc.exe (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\majdi ameni elvira\AppData\Local\Temp\dootxjffdo.pre (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\majdi ameni elvira\AppData\Local\Temp\dtdqonxojf.pre (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\majdi ameni elvira\AppData\Local\Temp\eggupgapvu.pre (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\majdi ameni elvira\AppData\Local\Temp\njjjddntdj.pre (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\majdi ameni elvira\AppData\Local\Temp\qttqxfodtq.pre (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\majdi ameni elvira\AppData\Local\Temp\rsszhrsblr.pre (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\majdi ameni elvira\AppData\Local\Temp\rsszlrhzni.pre (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\majdi ameni elvira\AppData\Local\Temp\sirbznbsil.pre (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\majdi ameni elvira\AppData\Local\Temp\vgpeglvagp.pre (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\majdi ameni elvira\AppData\Local\Temp\Temp2_Mahnung vom 12.03.2013.zip\Mahnung vom 12.03.2013.com (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\majdi ameni elvira\Downloads\tuto_firefox.exe (Trojan.Eorezo) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.13.07 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 majdi ameni elvira :: MAJDIAMENIELVIR [Administrator] Schutz: Aktiviert 14.03.2013 01:26:43 mbam-log-2013-03-14 (01-26-43).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 205700 Laufzeit: 2 Minute(n), 36 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\majdi ameni elvira\Downloads\mplayer_Setup.exe (PUP.Bundle.Installer.OI) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter 2013/03/13 00:29:05 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE Starting protection
2013/03/13 00:29:05 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE Protection started successfully
2013/03/13 00:29:05 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE Starting IP protection
2013/03/13 00:29:07 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE IP Protection started successfully
2013/03/13 00:29:25 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE Starting database refresh
2013/03/13 00:29:25 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE Stopping IP protection
2013/03/13 00:29:25 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE IP Protection stopped successfully
2013/03/13 00:29:29 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE Database refreshed successfully
2013/03/13 00:29:30 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE Starting IP protection
2013/03/13 00:29:36 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE IP Protection started successfully
2013/03/13 00:29:38 +0100 MAJDIAMENIELVIR majdi ameni elvira DETECTION C:\Users\majdi ameni elvira\AppData\Roaming\KB00430485.exe Trojan.Agent.Gen QUARANTINE
2013/03/13 00:29:43 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE Starting database refresh
2013/03/13 00:29:43 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE Stopping IP protection
2013/03/13 00:29:44 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE IP Protection stopped successfully
2013/03/13 00:29:46 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE Database refreshed successfully
2013/03/13 00:29:46 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE Starting IP protection
2013/03/13 00:29:53 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE IP Protection started successfully
2013/03/13 13:40:48 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE Starting protection
2013/03/13 13:40:48 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE Protection started successfully
2013/03/13 13:40:48 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE Starting IP protection
2013/03/13 13:40:58 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE IP Protection started successfully
2013/03/13 13:56:08 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE Executing scheduled update: Daily
2013/03/13 13:56:17 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE Scheduled update executed successfully: database updated from version v2013.03.12.10 to version v2013.03.13.07
2013/03/13 13:56:17 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE Starting database refresh
2013/03/13 13:56:17 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE Stopping IP protection
2013/03/13 13:56:19 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE IP Protection stopped successfully
2013/03/13 13:56:22 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE Database refreshed successfully
2013/03/13 13:56:22 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE Starting IP protection
2013/03/13 13:56:29 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE IP Protection started successfully
2013/03/13 16:14:08 +0100 MAJDIAMENIELVIR (null) MESSAGE Starting protection
2013/03/13 16:14:08 +0100 MAJDIAMENIELVIR (null) MESSAGE Protection started successfully
2013/03/13 16:14:08 +0100 MAJDIAMENIELVIR (null) MESSAGE Starting IP protection
2013/03/13 16:14:20 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE IP Protection started successfully
2013/03/13 16:47:00 +0100 MAJDIAMENIELVIR majdi ameni elvira IP-BLOCK 79.142.74.150 (Type: outgoing, Port: 51082, Process: firefox.exe)
2013/03/13 16:47:00 +0100 MAJDIAMENIELVIR majdi ameni elvira IP-BLOCK 79.142.74.150 (Type: outgoing, Port: 51084, Process: firefox.exe)
2013/03/13 16:47:08 +0100 MAJDIAMENIELVIR majdi ameni elvira IP-BLOCK 93.174.93.66 (Type: outgoing, Port: 51130, Process: flashplayerplugin_11_6_602_180.exe)
2013/03/13 16:47:08 +0100 MAJDIAMENIELVIR majdi ameni elvira IP-BLOCK 93.174.93.66 (Type: outgoing, Port: 51130, Process: flashplayerplugin_11_6_602_180.exe)
2013/03/13 16:47:08 +0100 MAJDIAMENIELVIR majdi ameni elvira IP-BLOCK 93.174.93.66 (Type: outgoing, Port: 51131, Process: flashplayerplugin_11_6_602_180.exe)
2013/03/13 16:47:08 +0100 MAJDIAMENIELVIR majdi ameni elvira IP-BLOCK 93.174.93.66 (Type: outgoing, Port: 51131, Process: flashplayerplugin_11_6_602_180.exe)
2013/03/13 16:47:08 +0100 MAJDIAMENIELVIR majdi ameni elvira IP-BLOCK 93.174.93.66 (Type: outgoing, Port: 51132, Process: flashplayerplugin_11_6_602_180.exe)
2013/03/13 16:47:08 +0100 MAJDIAMENIELVIR majdi ameni elvira IP-BLOCK 93.174.93.66 (Type: outgoing, Port: 51132, Process: flashplayerplugin_11_6_602_180.exe)
2013/03/13 18:29:08 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE Starting protection
2013/03/13 18:29:08 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE Protection started successfully
2013/03/13 18:29:08 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE Starting IP protection
2013/03/13 18:29:19 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE IP Protection started successfully
Code:
ATTFilter 2013/03/14 00:48:45 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE Starting protection
2013/03/14 00:48:45 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE Protection started successfully
2013/03/14 00:48:45 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE Starting IP protection
2013/03/14 00:48:55 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE IP Protection started successfully
2013/03/14 01:32:49 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE Starting protection
2013/03/14 01:32:49 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE Protection started successfully
2013/03/14 01:32:49 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE Starting IP protection
2013/03/14 01:33:01 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE IP Protection started successfully
2013/03/14 13:09:31 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE Executing scheduled update: Daily
2013/03/14 13:09:38 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE Starting protection
2013/03/14 13:09:38 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE Protection started successfully
2013/03/14 13:09:38 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE Starting IP protection
2013/03/14 13:09:50 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE IP Protection started successfully
2013/03/14 13:09:57 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE Starting database refresh
2013/03/14 13:09:57 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE Scheduled update executed successfully: database updated from version v2013.03.13.07 to version v2013.03.14.06
2013/03/14 13:09:57 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE Stopping IP protection
2013/03/14 13:09:58 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE IP Protection stopped successfully
2013/03/14 13:10:00 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE Database refreshed successfully
2013/03/14 13:10:00 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE Starting IP protection
2013/03/14 13:10:07 +0100 MAJDIAMENIELVIR majdi ameni elvira MESSAGE IP Protection started successfully
|
|
14.03.2013, 15:39
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mahnungsemail mit Rechnung im Anhang, das öffnen des Anhangs ist fehlgeschlagen, und durch scan habe ich 15 mit trojaner infizierte objekte. Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
14.03.2013, 20:47
| #5 |
| | Mahnungsemail mit Rechnung im Anhang, das öffnen des Anhangs ist fehlgeschlagen, und durch scan habe ich 15 mit trojaner infizierte objekte.Code:
ATTFilter OTL logfile created on: 14.03.2013 20:40:05 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\majdi ameni elvira\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 3,98 Gb Total Physical Memory | 2,68 Gb Available Physical Memory | 67,26% Memory free 7,96 Gb Paging File | 6,66 Gb Available in Paging File | 83,60% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,56 Gb Total Space | 56,33 Gb Free Space | 57,73% Space Free | Partition Type: NTFS Drive D: | 368,10 Gb Total Space | 368,00 Gb Free Space | 99,97% Space Free | Partition Type: NTFS Computer Name: MAJDIAMENIELVIR | User Name: majdi ameni elvira | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\majdi ameni elvira\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\majdi ameni elvira\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) PRC - C:\PROGRA~2\TELEVI~2\bar\1.bin\64barsvc.exe (COMPANYVERS_NAME) PRC - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brmon.exe (VER_COMPANY_NAME) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) PRC - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll () MOD - C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll () MOD - C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\25.0.1364.152\ffmpegsumo.dll () MOD - C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.3.0\libglesv2.dll () MOD - C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.3.0\libegl.dll () ========== Services (SafeList) ========== SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (TelevisionFanaticService) -- C:\PROGRA~2\TELEVI~2\bar\1.bin\64barsvc.exe (COMPANYVERS_NAME) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?st=6&barid={258AC3B4-38E1-11E2-8D52-802D4622B6AB} IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10007&barid={258AC3B4-38E1-11E2-8D52-802D4622B6AB} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^XP^xdm284^YY^de&ptb=9793F69C-12AB-4040-8A21-21C370963563&si=CMWkj4Ce_LQCFUmN3godwloAZQ IE - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 BB A3 4F 92 BA CD 01 [binary data] IE - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000\..\URLSearchHook: {0696f815-a3a9-490a-bb14-9ec3350b1276} - No CLSID value found IE - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files (x86)\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com) IE - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110824&tt=4712_1&babsrc=SP_ss_cr&mntrId=1839a315000000000000062737ac3dfd IE - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb201/?search={searchTerms}&loc=IB_DS&a=6PQQWpXjtr&i=26 IE - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={258AC3B4-38E1-11E2-8D52-802D4622B6AB} IE - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "My Web Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.selectedEngine: "My Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://home.mywebsearch.com/index.jhtml?ptb=9793F69C-12AB-4040-8A21-21C370963563&n=77fc20f8&p2=^XP^xdm284^YY^de&si=CMWkj4Ce_LQCFUmN3godwloAZQ" FF - prefs.js..extensions.enabledAddons: ffxtlbr%40incredibar.com:1.5.0 FF - prefs.js..extensions.enabledAddons: %7BEEE6C361-6118-11DC-9C72-001320C79847%7D:1.9.0.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..keyword.URL: "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=9793F69C-12AB-4040-8A21-21C370963563&n=77fc20f8&ind=2013012216&p2=^XP^xdm284^YY^de&si=CMWkj4Ce_LQCFUmN3godwloAZQ&searchfor=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=110824&tt=4712_1&babsrc=HP_ss_cr&mntrId=1839a315000000000000062737ac3dfd" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@TelevisionFanatic.com/Plugin: C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll (MindSpark) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\majdi ameni elvira\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\majdi ameni elvira\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\majdi ameni elvira\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\64ffxtbr@TelevisionFanatic.com: C:\Program Files (x86)\TelevisionFanatic\bar\1.bin [2013.01.22 16:05:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 16:02:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 16:02:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.04 04:58:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\Extensions [2013.01.22 17:52:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\Firefox\Profiles\bo9166oc.default\extensions [2013.01.22 16:05:14 | 000,000,000 | ---D | M] (TelevisionFanatic) -- C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\Firefox\Profiles\bo9166oc.default\extensions\64ffxtbr@TelevisionFanatic.com [2012.11.27 01:15:19 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\Firefox\Profiles\bo9166oc.default\extensions\ffxtlbr@incredibar.com [2012.10.21 12:46:43 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\Firefox\Profiles\bo9166oc.default\extensions\mail@gutscheinrausch.de [2013.01.22 17:52:13 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\firefox\profiles\bo9166oc.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2012.11.23 22:02:00 | 000,002,536 | ---- | M] () -- C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\firefox\profiles\bo9166oc.default\searchplugins\mngr.xml [2013.01.22 16:05:22 | 000,009,631 | ---- | M] () -- C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\firefox\profiles\bo9166oc.default\searchplugins\my-web-search.xml [2012.11.27 01:14:58 | 000,002,203 | ---- | M] () -- C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\firefox\profiles\bo9166oc.default\searchplugins\MyStart Search.xml [2012.11.30 16:02:12 | 000,003,983 | ---- | M] () -- C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\firefox\profiles\bo9166oc.default\searchplugins\sweetim.xml [2013.03.08 16:02:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.08 16:02:30 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.01.22 17:52:09 | 000,001,609 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-france.xml [2012.11.23 22:01:38 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.09.06 02:54:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.12.05 23:23:43 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml [2013.02.19 21:24:29 | 000,001,472 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-france.xml [2013.01.22 17:52:09 | 000,001,399 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fr.xml [2012.12.05 23:23:43 | 000,001,169 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-france.xml ========== Chrome ========== CHR - default_search_provider: SweetIM Search (Enabled) CHR - default_search_provider: search_url = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={258AC3B4-38E1-11E2-8D52-802D4622B6AB} CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://home.sweetim.com/?st=6&barid={258AC3B4-38E1-11E2-8D52-802D4622B6AB} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Users\majdi ameni elvira\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: YouTube = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: SweetIM for Facebook = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\ CHR - Extension: New tab for Chrome = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\ CHR - Extension: IncrediBar for Chrome = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\niogeckbkdcabhnapjbkeiklablhjoca\1.0.5_0\ CHR - Extension: SweetPacks Chrome Extension = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\ CHR - Extension: Google Mail = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: YouTube = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: SweetIM for Facebook = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\ CHR - Extension: New tab for Chrome = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\ CHR - Extension: IncrediBar for Chrome = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\niogeckbkdcabhnapjbkeiklablhjoca\1.0.5_0\ CHR - Extension: SweetPacks Chrome Extension = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\ CHR - Extension: Google Mail = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Search Assistant BHO) - {5d79f641-c168-40df-a32f-bacea7509e75} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll (MindSpark) O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files (x86)\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com) O2 - BHO: (Toolbar BHO) - {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - C:\PROGRA~2\TELEVI~2\bar\1.bin\64bar.dll (MindSpark) O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files (x86)\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com) O3 - HKLM\..\Toolbar: (TelevisionFanatic) - {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files (x86)\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com) O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [TelevisionFanatic Browser Plugin Loader] C:\PROGRA~2\TELEVI~2\bar\1.bin\64brmon.exe (VER_COMPANY_NAME) O4 - HKLM..\Run: [TelevisionFanatic Search Scope Monitor] "C:\PROGRA~2\TELEVI~2\bar\1.bin\64srchmn.exe" /m=2 /w /h File not found O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000..\Run: [Facebook Update] C:\Users\majdi ameni elvira\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E1F1FCF9-F9FF-4066-90F7-CD9D1F1AD570}: DhcpNameServer = 192.168.1.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{e34db5fb-0821-11e2-8f4c-988f091f419a}\Shell - "" = AutoRun O33 - MountPoints2\{e34db5fb-0821-11e2-8f4c-988f091f419a}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{e34db680-0821-11e2-8f4c-988f091f419a}\Shell - "" = AutoRun O33 - MountPoints2\{e34db680-0821-11e2-8f4c-988f091f419a}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.13 15:35:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.13 15:35:06 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.13 15:35:06 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.13 15:35:05 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.03.13 15:35:05 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.03.13 15:35:05 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.13 15:35:05 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.13 15:35:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.13 15:35:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.03.13 15:35:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.03.13 15:35:04 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.03.13 15:35:04 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.13 15:35:02 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.03.13 15:35:02 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.03.13 15:35:02 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.03.13 00:28:56 | 000,000,000 | ---D | C] -- C:\Users\majdi ameni elvira\AppData\Roaming\Malwarebytes [2013.03.13 00:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.13 00:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.13 00:28:33 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.13 00:28:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.13 00:28:12 | 000,000,000 | ---D | C] -- C:\Users\majdi ameni elvira\AppData\Local\Programs [2013.03.12 23:51:33 | 000,000,000 | -H-D | C] -- C:\Users\majdi ameni elvira\AppData\Roaming\3EE0BCD6 [2013.03.12 23:50:02 | 000,000,000 | ---D | C] -- C:\Users\majdi ameni elvira\Sbblisr [2013.03.12 12:35:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2013.03.12 12:32:36 | 000,000,000 | ---D | C] -- C:\Users\majdi ameni elvira\AppData\Roaming\U3 [2013.03.12 11:51:26 | 000,000,000 | ---D | C] -- C:\Users\majdi ameni elvira\Desktop\musik neu [2013.03.11 15:02:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AskTBar [2013.03.08 16:02:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.01 20:53:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.02.13 13:53:49 | 005,500,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.02.13 13:53:45 | 003,957,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.02.13 13:53:44 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.02.13 13:53:28 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.02.13 13:53:28 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.02.13 13:53:27 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.02.13 13:53:27 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.02.13 13:53:27 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.02.13 13:53:27 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.02.13 13:53:27 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.02.13 13:53:27 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.02.13 13:53:27 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.02.13 13:53:27 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.02.13 13:53:27 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.02.13 13:53:27 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.02.13 13:53:27 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.02.13 13:53:27 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.02.13 13:53:27 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.02.13 13:53:27 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.02.13 13:53:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.02.13 13:53:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.02.13 13:53:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.02.13 13:53:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.02.13 13:53:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.02.13 13:53:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.02.13 13:53:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.02.13 13:53:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.02.13 13:53:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.02.13 13:53:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.02.13 13:53:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.02.13 13:53:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.02.13 13:53:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.02.13 13:53:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.02.13 13:53:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.02.13 13:53:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.02.13 13:53:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.02.13 13:53:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.02.13 13:53:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.02.13 13:53:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.02.13 13:53:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.02.13 13:53:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.02.13 13:53:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.02.13 13:53:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.02.13 13:53:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.02.13 13:53:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.02.13 13:53:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.02.13 13:53:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.02.13 13:53:25 | 000,287,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS ========== Files - Modified Within 30 Days ========== [2013.03.14 20:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.14 20:01:49 | 000,002,395 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\Google Chrome.lnk [2013.03.14 20:01:49 | 000,001,172 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3828282979-3244811858-1549132693-1000UA.job [2013.03.14 19:56:01 | 000,000,980 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3828282979-3244811858-1549132693-1000UA.job [2013.03.14 19:50:01 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.14 19:23:15 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.14 19:23:15 | 000,641,706 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.14 19:23:15 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.14 19:23:15 | 000,126,062 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.14 19:23:15 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.14 19:21:04 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.14 19:21:04 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.14 19:16:03 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.14 19:15:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.14 19:15:50 | 3206,959,104 | -HS- | M] () -- C:\hiberfil.sys [2013.03.14 01:00:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3828282979-3244811858-1549132693-1000Core.job [2013.03.13 14:38:22 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.13 14:38:22 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.11 22:56:00 | 000,000,958 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3828282979-3244811858-1549132693-1000Core.job [2013.03.11 22:32:35 | 000,095,176 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\602166_574832465874756_198468293_n.jpg [2013.03.10 01:01:37 | 000,934,836 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\attachment.php.jpg [2013.03.09 10:18:49 | 000,091,328 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\702889_571393502887170_527173581_n.jpg [2013.03.09 10:18:31 | 000,139,126 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\702923_571393476220506_597571333_n.jpg [2013.03.08 18:10:22 | 000,017,927 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\601592_570957746249165_1027927645_n.jpg [2013.03.08 18:09:49 | 000,040,828 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\734632_571303722881234_1523163912_n.jpg [2013.03.08 16:01:13 | 000,031,133 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\577996_10151559285256614_1219465472_n.jpg [2013.03.07 16:29:46 | 000,057,079 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\65547_346293635492142_879126177_n.jpg [2013.02.28 23:03:42 | 000,071,558 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\803380_608383912521462_350012141_n.jpg [2013.02.28 23:02:57 | 000,067,753 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\730621_609338392426014_1849945632_n.jpg [2013.02.28 23:02:46 | 000,024,753 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\730599_609328659093654_2139714039_n.jpg [2013.02.28 13:11:10 | 000,306,636 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\859076_316425691793924_261292111_o.jpg [2013.02.26 19:13:19 | 000,096,306 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\480151_610010319025863_232090152_n.jpg [2013.02.26 19:12:50 | 000,074,640 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\524955_610019829024912_1986722450_n.jpg [2013.02.26 19:10:46 | 000,034,721 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\485047_611786715514890_1200217643_n.jpg [2013.02.26 15:28:23 | 000,037,588 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\285260_10151585540105209_864790281_n.jpg [2013.02.26 15:09:38 | 000,011,837 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\430935_315873545195684_1097459838_n.jpg [2013.02.25 19:59:10 | 000,017,239 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\317977_521838064503053_417561600_n.jpg [2013.02.22 16:28:23 | 000,031,910 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\559878_339374372850735_142926935_n.jpg [2013.02.16 16:55:38 | 000,045,322 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\21681_564067023617967_207603175_n.jpg [2013.02.16 14:01:42 | 000,164,096 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\1-2-_-Milupa_Ernaehrungsplaene_Beikost.png [2013.02.13 17:22:47 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013.03.11 22:32:33 | 000,095,176 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\602166_574832465874756_198468293_n.jpg [2013.03.10 01:01:34 | 000,934,836 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\attachment.php.jpg [2013.03.09 10:18:48 | 000,091,328 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\702889_571393502887170_527173581_n.jpg [2013.03.09 10:18:30 | 000,139,126 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\702923_571393476220506_597571333_n.jpg [2013.03.08 18:10:21 | 000,017,927 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\601592_570957746249165_1027927645_n.jpg [2013.03.08 18:09:47 | 000,040,828 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\734632_571303722881234_1523163912_n.jpg [2013.03.08 15:59:57 | 000,031,133 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\577996_10151559285256614_1219465472_n.jpg [2013.03.07 16:29:44 | 000,057,079 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\65547_346293635492142_879126177_n.jpg [2013.02.28 23:03:41 | 000,071,558 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\803380_608383912521462_350012141_n.jpg [2013.02.28 23:02:56 | 000,067,753 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\730621_609338392426014_1849945632_n.jpg [2013.02.28 23:02:45 | 000,024,753 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\730599_609328659093654_2139714039_n.jpg [2013.02.28 13:11:09 | 000,306,636 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\859076_316425691793924_261292111_o.jpg [2013.02.26 19:13:17 | 000,096,306 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\480151_610010319025863_232090152_n.jpg [2013.02.26 19:12:49 | 000,074,640 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\524955_610019829024912_1986722450_n.jpg [2013.02.26 19:10:46 | 000,034,721 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\485047_611786715514890_1200217643_n.jpg [2013.02.26 15:28:22 | 000,037,588 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\285260_10151585540105209_864790281_n.jpg [2013.02.26 15:09:36 | 000,011,837 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\430935_315873545195684_1097459838_n.jpg [2013.02.25 19:59:09 | 000,017,239 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\317977_521838064503053_417561600_n.jpg [2013.02.22 16:28:22 | 000,031,910 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\559878_339374372850735_142926935_n.jpg [2013.02.16 16:55:36 | 000,045,322 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\21681_564067023617967_207603175_n.jpg [2013.02.16 14:01:41 | 000,164,096 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\1-2-_-Milupa_Ernaehrungsplaene_Beikost.png [2012.10.29 18:23:43 | 000,003,584 | ---- | C] () -- C:\Users\majdi ameni elvira\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.03.13 00:30:09 | 000,000,000 | -H-D | M] -- C:\Users\majdi ameni elvira\AppData\Roaming\3EE0BCD6 [2012.11.23 22:01:22 | 000,000,000 | ---D | M] -- C:\Users\majdi ameni elvira\AppData\Roaming\Babylon [2012.12.18 21:11:58 | 000,000,000 | ---D | M] -- C:\Users\majdi ameni elvira\AppData\Roaming\GoforFiles [2012.11.23 22:02:17 | 000,000,000 | ---D | M] -- C:\Users\majdi ameni elvira\AppData\Roaming\MediaPlayerPackages [2012.10.21 12:46:38 | 000,000,000 | ---D | M] -- C:\Users\majdi ameni elvira\AppData\Roaming\OpenCandy [2012.11.15 10:59:34 | 000,000,000 | ---D | M] -- C:\Users\majdi ameni elvira\AppData\Roaming\OpenOffice.org ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 14.03.2013 20:40:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\majdi ameni elvira\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
3,98 Gb Total Physical Memory | 2,68 Gb Available Physical Memory | 67,26% Memory free
7,96 Gb Paging File | 6,66 Gb Available in Paging File | 83,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 56,33 Gb Free Space | 57,73% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 368,00 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
Computer Name: MAJDIAMENIELVIR | User Name: majdi ameni elvira | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3828282979-3244811858-1549132693-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D6BD56B-541C-4D5D-9C61-14D0370DFB64}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{28EB52E5-F894-40AE-9BCA-471099896575}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{349FBD90-4322-4D18-963E-D4DF001EFA2C}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{38A045C7-ADA3-4C12-9504-8F141A7026BF}" = dir=in | app=c:\users\majdi ameni elvira\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{5BC526C7-B5DB-432B-A739-ABEDBCFF334E}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{606A77EF-0CA3-4289-A55B-B788A6F25DC8}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{76AEAD72-3658-446A-A037-30FD44B96620}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{7A301976-C47F-46CF-B435-9B8CFC6D618D}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{82A7328E-9E33-4F50-814E-53D66BB6BA0B}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{96DD81E1-F78D-4D0E-86F7-BB011A5A5E3D}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{9815E4D5-1CBF-4579-A788-6514EDC1717F}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{CA7AF6D9-D4CE-4DE9-8F84-2CC704E7033C}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{CAA89A70-CF66-45D7-A00A-42650BCD620E}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{D8C28A7B-7284-411C-AEBB-DD48052AAAFF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F18B3906-C0D2-4096-987D-C0D88A3177F4}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.2
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Atheros WiFi Driver Installation
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A70800000002}" = Adobe Reader 7.0.8 - Deutsch
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AskTBar Uninstall" = Ask Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 19.0.2 (x86 fr)" = Mozilla Firefox 19.0.2 (x86 fr)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"TelevisionFanaticbar Uninstall" = TelevisionFanatic Toolbar
"VLC media player" = VLC media player 2.0.2
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3828282979-3244811858-1549132693-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.02.2013 17:52:06 | Computer Name = majdiamenielvir | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FacebookVideoCalling.exe, Version:
1.2.0.287, Zeitstempel: 0x50775885 Name des fehlerhaften Moduls: KERNELBASE.dll,
Version: 6.1.7600.17135, Zeitstempel: 0x506dbfdc Ausnahmecode: 0xe0fafafa Fehleroffset:
0x0000c41f ID des fehlerhaften Prozesses: 0xb84 Startzeit der fehlerhaften Anwendung:
0x01ce0645f17f90b4 Pfad der fehlerhaften Anwendung: C:\Users\majdi ameni elvira\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: c75e5bbd-7239-11e2-8d2e-de7767612da7
Error - 08.02.2013 17:57:52 | Computer Name = majdiamenielvir | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FacebookVideoCalling.exe, Version:
1.2.0.287, Zeitstempel: 0x50775885 Name des fehlerhaften Moduls: KERNELBASE.dll,
Version: 6.1.7600.17135, Zeitstempel: 0x506dbfdc Ausnahmecode: 0xe0fafafa Fehleroffset:
0x0000c41f ID des fehlerhaften Prozesses: 0xb98 Startzeit der fehlerhaften Anwendung:
0x01ce0646901c26f0 Pfad der fehlerhaften Anwendung: C:\Users\majdi ameni elvira\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 95906d96-723a-11e2-8d2e-de7767612da7
Error - 25.02.2013 16:52:13 | Computer Name = majdiamenielvir | Source = Application Hang | ID = 1002
Description = Programm DllHost.exe, Version 6.1.7600.16385 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1920 Startzeit: 01ce1399ec75c49f Endzeit: 10 Anwendungspfad:
C:\Windows\system32\DllHost.exe Berichts-ID: 388d1c94-7f8d-11e2-8caf-8b2fce9311a8
Error - 25.02.2013 16:52:26 | Computer Name = majdiamenielvir | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7600.16450 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 668 Startzeit: 01ce139364636a9a Endzeit: 20 Anwendungspfad:
C:\Windows\Explorer.EXE Berichts-ID: 41649a85-7f8d-11e2-8caf-8b2fce9311a8
Error - 25.02.2013 16:52:57 | Computer Name = majdiamenielvir | Source = Application Hang | ID = 1002
Description = Programm explorer.exe, Version 6.1.7600.16450 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1acc Startzeit: 01ce139a04c5787d Endzeit: 3020 Anwendungspfad:
C:\Windows\explorer.exe Berichts-ID: 4ef3fbaa-7f8d-11e2-8caf-8b2fce9311a8
Error - 05.03.2013 18:01:29 | Computer Name = majdiamenielvir | Source = Chrome | ID = 1
Description =
Error - 12.03.2013 08:43:39 | Computer Name = majdiamenielvir | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FacebookVideoCalling.exe, Version:
1.2.0.287, Zeitstempel: 0x50775885 Name des fehlerhaften Moduls: KERNELBASE.dll,
Version: 6.1.7600.17206, Zeitstempel: 0x50e6605e Ausnahmecode: 0xe0fafafa Fehleroffset:
0x0000c41f ID des fehlerhaften Prozesses: 0x4d0 Startzeit der fehlerhaften Anwendung:
0x01ce1f1f0e5021a7 Pfad der fehlerhaften Anwendung: C:\Users\majdi ameni elvira\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 768cbe7b-8b12-11e2-b6b9-ab9e5c5430a9
Error - 12.03.2013 18:55:42 | Computer Name = majdiamenielvir | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 19.0.2.4814 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ad4 Startzeit:
01ce1f7028ff035c Endzeit: 31 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
f5580a3d-8b67-11e2-a2cc-cb62ab0383ab
Error - 12.03.2013 19:08:28 | Computer Name = majdiamenielvir | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 19.0.2.4814 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b70 Startzeit:
01ce1f7535005901 Endzeit: 10 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
bba91a84-8b69-11e2-a7dd-f67d08d425ab
Error - 13.03.2013 11:42:51 | Computer Name = majdiamenielvir | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FacebookVideoCalling.exe, Version:
1.2.0.287, Zeitstempel: 0x50775885 Name des fehlerhaften Moduls: KERNELBASE.dll,
Version: 6.1.7600.17206, Zeitstempel: 0x50e6605e Ausnahmecode: 0xe0fafafa Fehleroffset:
0x0000c41f ID des fehlerhaften Prozesses: 0x438 Startzeit der fehlerhaften Anwendung:
0x01ce2000c9e8bb70 Pfad der fehlerhaften Anwendung: C:\Users\majdi ameni elvira\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: a95494b6-8bf4-11e2-b58a-c39e10f6aab1
[ System Events ]
Error - 05.03.2013 12:51:41 | Computer Name = majdiamenielvir | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 05.03.2013 15:35:05 | Computer Name = majdiamenielvir | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 06.03.2013 10:03:53 | Computer Name = majdiamenielvir | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 06.03.2013 12:46:16 | Computer Name = majdiamenielvir | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 07.03.2013 08:35:13 | Computer Name = majdiamenielvir | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 07.03.2013 13:30:15 | Computer Name = majdiamenielvir | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 08.03.2013 08:31:15 | Computer Name = majdiamenielvir | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 08.03.2013 10:50:14 | Computer Name = majdiamenielvir | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 08.03.2013 12:52:33 | Computer Name = majdiamenielvir | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 08.03.2013 19:50:25 | Computer Name = majdiamenielvir | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
< End of report >
Code:
ATTFilter OTL Extras logfile created on: 14.03.2013 20:40:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\majdi ameni elvira\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
3,98 Gb Total Physical Memory | 2,68 Gb Available Physical Memory | 67,26% Memory free
7,96 Gb Paging File | 6,66 Gb Available in Paging File | 83,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 56,33 Gb Free Space | 57,73% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 368,00 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
Computer Name: MAJDIAMENIELVIR | User Name: majdi ameni elvira | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3828282979-3244811858-1549132693-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D6BD56B-541C-4D5D-9C61-14D0370DFB64}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{28EB52E5-F894-40AE-9BCA-471099896575}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{349FBD90-4322-4D18-963E-D4DF001EFA2C}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{38A045C7-ADA3-4C12-9504-8F141A7026BF}" = dir=in | app=c:\users\majdi ameni elvira\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{5BC526C7-B5DB-432B-A739-ABEDBCFF334E}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{606A77EF-0CA3-4289-A55B-B788A6F25DC8}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{76AEAD72-3658-446A-A037-30FD44B96620}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{7A301976-C47F-46CF-B435-9B8CFC6D618D}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{82A7328E-9E33-4F50-814E-53D66BB6BA0B}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{96DD81E1-F78D-4D0E-86F7-BB011A5A5E3D}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{9815E4D5-1CBF-4579-A788-6514EDC1717F}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{CA7AF6D9-D4CE-4DE9-8F84-2CC704E7033C}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{CAA89A70-CF66-45D7-A00A-42650BCD620E}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{D8C28A7B-7284-411C-AEBB-DD48052AAAFF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F18B3906-C0D2-4096-987D-C0D88A3177F4}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.2
"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Atheros WiFi Driver Installation
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A70800000002}" = Adobe Reader 7.0.8 - Deutsch
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AskTBar Uninstall" = Ask Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 19.0.2 (x86 fr)" = Mozilla Firefox 19.0.2 (x86 fr)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"TelevisionFanaticbar Uninstall" = TelevisionFanatic Toolbar
"VLC media player" = VLC media player 2.0.2
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3828282979-3244811858-1549132693-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.02.2013 17:52:06 | Computer Name = majdiamenielvir | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FacebookVideoCalling.exe, Version:
1.2.0.287, Zeitstempel: 0x50775885 Name des fehlerhaften Moduls: KERNELBASE.dll,
Version: 6.1.7600.17135, Zeitstempel: 0x506dbfdc Ausnahmecode: 0xe0fafafa Fehleroffset:
0x0000c41f ID des fehlerhaften Prozesses: 0xb84 Startzeit der fehlerhaften Anwendung:
0x01ce0645f17f90b4 Pfad der fehlerhaften Anwendung: C:\Users\majdi ameni elvira\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: c75e5bbd-7239-11e2-8d2e-de7767612da7
Error - 08.02.2013 17:57:52 | Computer Name = majdiamenielvir | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FacebookVideoCalling.exe, Version:
1.2.0.287, Zeitstempel: 0x50775885 Name des fehlerhaften Moduls: KERNELBASE.dll,
Version: 6.1.7600.17135, Zeitstempel: 0x506dbfdc Ausnahmecode: 0xe0fafafa Fehleroffset:
0x0000c41f ID des fehlerhaften Prozesses: 0xb98 Startzeit der fehlerhaften Anwendung:
0x01ce0646901c26f0 Pfad der fehlerhaften Anwendung: C:\Users\majdi ameni elvira\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 95906d96-723a-11e2-8d2e-de7767612da7
Error - 25.02.2013 16:52:13 | Computer Name = majdiamenielvir | Source = Application Hang | ID = 1002
Description = Programm DllHost.exe, Version 6.1.7600.16385 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1920 Startzeit: 01ce1399ec75c49f Endzeit: 10 Anwendungspfad:
C:\Windows\system32\DllHost.exe Berichts-ID: 388d1c94-7f8d-11e2-8caf-8b2fce9311a8
Error - 25.02.2013 16:52:26 | Computer Name = majdiamenielvir | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7600.16450 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 668 Startzeit: 01ce139364636a9a Endzeit: 20 Anwendungspfad:
C:\Windows\Explorer.EXE Berichts-ID: 41649a85-7f8d-11e2-8caf-8b2fce9311a8
Error - 25.02.2013 16:52:57 | Computer Name = majdiamenielvir | Source = Application Hang | ID = 1002
Description = Programm explorer.exe, Version 6.1.7600.16450 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 1acc Startzeit: 01ce139a04c5787d Endzeit: 3020 Anwendungspfad:
C:\Windows\explorer.exe Berichts-ID: 4ef3fbaa-7f8d-11e2-8caf-8b2fce9311a8
Error - 05.03.2013 18:01:29 | Computer Name = majdiamenielvir | Source = Chrome | ID = 1
Description =
Error - 12.03.2013 08:43:39 | Computer Name = majdiamenielvir | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FacebookVideoCalling.exe, Version:
1.2.0.287, Zeitstempel: 0x50775885 Name des fehlerhaften Moduls: KERNELBASE.dll,
Version: 6.1.7600.17206, Zeitstempel: 0x50e6605e Ausnahmecode: 0xe0fafafa Fehleroffset:
0x0000c41f ID des fehlerhaften Prozesses: 0x4d0 Startzeit der fehlerhaften Anwendung:
0x01ce1f1f0e5021a7 Pfad der fehlerhaften Anwendung: C:\Users\majdi ameni elvira\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 768cbe7b-8b12-11e2-b6b9-ab9e5c5430a9
Error - 12.03.2013 18:55:42 | Computer Name = majdiamenielvir | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 19.0.2.4814 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ad4 Startzeit:
01ce1f7028ff035c Endzeit: 31 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
f5580a3d-8b67-11e2-a2cc-cb62ab0383ab
Error - 12.03.2013 19:08:28 | Computer Name = majdiamenielvir | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 19.0.2.4814 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: b70 Startzeit:
01ce1f7535005901 Endzeit: 10 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
bba91a84-8b69-11e2-a7dd-f67d08d425ab
Error - 13.03.2013 11:42:51 | Computer Name = majdiamenielvir | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FacebookVideoCalling.exe, Version:
1.2.0.287, Zeitstempel: 0x50775885 Name des fehlerhaften Moduls: KERNELBASE.dll,
Version: 6.1.7600.17206, Zeitstempel: 0x50e6605e Ausnahmecode: 0xe0fafafa Fehleroffset:
0x0000c41f ID des fehlerhaften Prozesses: 0x438 Startzeit der fehlerhaften Anwendung:
0x01ce2000c9e8bb70 Pfad der fehlerhaften Anwendung: C:\Users\majdi ameni elvira\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: a95494b6-8bf4-11e2-b58a-c39e10f6aab1
[ System Events ]
Error - 05.03.2013 12:51:41 | Computer Name = majdiamenielvir | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 05.03.2013 15:35:05 | Computer Name = majdiamenielvir | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 06.03.2013 10:03:53 | Computer Name = majdiamenielvir | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 06.03.2013 12:46:16 | Computer Name = majdiamenielvir | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 07.03.2013 08:35:13 | Computer Name = majdiamenielvir | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 07.03.2013 13:30:15 | Computer Name = majdiamenielvir | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 08.03.2013 08:31:15 | Computer Name = majdiamenielvir | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 08.03.2013 10:50:14 | Computer Name = majdiamenielvir | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 08.03.2013 12:52:33 | Computer Name = majdiamenielvir | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
Error - 08.03.2013 19:50:25 | Computer Name = majdiamenielvir | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
< End of report >
|
|
15.03.2013, 01:01
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mahnungsemail mit Rechnung im Anhang, das öffnen des Anhangs ist fehlgeschlagen, und durch scan habe ich 15 mit trojaner infizierte objekte.Zitat:
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?
__________________ --> Mahnungsemail mit Rechnung im Anhang, das öffnen des Anhangs ist fehlgeschlagen, und durch scan habe ich 15 mit trojaner infizierte objekte. |
|
15.03.2013, 15:16
| #7 |
| | Mahnungsemail mit Rechnung im Anhang, das öffnen des Anhangs ist fehlgeschlagen, und durch scan habe ich 15 mit trojaner infizierte objekte. Nein..ich hab keine ahnung was ich da für ne edition drauf habe.. ich hatte nur mal probleme mit dem pc weil die ganze zeit internetseiten mit werbeanzeigen aufgingen, so ziemlich jede 2 sekunden ne neue und dann hat der freund von meinem mann den pc zu sich genommen und das problem behoben..naj was er genau gemacht hat weiß ich nicht theoretisch wollte ich den pc plattmachen aber als ich ihn gekauft hab ( glaub ca vor 9 monaten) war keine windows cd dabei...und desshalb haben wir ihm unserem kollegen gegeben |
|
15.03.2013, 15:36
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mahnungsemail mit Rechnung im Anhang, das öffnen des Anhangs ist fehlgeschlagen, und durch scan habe ich 15 mit trojaner infizierte objekte. Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.03.2013, 17:31
| #9 |
| | Mahnungsemail mit Rechnung im Anhang, das öffnen des Anhangs ist fehlgeschlagen, und durch scan habe ich 15 mit trojaner infizierte objekte.Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-16 17:14:20
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS547550A9E384 rev.JE3OA50B 465,76GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\MAJDIA~1\AppData\Local\Temp\ugwyapog.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076081465 2 bytes [08, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760814bb 2 bytes [08, 76]
.text ... * 2
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[1320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076081465 2 bytes [08, 76]
.text C:\Program Files (x86)\Skype\Phone\Skype.exe[1320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760814bb 2 bytes [08, 76]
.text ... * 2
.text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[2136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076081465 2 bytes [08, 76]
.text C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[2136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760814bb 2 bytes [08, 76]
.text ... * 2
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2628] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076081465 2 bytes [08, 76]
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2628] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760814bb 2 bytes [08, 76]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [2628] entry point in ".rdata" section 00000000746a71e6
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2072] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077c0f941 7 bytes {MOV EDX, 0xea5e28; JMP RDX}
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2072] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077c0fb85 7 bytes {MOV EDX, 0xea5e68; JMP RDX}
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2072] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077c0fbb5 7 bytes {MOV EDX, 0xea5da8; JMP RDX}
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2072] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077c0fbcd 7 bytes {MOV EDX, 0xea5d28; JMP RDX}
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2072] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077c0fbe5 7 bytes {MOV EDX, 0xea5f28; JMP RDX}
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2072] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077c0fc15 7 bytes {MOV EDX, 0xea5f68; JMP RDX}
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2072] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077c0fc95 7 bytes {MOV EDX, 0xea5ee8; JMP RDX}
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2072] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077c0fcad 7 bytes {MOV EDX, 0xea5ea8; JMP RDX}
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2072] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077c0fcf9 7 bytes {MOV EDX, 0xea5c68; JMP RDX}
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2072] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077c0fdf1 7 bytes {MOV EDX, 0xea5ca8; JMP RDX}
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2072] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077c10049 7 bytes {MOV EDX, 0xea5c28; JMP RDX}
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2072] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077c11055 7 bytes {MOV EDX, 0xea5de8; JMP RDX}
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2072] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077c110cd 7 bytes {MOV EDX, 0xea5d68; JMP RDX}
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2072] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077c112d1 7 bytes {MOV EDX, 0xea5ce8; JMP RDX}
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076081465 2 bytes [08, 76]
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760814bb 2 bytes [08, 76]
.text ... * 2
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076081465 2 bytes [08, 76]
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760814bb 2 bytes [08, 76]
.text ... * 2
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077c0f941 7 bytes {MOV EDX, 0x99228; JMP RDX}
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077c0fb85 7 bytes {MOV EDX, 0x99268; JMP RDX}
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077c0fbb5 7 bytes {MOV EDX, 0x991a8; JMP RDX}
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077c0fbcd 7 bytes {MOV EDX, 0x99128; JMP RDX}
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077c0fbe5 7 bytes {MOV EDX, 0x99328; JMP RDX}
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077c0fc15 7 bytes {MOV EDX, 0x99368; JMP RDX}
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077c0fc95 7 bytes {MOV EDX, 0x992e8; JMP RDX}
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077c0fcad 7 bytes {MOV EDX, 0x992a8; JMP RDX}
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077c0fcf9 7 bytes {MOV EDX, 0x99068; JMP RDX}
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077c0fdf1 7 bytes {MOV EDX, 0x990a8; JMP RDX}
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077c10049 7 bytes {MOV EDX, 0x99028; JMP RDX}
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077c11055 7 bytes {MOV EDX, 0x991e8; JMP RDX}
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077c110cd 7 bytes {MOV EDX, 0x99168; JMP RDX}
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077c112d1 7 bytes {MOV EDX, 0x990e8; JMP RDX}
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076081465 2 bytes [08, 76]
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760814bb 2 bytes [08, 76]
.text ... * 2
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077c0f941 7 bytes {MOV EDX, 0x8b8628; JMP RDX}
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077c0fb85 7 bytes {MOV EDX, 0x8b8668; JMP RDX}
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077c0fbb5 7 bytes {MOV EDX, 0x8b85a8; JMP RDX}
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077c0fbcd 7 bytes {MOV EDX, 0x8b8528; JMP RDX}
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077c0fbe5 7 bytes {MOV EDX, 0x8b8728; JMP RDX}
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077c0fc15 7 bytes {MOV EDX, 0x8b8768; JMP RDX}
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077c0fc95 7 bytes {MOV EDX, 0x8b86e8; JMP RDX}
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077c0fcad 7 bytes {MOV EDX, 0x8b86a8; JMP RDX}
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077c0fcf9 7 bytes {MOV EDX, 0x8b8468; JMP RDX}
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077c0fdf1 7 bytes {MOV EDX, 0x8b84a8; JMP RDX}
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077c10049 7 bytes {MOV EDX, 0x8b8428; JMP RDX}
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077c11055 7 bytes {MOV EDX, 0x8b85e8; JMP RDX}
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077c110cd 7 bytes {MOV EDX, 0x8b8568; JMP RDX}
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077c112d1 7 bytes {MOV EDX, 0x8b84e8; JMP RDX}
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076081465 2 bytes [08, 76]
.text C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760814bb 2 bytes [08, 76]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [876:1360] 000007fef5d69688
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.16.08
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
majdi ameni elvira :: MAJDIAMENIELVIR [administrator]
16.03.2013 17:38:40
mbar-log-2013-03-16 (17-38-40).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28594
Time elapsed: 17 minute(s), 20 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
17.03.2013, 00:32
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mahnungsemail mit Rechnung im Anhang, das öffnen des Anhangs ist fehlgeschlagen, und durch scan habe ich 15 mit trojaner infizierte objekte. aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.03.2013, 23:53
| #11 |
| | Mahnungsemail mit Rechnung im Anhang, das öffnen des Anhangs ist fehlgeschlagen, und durch scan habe ich 15 mit trojaner infizierte objekte.Code:
ATTFilter 23:49:07.0177 1884 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:49:07.0384 1884 ============================================================
23:49:07.0384 1884 Current date / time: 2013/03/17 23:49:07.0384
23:49:07.0384 1884 SystemInfo:
23:49:07.0384 1884
23:49:07.0385 1884 OS Version: 6.1.7600 ServicePack: 0.0
23:49:07.0385 1884 Product type: Workstation
23:49:07.0385 1884 ComputerName: MAJDIAMENIELVIR
23:49:07.0385 1884 UserName: majdi ameni elvira
23:49:07.0385 1884 Windows directory: C:\Windows
23:49:07.0385 1884 System windows directory: C:\Windows
23:49:07.0385 1884 Running under WOW64
23:49:07.0385 1884 Processor architecture: Intel x64
23:49:07.0385 1884 Number of processors: 2
23:49:07.0385 1884 Page size: 0x1000
23:49:07.0385 1884 Boot type: Normal boot
23:49:07.0385 1884 ============================================================
23:49:08.0755 1884 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:49:08.0763 1884 ============================================================
23:49:08.0763 1884 \Device\Harddisk0\DR0:
23:49:08.0765 1884 MBR partitions:
23:49:08.0765 1884 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:49:08.0765 1884 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31E000
23:49:08.0765 1884 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x2E035000
23:49:08.0765 1884 ============================================================
23:49:08.0797 1884 C: <-> \Device\Harddisk0\DR0\Partition2
23:49:08.0840 1884 D: <-> \Device\Harddisk0\DR0\Partition3
23:49:08.0840 1884 ============================================================
23:49:08.0840 1884 Initialize success
23:49:08.0840 1884 ============================================================
23:51:37.0896 2316 ============================================================
23:51:37.0896 2316 Scan started
23:51:37.0896 2316 Mode: Manual; SigCheck; TDLFS;
23:51:37.0896 2316 ============================================================
23:51:38.0302 2316 ================ Scan system memory ========================
23:51:38.0302 2316 System memory - ok
23:51:38.0302 2316 ================ Scan services =============================
23:51:38.0505 2316 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
23:51:38.0645 2316 1394ohci - ok
23:51:38.0661 2316 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
23:51:38.0692 2316 ACPI - ok
23:51:38.0723 2316 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
23:51:38.0801 2316 AcpiPmi - ok
23:51:38.0942 2316 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:51:38.0973 2316 AdobeFlashPlayerUpdateSvc - ok
23:51:39.0004 2316 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:51:39.0035 2316 adp94xx - ok
23:51:39.0082 2316 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:51:39.0113 2316 adpahci - ok
23:51:39.0144 2316 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:51:39.0207 2316 adpu320 - ok
23:51:39.0238 2316 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:51:39.0394 2316 AeLookupSvc - ok
23:51:39.0456 2316 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
23:51:39.0503 2316 AFD - ok
23:51:39.0534 2316 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
23:51:39.0534 2316 agp440 - ok
23:51:39.0581 2316 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
23:51:39.0659 2316 ALG - ok
23:51:39.0675 2316 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
23:51:39.0690 2316 aliide - ok
23:51:39.0706 2316 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
23:51:39.0722 2316 amdide - ok
23:51:39.0737 2316 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:51:39.0784 2316 AmdK8 - ok
23:51:39.0815 2316 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:51:39.0831 2316 AmdPPM - ok
23:51:39.0862 2316 [ 7A4B413614C055935567CF88A9734D38 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
23:51:39.0862 2316 amdsata - ok
23:51:39.0878 2316 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:51:39.0893 2316 amdsbs - ok
23:51:39.0909 2316 [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
23:51:39.0909 2316 amdxata - ok
23:51:39.0956 2316 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
23:51:40.0049 2316 AppID - ok
23:51:40.0065 2316 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:51:40.0127 2316 AppIDSvc - ok
23:51:40.0158 2316 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
23:51:40.0190 2316 Appinfo - ok
23:51:40.0221 2316 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
23:51:40.0268 2316 AppMgmt - ok
23:51:40.0283 2316 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
23:51:40.0299 2316 arc - ok
23:51:40.0346 2316 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:51:40.0361 2316 arcsas - ok
23:51:40.0392 2316 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:51:40.0455 2316 AsyncMac - ok
23:51:40.0470 2316 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
23:51:40.0470 2316 atapi - ok
23:51:40.0580 2316 [ A5E770426D18F8EF332A593F3289DA91 ] athr C:\Windows\system32\DRIVERS\athrx.sys
23:51:40.0689 2316 athr - ok
23:51:40.0736 2316 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:51:40.0814 2316 AudioEndpointBuilder - ok
23:51:40.0845 2316 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:51:40.0892 2316 AudioSrv - ok
23:51:40.0907 2316 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:51:40.0970 2316 AxInstSV - ok
23:51:41.0016 2316 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
23:51:41.0079 2316 b06bdrv - ok
23:51:41.0126 2316 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:51:41.0204 2316 b57nd60a - ok
23:51:41.0250 2316 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
23:51:41.0297 2316 BDESVC - ok
23:51:41.0328 2316 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
23:51:41.0406 2316 Beep - ok
23:51:41.0469 2316 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
23:51:41.0547 2316 BFE - ok
23:51:41.0578 2316 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
23:51:41.0672 2316 BITS - ok
23:51:41.0796 2316 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:51:41.0890 2316 blbdrive - ok
23:51:42.0015 2316 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:51:42.0077 2316 bowser - ok
23:51:42.0108 2316 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:51:42.0155 2316 BrFiltLo - ok
23:51:42.0171 2316 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:51:42.0186 2316 BrFiltUp - ok
23:51:42.0218 2316 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
23:51:42.0280 2316 Browser - ok
23:51:42.0296 2316 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:51:42.0374 2316 Brserid - ok
23:51:42.0389 2316 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:51:42.0436 2316 BrSerWdm - ok
23:51:42.0452 2316 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:51:42.0483 2316 BrUsbMdm - ok
23:51:42.0498 2316 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:51:42.0514 2316 BrUsbSer - ok
23:51:42.0530 2316 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:51:42.0561 2316 BTHMODEM - ok
23:51:42.0623 2316 [ 21084CEB85280468C9ACA3C805C0F8CF ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
23:51:42.0686 2316 BTHPORT - ok
23:51:42.0732 2316 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
23:51:42.0810 2316 bthserv - ok
23:51:42.0842 2316 [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
23:51:42.0857 2316 BTHUSB - ok
23:51:42.0888 2316 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:51:42.0966 2316 cdfs - ok
23:51:42.0998 2316 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:51:43.0029 2316 cdrom - ok
23:51:43.0060 2316 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
23:51:43.0122 2316 CertPropSvc - ok
23:51:43.0154 2316 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:51:43.0185 2316 circlass - ok
23:51:43.0232 2316 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
23:51:43.0247 2316 CLFS - ok
23:51:43.0310 2316 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:51:43.0341 2316 clr_optimization_v2.0.50727_32 - ok
23:51:43.0388 2316 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:51:43.0403 2316 clr_optimization_v2.0.50727_64 - ok
23:51:43.0434 2316 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:51:43.0450 2316 CmBatt - ok
23:51:43.0466 2316 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
23:51:43.0481 2316 cmdide - ok
23:51:43.0544 2316 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
23:51:43.0590 2316 CNG - ok
23:51:43.0622 2316 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:51:43.0622 2316 Compbatt - ok
23:51:43.0653 2316 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
23:51:43.0715 2316 CompositeBus - ok
23:51:43.0731 2316 COMSysApp - ok
23:51:43.0746 2316 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:51:43.0762 2316 crcdisk - ok
23:51:43.0793 2316 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:51:43.0871 2316 CryptSvc - ok
23:51:43.0887 2316 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
23:51:43.0949 2316 CSC - ok
23:51:43.0980 2316 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
23:51:44.0058 2316 CscService - ok
23:51:44.0121 2316 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:51:44.0183 2316 DcomLaunch - ok
23:51:44.0214 2316 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
23:51:44.0261 2316 defragsvc - ok
23:51:44.0308 2316 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:51:44.0355 2316 DfsC - ok
23:51:44.0417 2316 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
23:51:44.0495 2316 Dhcp - ok
23:51:44.0511 2316 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
23:51:44.0589 2316 discache - ok
23:51:44.0651 2316 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:51:44.0667 2316 Disk - ok
23:51:44.0714 2316 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:51:44.0745 2316 Dnscache - ok
23:51:44.0776 2316 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
23:51:44.0854 2316 dot3svc - ok
23:51:44.0870 2316 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
23:51:44.0932 2316 DPS - ok
23:51:44.0979 2316 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:51:44.0994 2316 drmkaud - ok
23:51:45.0041 2316 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:51:45.0057 2316 DXGKrnl - ok
23:51:45.0104 2316 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
23:51:45.0166 2316 EapHost - ok
23:51:45.0260 2316 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
23:51:45.0369 2316 ebdrv - ok
23:51:45.0431 2316 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
23:51:45.0478 2316 EFS - ok
23:51:45.0556 2316 [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:51:45.0634 2316 ehRecvr - ok
23:51:45.0650 2316 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
23:51:45.0665 2316 ehSched - ok
23:51:45.0712 2316 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:51:45.0743 2316 elxstor - ok
23:51:45.0759 2316 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
23:51:45.0790 2316 ErrDev - ok
23:51:45.0837 2316 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
23:51:45.0899 2316 EventSystem - ok
23:51:45.0930 2316 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
23:51:45.0977 2316 exfat - ok
23:51:45.0977 2316 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:51:46.0024 2316 fastfat - ok
23:51:46.0055 2316 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
23:51:46.0118 2316 Fax - ok
23:51:46.0153 2316 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:51:46.0188 2316 fdc - ok
23:51:46.0228 2316 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
23:51:46.0305 2316 fdPHost - ok
23:51:46.0324 2316 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
23:51:46.0407 2316 FDResPub - ok
23:51:46.0439 2316 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:51:46.0450 2316 FileInfo - ok
23:51:46.0472 2316 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:51:46.0536 2316 Filetrace - ok
23:51:46.0546 2316 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:51:46.0566 2316 flpydisk - ok
23:51:46.0602 2316 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:51:46.0630 2316 FltMgr - ok
23:51:46.0742 2316 [ BC00505CFDA789ED3BE95D2FF38C4875 ] FontCache C:\Windows\system32\FntCache.dll
23:51:46.0814 2316 FontCache - ok
23:51:46.0860 2316 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:51:46.0880 2316 FontCache3.0.0.0 - ok
23:51:46.0895 2316 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:51:46.0914 2316 FsDepends - ok
23:51:46.0955 2316 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:51:46.0967 2316 Fs_Rec - ok
23:51:47.0013 2316 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:51:47.0038 2316 fvevol - ok
23:51:47.0064 2316 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:51:47.0080 2316 gagp30kx - ok
23:51:47.0124 2316 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:51:47.0143 2316 GEARAspiWDM - ok
23:51:47.0199 2316 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
23:51:47.0260 2316 gpsvc - ok
23:51:47.0358 2316 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:51:47.0373 2316 gupdate - ok
23:51:47.0389 2316 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:51:47.0389 2316 gupdatem - ok
23:51:47.0420 2316 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:51:47.0467 2316 hcw85cir - ok
23:51:47.0498 2316 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:51:47.0545 2316 HdAudAddService - ok
23:51:47.0592 2316 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:51:47.0623 2316 HDAudBus - ok
23:51:47.0639 2316 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:51:47.0670 2316 HidBatt - ok
23:51:47.0685 2316 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:51:47.0717 2316 HidBth - ok
23:51:47.0763 2316 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:51:47.0795 2316 HidIr - ok
23:51:47.0826 2316 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
23:51:47.0904 2316 hidserv - ok
23:51:47.0951 2316 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:51:47.0982 2316 HidUsb - ok
23:51:48.0029 2316 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:51:48.0107 2316 hkmsvc - ok
23:51:48.0138 2316 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:51:48.0200 2316 HomeGroupListener - ok
23:51:48.0231 2316 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:51:48.0263 2316 HomeGroupProvider - ok
23:51:48.0309 2316 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
23:51:48.0325 2316 HpSAMD - ok
23:51:48.0387 2316 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:51:48.0481 2316 HTTP - ok
23:51:48.0497 2316 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:51:48.0497 2316 hwpolicy - ok
23:51:48.0528 2316 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:51:48.0559 2316 i8042prt - ok
23:51:48.0590 2316 [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
23:51:48.0606 2316 iaStorV - ok
23:51:48.0684 2316 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:51:48.0715 2316 idsvc - ok
23:51:48.0777 2316 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:51:48.0793 2316 iirsp - ok
23:51:48.0855 2316 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
23:51:48.0918 2316 IKEEXT - ok
23:51:48.0933 2316 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
23:51:48.0949 2316 intelide - ok
23:51:48.0980 2316 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:51:48.0996 2316 intelppm - ok
23:51:49.0043 2316 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:51:49.0105 2316 IPBusEnum - ok
23:51:49.0121 2316 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:51:49.0167 2316 IpFilterDriver - ok
23:51:49.0214 2316 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:51:49.0277 2316 iphlpsvc - ok
23:51:49.0292 2316 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:51:49.0292 2316 IPMIDRV - ok
23:51:49.0308 2316 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:51:49.0355 2316 IPNAT - ok
23:51:49.0433 2316 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:51:49.0464 2316 iPod Service - ok
23:51:49.0495 2316 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:51:49.0511 2316 IRENUM - ok
23:51:49.0542 2316 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
23:51:49.0557 2316 isapnp - ok
23:51:49.0573 2316 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
23:51:49.0589 2316 iScsiPrt - ok
23:51:49.0620 2316 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:51:49.0635 2316 kbdclass - ok
23:51:49.0651 2316 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:51:49.0682 2316 kbdhid - ok
23:51:49.0698 2316 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
23:51:49.0729 2316 KeyIso - ok
23:51:49.0745 2316 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:51:49.0760 2316 KSecDD - ok
23:51:49.0776 2316 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:51:49.0791 2316 KSecPkg - ok
23:51:49.0823 2316 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:51:49.0854 2316 ksthunk - ok
23:51:49.0901 2316 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
23:51:49.0947 2316 KtmRm - ok
23:51:49.0994 2316 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
23:51:50.0010 2316 LanmanServer - ok
23:51:50.0025 2316 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:51:50.0072 2316 LanmanWorkstation - ok
23:51:50.0103 2316 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:51:50.0181 2316 lltdio - ok
23:51:50.0213 2316 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:51:50.0259 2316 lltdsvc - ok
23:51:50.0275 2316 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:51:50.0306 2316 lmhosts - ok
23:51:50.0353 2316 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:51:50.0369 2316 LSI_FC - ok
23:51:50.0384 2316 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:51:50.0400 2316 LSI_SAS - ok
23:51:50.0415 2316 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:51:50.0431 2316 LSI_SAS2 - ok
23:51:50.0447 2316 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:51:50.0462 2316 LSI_SCSI - ok
23:51:50.0478 2316 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
23:51:50.0556 2316 luafv - ok
23:51:50.0587 2316 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
23:51:50.0634 2316 MBAMProtector - ok
23:51:50.0681 2316 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
23:51:50.0696 2316 MBAMScheduler - ok
23:51:50.0759 2316 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
23:51:50.0790 2316 MBAMService - ok
23:51:50.0868 2316 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
23:51:50.0899 2316 McComponentHostService - ok
23:51:50.0915 2316 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:51:50.0946 2316 Mcx2Svc - ok
23:51:50.0961 2316 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:51:50.0977 2316 megasas - ok
23:51:50.0993 2316 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:51:51.0008 2316 MegaSR - ok
23:51:51.0055 2316 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
23:51:51.0133 2316 MMCSS - ok
23:51:51.0149 2316 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
23:51:51.0195 2316 Modem - ok
23:51:51.0227 2316 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:51:51.0258 2316 monitor - ok
23:51:51.0273 2316 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:51:51.0289 2316 mouclass - ok
23:51:51.0336 2316 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:51:51.0367 2316 mouhid - ok
23:51:51.0398 2316 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:51:51.0429 2316 mountmgr - ok
23:51:51.0507 2316 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:51:51.0523 2316 MozillaMaintenance - ok
23:51:51.0554 2316 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
23:51:51.0570 2316 mpio - ok
23:51:51.0585 2316 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:51:51.0648 2316 mpsdrv - ok
23:51:51.0679 2316 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:51:51.0741 2316 MpsSvc - ok
23:51:51.0757 2316 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:51:51.0788 2316 MRxDAV - ok
23:51:51.0819 2316 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:51:51.0882 2316 mrxsmb - ok
23:51:51.0913 2316 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:51:51.0960 2316 mrxsmb10 - ok
23:51:51.0991 2316 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:51:52.0022 2316 mrxsmb20 - ok
23:51:52.0038 2316 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
23:51:52.0053 2316 msahci - ok
23:51:52.0069 2316 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
23:51:52.0100 2316 msdsm - ok
23:51:52.0116 2316 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
23:51:52.0147 2316 MSDTC - ok
23:51:52.0178 2316 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:51:52.0209 2316 Msfs - ok
23:51:52.0241 2316 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:51:52.0303 2316 mshidkmdf - ok
23:51:52.0319 2316 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
23:51:52.0334 2316 msisadrv - ok
23:51:52.0350 2316 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:51:52.0397 2316 MSiSCSI - ok
23:51:52.0397 2316 msiserver - ok
23:51:52.0428 2316 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:51:52.0506 2316 MSKSSRV - ok
23:51:52.0506 2316 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:51:52.0568 2316 MSPCLOCK - ok
23:51:52.0599 2316 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:51:52.0662 2316 MSPQM - ok
23:51:52.0677 2316 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:51:52.0693 2316 MsRPC - ok
23:51:52.0709 2316 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:51:52.0724 2316 mssmbios - ok
23:51:52.0724 2316 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:51:52.0771 2316 MSTEE - ok
23:51:52.0787 2316 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:51:52.0818 2316 MTConfig - ok
23:51:52.0833 2316 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
23:51:52.0865 2316 Mup - ok
23:51:52.0896 2316 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
23:51:52.0943 2316 napagent - ok
23:51:52.0989 2316 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:51:53.0052 2316 NativeWifiP - ok
23:51:53.0114 2316 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
23:51:53.0161 2316 NDIS - ok
23:51:53.0192 2316 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:51:53.0223 2316 NdisCap - ok
23:51:53.0255 2316 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:51:53.0317 2316 NdisTapi - ok
23:51:53.0348 2316 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:51:53.0379 2316 Ndisuio - ok
23:51:53.0395 2316 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:51:53.0426 2316 NdisWan - ok
23:51:53.0442 2316 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:51:53.0489 2316 NDProxy - ok
23:51:53.0504 2316 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:51:53.0551 2316 NetBIOS - ok
23:51:53.0582 2316 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:51:53.0629 2316 NetBT - ok
23:51:53.0645 2316 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
23:51:53.0660 2316 Netlogon - ok
23:51:53.0691 2316 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
23:51:53.0754 2316 Netman - ok
23:51:53.0769 2316 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
23:51:53.0832 2316 netprofm - ok
23:51:53.0863 2316 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:51:53.0863 2316 NetTcpPortSharing - ok
23:51:53.0910 2316 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:51:53.0941 2316 nfrd960 - ok
23:51:53.0972 2316 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:51:54.0035 2316 NlaSvc - ok
23:51:54.0050 2316 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:51:54.0097 2316 Npfs - ok
23:51:54.0113 2316 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
23:51:54.0191 2316 nsi - ok
23:51:54.0206 2316 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:51:54.0269 2316 nsiproxy - ok
23:51:54.0315 2316 [ 356698A13C4630D5B31C37378D469196 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:51:54.0362 2316 Ntfs - ok
23:51:54.0393 2316 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
23:51:54.0456 2316 Null - ok
23:51:54.0503 2316 [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
23:51:54.0518 2316 nvraid - ok
23:51:54.0534 2316 [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
23:51:54.0549 2316 nvstor - ok
23:51:54.0565 2316 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
23:51:54.0581 2316 nv_agp - ok
23:51:54.0596 2316 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
23:51:54.0627 2316 ohci1394 - ok
23:51:54.0643 2316 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:51:54.0690 2316 p2pimsvc - ok
23:51:54.0721 2316 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
23:51:54.0737 2316 p2psvc - ok
23:51:54.0768 2316 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:51:54.0799 2316 Parport - ok
23:51:54.0830 2316 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:51:54.0846 2316 partmgr - ok
23:51:54.0877 2316 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:51:54.0908 2316 PcaSvc - ok
23:51:54.0939 2316 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
23:51:54.0955 2316 pci - ok
23:51:54.0971 2316 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
23:51:54.0986 2316 pciide - ok
23:51:55.0002 2316 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:51:55.0017 2316 pcmcia - ok
23:51:55.0049 2316 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
23:51:55.0049 2316 pcw - ok
23:51:55.0080 2316 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:51:55.0127 2316 PEAUTH - ok
23:51:55.0189 2316 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
23:51:55.0267 2316 PeerDistSvc - ok
23:51:55.0345 2316 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:51:55.0376 2316 PerfHost - ok
23:51:55.0439 2316 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
23:51:55.0501 2316 pla - ok
23:51:55.0563 2316 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:51:55.0626 2316 PlugPlay - ok
23:51:55.0657 2316 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:51:55.0673 2316 PNRPAutoReg - ok
23:51:55.0688 2316 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:51:55.0719 2316 PNRPsvc - ok
23:51:55.0766 2316 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:51:55.0844 2316 PolicyAgent - ok
23:51:55.0875 2316 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
23:51:55.0922 2316 Power - ok
23:51:55.0953 2316 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:51:56.0000 2316 PptpMiniport - ok
23:51:56.0016 2316 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:51:56.0031 2316 Processor - ok
23:51:56.0063 2316 [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc C:\Windows\system32\profsvc.dll
23:51:56.0109 2316 ProfSvc - ok
23:51:56.0141 2316 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:51:56.0141 2316 ProtectedStorage - ok
23:51:56.0172 2316 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:51:56.0219 2316 Psched - ok
23:51:56.0265 2316 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:51:56.0297 2316 ql2300 - ok
23:51:56.0359 2316 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:51:56.0390 2316 ql40xx - ok
23:51:56.0421 2316 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
23:51:56.0453 2316 QWAVE - ok
23:51:56.0468 2316 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:51:56.0499 2316 QWAVEdrv - ok
23:51:56.0515 2316 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:51:56.0577 2316 RasAcd - ok
23:51:56.0609 2316 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:51:56.0640 2316 RasAgileVpn - ok
23:51:56.0671 2316 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
23:51:56.0718 2316 RasAuto - ok
23:51:56.0749 2316 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:51:56.0780 2316 Rasl2tp - ok
23:51:56.0811 2316 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
23:51:56.0858 2316 RasMan - ok
23:51:56.0874 2316 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:51:56.0921 2316 RasPppoe - ok
23:51:56.0936 2316 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:51:56.0983 2316 RasSstp - ok
23:51:56.0999 2316 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:51:57.0061 2316 rdbss - ok
23:51:57.0077 2316 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:51:57.0108 2316 rdpbus - ok
23:51:57.0123 2316 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:51:57.0155 2316 RDPCDD - ok
23:51:57.0186 2316 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
23:51:57.0233 2316 RDPDR - ok
23:51:57.0264 2316 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:51:57.0357 2316 RDPENCDD - ok
23:51:57.0389 2316 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:51:57.0420 2316 RDPREFMP - ok
23:51:57.0451 2316 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:51:57.0482 2316 RDPWD - ok
23:51:57.0529 2316 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:51:57.0560 2316 rdyboost - ok
23:51:57.0591 2316 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:51:57.0669 2316 RemoteAccess - ok
23:51:57.0685 2316 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:51:57.0732 2316 RemoteRegistry - ok
23:51:57.0763 2316 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:51:57.0810 2316 RpcEptMapper - ok
23:51:57.0825 2316 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
23:51:57.0857 2316 RpcLocator - ok
23:51:57.0888 2316 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
23:51:57.0935 2316 RpcSs - ok
23:51:57.0966 2316 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:51:58.0059 2316 rspndr - ok
23:51:58.0091 2316 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
23:51:58.0122 2316 s3cap - ok
23:51:58.0137 2316 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
23:51:58.0153 2316 SamSs - ok
23:51:58.0184 2316 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
23:51:58.0200 2316 sbp2port - ok
23:51:58.0215 2316 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:51:58.0262 2316 SCardSvr - ok
23:51:58.0278 2316 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:51:58.0325 2316 scfilter - ok
23:51:58.0371 2316 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
23:51:58.0434 2316 Schedule - ok
23:51:58.0465 2316 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:51:58.0496 2316 SCPolicySvc - ok
23:51:58.0527 2316 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:51:58.0574 2316 SDRSVC - ok
23:51:58.0605 2316 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:51:58.0668 2316 secdrv - ok
23:51:58.0699 2316 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
23:51:58.0730 2316 seclogon - ok
23:51:58.0761 2316 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
23:51:58.0808 2316 SENS - ok
23:51:58.0839 2316 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:51:58.0886 2316 SensrSvc - ok
23:51:58.0917 2316 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:51:58.0964 2316 Serenum - ok
23:51:58.0980 2316 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:51:59.0027 2316 Serial - ok
23:51:59.0042 2316 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:51:59.0073 2316 sermouse - ok
23:51:59.0105 2316 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
23:51:59.0151 2316 SessionEnv - ok
23:51:59.0229 2316 [ 70F9C476B62DE4F2823E918A6C181ADE ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
23:51:59.0276 2316 SFEP - ok
23:51:59.0292 2316 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
23:51:59.0323 2316 sffdisk - ok
23:51:59.0339 2316 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:51:59.0370 2316 sffp_mmc - ok
23:51:59.0370 2316 [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
23:51:59.0385 2316 sffp_sd - ok
23:51:59.0385 2316 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:51:59.0417 2316 sfloppy - ok
23:51:59.0463 2316 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:51:59.0541 2316 SharedAccess - ok
23:51:59.0573 2316 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:51:59.0619 2316 ShellHWDetection - ok
23:51:59.0651 2316 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:51:59.0651 2316 SiSRaid2 - ok
23:51:59.0682 2316 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:51:59.0682 2316 SiSRaid4 - ok
23:51:59.0713 2316 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:51:59.0775 2316 Smb - ok
23:51:59.0807 2316 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:51:59.0822 2316 SNMPTRAP - ok
23:51:59.0838 2316 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
23:51:59.0838 2316 spldr - ok
23:51:59.0885 2316 [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler C:\Windows\System32\spoolsv.exe
23:51:59.0916 2316 Spooler - ok
23:52:00.0025 2316 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
23:52:00.0150 2316 sppsvc - ok
23:52:00.0165 2316 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:52:00.0212 2316 sppuinotify - ok
23:52:00.0243 2316 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:52:00.0321 2316 srv - ok
23:52:00.0368 2316 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:52:00.0399 2316 srv2 - ok
23:52:00.0446 2316 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:52:00.0493 2316 srvnet - ok
23:52:00.0524 2316 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:52:00.0618 2316 SSDPSRV - ok
23:52:00.0633 2316 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:52:00.0680 2316 SstpSvc - ok
23:52:00.0711 2316 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:52:00.0711 2316 stexstor - ok
23:52:00.0743 2316 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
23:52:00.0789 2316 stisvc - ok
23:52:00.0821 2316 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
23:52:00.0852 2316 storflt - ok
23:52:00.0883 2316 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
23:52:00.0899 2316 storvsc - ok
23:52:00.0914 2316 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:52:00.0930 2316 swenum - ok
23:52:00.0961 2316 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
23:52:01.0008 2316 swprv - ok
23:52:01.0055 2316 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
23:52:01.0101 2316 SysMain - ok
23:52:01.0133 2316 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:52:01.0164 2316 TabletInputService - ok
23:52:01.0179 2316 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
23:52:01.0242 2316 TapiSrv - ok
23:52:01.0273 2316 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
23:52:01.0304 2316 TBS - ok
23:52:01.0382 2316 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:52:01.0429 2316 Tcpip - ok
23:52:01.0507 2316 [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:52:01.0554 2316 TCPIP6 - ok
23:52:01.0585 2316 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:52:01.0616 2316 tcpipreg - ok
23:52:01.0632 2316 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:52:01.0663 2316 TDPIPE - ok
23:52:01.0710 2316 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:52:01.0772 2316 TDTCP - ok
23:52:01.0803 2316 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:52:01.0881 2316 tdx - ok
23:52:01.0959 2316 [ 622FCF264119F7DF127BE353F796B319 ] TelevisionFanaticService C:\PROGRA~2\TELEVI~2\bar\1.bin\64barsvc.exe
23:52:01.0991 2316 TelevisionFanaticService - ok
23:52:02.0006 2316 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:52:02.0022 2316 TermDD - ok
23:52:02.0069 2316 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
23:52:02.0131 2316 TermService - ok
23:52:02.0147 2316 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
23:52:02.0178 2316 Themes - ok
23:52:02.0193 2316 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
23:52:02.0240 2316 THREADORDER - ok
23:52:02.0271 2316 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
23:52:02.0349 2316 TrkWks - ok
23:52:02.0396 2316 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:52:02.0427 2316 TrustedInstaller - ok
23:52:02.0443 2316 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:52:02.0490 2316 tssecsrv - ok
23:52:02.0505 2316 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:52:02.0552 2316 tunnel - ok
23:52:02.0568 2316 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:52:02.0583 2316 uagp35 - ok
23:52:02.0599 2316 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:52:02.0646 2316 udfs - ok
23:52:02.0661 2316 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:52:02.0677 2316 UI0Detect - ok
23:52:02.0693 2316 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
23:52:02.0708 2316 uliagpkx - ok
23:52:02.0724 2316 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:52:02.0739 2316 umbus - ok
23:52:02.0739 2316 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:52:02.0771 2316 UmPass - ok
23:52:02.0786 2316 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
23:52:02.0817 2316 UmRdpService - ok
23:52:02.0849 2316 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
23:52:02.0880 2316 upnphost - ok
23:52:02.0911 2316 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
23:52:02.0942 2316 USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
23:52:02.0942 2316 USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
23:52:02.0973 2316 [ B26AFB54A534D634523C4FB66765B026 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:52:02.0989 2316 usbccgp - ok
23:52:03.0020 2316 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
23:52:03.0036 2316 usbcir - ok
23:52:03.0051 2316 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:52:03.0083 2316 usbehci - ok
23:52:03.0129 2316 [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:52:03.0161 2316 usbhub - ok
23:52:03.0176 2316 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
23:52:03.0176 2316 usbohci - ok
23:52:03.0192 2316 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:52:03.0207 2316 usbprint - ok
23:52:03.0223 2316 [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:52:03.0239 2316 USBSTOR - ok
23:52:03.0254 2316 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:52:03.0285 2316 usbuhci - ok
23:52:03.0317 2316 [ D501E12614B00A3252073101D6A1A74B ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
23:52:03.0348 2316 usbvideo - ok
23:52:03.0363 2316 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
23:52:03.0410 2316 UxSms - ok
23:52:03.0426 2316 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
23:52:03.0441 2316 VaultSvc - ok
23:52:03.0457 2316 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
23:52:03.0473 2316 vdrvroot - ok
23:52:03.0488 2316 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
23:52:03.0519 2316 vds - ok
23:52:03.0551 2316 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:52:03.0566 2316 vga - ok
23:52:03.0582 2316 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
23:52:03.0613 2316 VgaSave - ok
23:52:03.0644 2316 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
23:52:03.0660 2316 vhdmp - ok
23:52:03.0675 2316 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
23:52:03.0691 2316 viaide - ok
23:52:03.0738 2316 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
23:52:03.0769 2316 vmbus - ok
23:52:03.0769 2316 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
23:52:03.0785 2316 VMBusHID - ok
23:52:03.0816 2316 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
23:52:03.0816 2316 volmgr - ok
23:52:03.0831 2316 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:52:03.0847 2316 volmgrx - ok
23:52:03.0894 2316 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:52:03.0925 2316 volsnap - ok
23:52:03.0972 2316 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:52:03.0987 2316 vsmraid - ok
23:52:04.0050 2316 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
23:52:04.0097 2316 VSS - ok
23:52:04.0112 2316 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
23:52:04.0190 2316 vwifibus - ok
23:52:04.0221 2316 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
23:52:04.0237 2316 vwififlt - ok
23:52:04.0253 2316 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
23:52:04.0284 2316 vwifimp - ok
23:52:04.0315 2316 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
23:52:04.0362 2316 W32Time - ok
23:52:04.0377 2316 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:52:04.0409 2316 WacomPen - ok
23:52:04.0440 2316 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:52:04.0502 2316 WANARP - ok
23:52:04.0518 2316 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:52:04.0549 2316 Wanarpv6 - ok
23:52:04.0611 2316 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
23:52:04.0658 2316 wbengine - ok
23:52:04.0689 2316 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:52:04.0705 2316 WbioSrvc - ok
23:52:04.0721 2316 [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:52:04.0752 2316 wcncsvc - ok
23:52:04.0752 2316 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:52:04.0799 2316 WcsPlugInService - ok
23:52:04.0814 2316 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:52:04.0830 2316 Wd - ok
23:52:04.0845 2316 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:52:04.0877 2316 Wdf01000 - ok
23:52:04.0892 2316 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:52:04.0908 2316 WdiServiceHost - ok
23:52:04.0923 2316 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:52:04.0939 2316 WdiSystemHost - ok
23:52:04.0955 2316 [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient C:\Windows\System32\webclnt.dll
23:52:04.0986 2316 WebClient - ok
23:52:05.0017 2316 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:52:05.0064 2316 Wecsvc - ok
23:52:05.0095 2316 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:52:05.0126 2316 wercplsupport - ok
23:52:05.0157 2316 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
23:52:05.0189 2316 WerSvc - ok
23:52:05.0204 2316 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:52:05.0235 2316 WfpLwf - ok
23:52:05.0251 2316 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:52:05.0251 2316 WIMMount - ok
23:52:05.0267 2316 WinDefend - ok
23:52:05.0282 2316 WinHttpAutoProxySvc - ok
23:52:05.0313 2316 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:52:05.0391 2316 Winmgmt - ok
23:52:05.0469 2316 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
23:52:05.0547 2316 WinRM - ok
23:52:05.0610 2316 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
23:52:05.0641 2316 WinUsb - ok
23:52:05.0688 2316 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
23:52:05.0735 2316 Wlansvc - ok
23:52:05.0766 2316 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
23:52:05.0766 2316 WmiAcpi - ok
23:52:05.0797 2316 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:52:05.0813 2316 wmiApSrv - ok
23:52:05.0828 2316 WMPNetworkSvc - ok
23:52:05.0859 2316 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:52:05.0906 2316 WPCSvc - ok
23:52:05.0922 2316 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:52:05.0984 2316 WPDBusEnum - ok
23:52:06.0015 2316 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:52:06.0078 2316 ws2ifsl - ok
23:52:06.0093 2316 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
23:52:06.0109 2316 wscsvc - ok
23:52:06.0125 2316 WSearch - ok
23:52:06.0203 2316 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
23:52:06.0265 2316 wuauserv - ok
23:52:06.0281 2316 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:52:06.0327 2316 WudfPf - ok
23:52:06.0359 2316 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:52:06.0405 2316 WUDFRd - ok
23:52:06.0421 2316 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:52:06.0468 2316 wudfsvc - ok
23:52:06.0483 2316 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
23:52:06.0499 2316 WwanSvc - ok
23:52:06.0515 2316 ================ Scan global ===============================
23:52:06.0530 2316 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:52:06.0577 2316 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
23:52:06.0593 2316 [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
23:52:06.0624 2316 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:52:06.0655 2316 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
23:52:06.0655 2316 [Global] - ok
23:52:06.0655 2316 ================ Scan MBR ==================================
23:52:06.0686 2316 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:52:07.0045 2316 \Device\Harddisk0\DR0 - ok
23:52:07.0061 2316 ================ Scan VBR ==================================
23:52:07.0061 2316 [ E688E1B8AC39C92465B3F828E9A0E2B3 ] \Device\Harddisk0\DR0\Partition1
23:52:07.0061 2316 \Device\Harddisk0\DR0\Partition1 - ok
23:52:07.0092 2316 [ B0FB463E456DFA57B200EB0909FECE80 ] \Device\Harddisk0\DR0\Partition2
23:52:07.0092 2316 \Device\Harddisk0\DR0\Partition2 - ok
23:52:07.0107 2316 [ 7BAEA7E2C8E2985B4C1F12763A37625E ] \Device\Harddisk0\DR0\Partition3
23:52:07.0123 2316 \Device\Harddisk0\DR0\Partition3 - ok
23:52:07.0123 2316 ============================================================
23:52:07.0123 2316 Scan finished
23:52:07.0123 2316 ============================================================
23:52:07.0139 1360 Detected object count: 1
23:52:07.0139 1360 Actual detected object count: 1
23:52:40.0084 1360 USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
23:52:40.0084 1360 USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:52:46.0841 1180 Deinitialize success
Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-17 23:33:24
-----------------------------
23:33:24.435 OS Version: Windows x64 6.1.7600
23:33:24.435 Number of processors: 2 586 0x2A07
23:33:24.435 ComputerName: MAJDIAMENIELVIR UserName:
23:33:24.903 Initialize success
23:36:11.445 AVAST engine defs: 13031701
23:42:36.246 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:42:36.253 Disk 0 Vendor: Hitachi_HTS547550A9E384 JE3OA50B Size: 476940MB BusType: 11
23:42:36.272 Disk 0 MBR read successfully
23:42:36.278 Disk 0 MBR scan
23:42:36.297 Disk 0 Windows 7 default MBR code
23:42:36.314 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:42:36.339 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 99900 MB offset 206848
23:42:36.374 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 376938 MB offset 204802048
23:42:36.424 Disk 0 scanning C:\Windows\system32\drivers
23:42:46.493 Service scanning
23:43:12.450 Modules scanning
23:43:12.452 Disk 0 trace - called modules:
23:43:12.472 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
23:43:12.477 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800483d6d0]
23:43:12.478 3 CLASSPNP.SYS[fffff8800190a43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80046d9060]
23:43:13.125 AVAST engine scan C:\Windows
23:43:14.662 AVAST engine scan C:\Windows\system32
23:45:43.458 AVAST engine scan C:\Windows\system32\drivers
23:45:56.123 AVAST engine scan C:\Users\majdi ameni elvira
23:48:31.300 Disk 0 MBR has been saved successfully to "C:\Users\majdi ameni elvira\Desktop\MBR.dat"
23:48:31.309 The log file has been saved successfully to "C:\Users\majdi ameni elvira\Desktop\aswMBR.txt"
|
|
18.03.2013, 11:45
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mahnungsemail mit Rechnung im Anhang, das öffnen des Anhangs ist fehlgeschlagen, und durch scan habe ich 15 mit trojaner infizierte objekte. Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.03.2013, 19:11
| #13 |
| | Mahnungsemail mit Rechnung im Anhang, das öffnen des Anhangs ist fehlgeschlagen, und durch scan habe ich 15 mit trojaner infizierte objekte. ... Code:
ATTFilter ComboFix 13-03-17.01 - majdi ameni elvira 18.03.2013 19:18:52.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1033.18.4078.2915 [GMT 1:00]
ausgeführt von:: c:\users\majdi ameni elvira\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\TelevisionFanatic
c:\program files (x86)\TelevisionFanatic\bar\1.bin\64auxstb.dll
c:\program files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll
c:\program files (x86)\TelevisionFanatic\bar\1.bin\64barsvc.exe
c:\program files (x86)\TelevisionFanatic\bar\1.bin\64brmon.exe
c:\program files (x86)\TelevisionFanatic\bar\1.bin\64brstub.dll
c:\program files (x86)\TelevisionFanatic\bar\1.bin\64datact.dll
c:\program files (x86)\TelevisionFanatic\bar\1.bin\64dlghk.dll
c:\program files (x86)\TelevisionFanatic\bar\1.bin\64dyn.dll
c:\program files (x86)\TelevisionFanatic\bar\1.bin\64feedmg.dll
c:\program files (x86)\TelevisionFanatic\bar\1.bin\64highin.exe
c:\program files (x86)\TelevisionFanatic\bar\1.bin\64hkstub.dll
c:\program files (x86)\TelevisionFanatic\bar\1.bin\64htmlmu.dll
c:\program files (x86)\TelevisionFanatic\bar\1.bin\64httpct.dll
c:\program files (x86)\TelevisionFanatic\bar\1.bin\64idle.dll
c:\program files (x86)\TelevisionFanatic\bar\1.bin\64ieovr.dll
c:\program files (x86)\TelevisionFanatic\bar\1.bin\64impipe.exe
c:\program files (x86)\TelevisionFanatic\bar\1.bin\64medint.exe
c:\program files (x86)\TelevisionFanatic\bar\1.bin\64mlbtn.dll
c:\program files (x86)\TelevisionFanatic\bar\1.bin\64msg.dll
c:\program files (x86)\TelevisionFanatic\bar\1.bin\64Plugin.dll
c:\program files (x86)\TelevisionFanatic\bar\1.bin\64radio.dll
c:\program files (x86)\TelevisionFanatic\bar\1.bin\64regfft.dll
c:\program files (x86)\TelevisionFanatic\bar\1.bin\64reghk.dll
c:\program files (x86)\TelevisionFanatic\bar\1.bin\64regiet.dll
c:\program files (x86)\TelevisionFanatic\bar\1.bin\64script.dll
c:\program files (x86)\TelevisionFanatic\bar\1.bin\64skin.dll
c:\program files (x86)\TelevisionFanatic\bar\1.bin\64sknlcr.dll
c:\program files (x86)\TelevisionFanatic\bar\1.bin\64skplay.exe
c:\program files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll
c:\program files (x86)\TelevisionFanatic\bar\1.bin\64SrchMn.exe
c:\program files (x86)\TelevisionFanatic\bar\1.bin\64tpinst.dll
c:\program files (x86)\TelevisionFanatic\bar\1.bin\64uabtn.dll
c:\program files (x86)\TelevisionFanatic\bar\1.bin\BOOTSTRAP.JS
c:\program files (x86)\TelevisionFanatic\bar\1.bin\CHROME.MANIFEST
c:\program files (x86)\TelevisionFanatic\bar\1.bin\chrome\64ffxtbr.jar
c:\program files (x86)\TelevisionFanatic\bar\1.bin\CREXT.DLL
c:\program files (x86)\TelevisionFanatic\bar\1.bin\CrExtP64.exe
c:\program files (x86)\TelevisionFanatic\bar\1.bin\INSTALL.RDF
c:\program files (x86)\TelevisionFanatic\bar\1.bin\installKeys.js
c:\program files (x86)\TelevisionFanatic\bar\1.bin\LOGO.BMP
c:\program files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll
c:\program files (x86)\TelevisionFanatic\bar\1.bin\T8EXTEX.DLL
c:\program files (x86)\TelevisionFanatic\bar\1.bin\T8EXTPEX.DLL
c:\program files (x86)\TelevisionFanatic\bar\1.bin\T8HTML.DLL
c:\program files (x86)\TelevisionFanatic\bar\1.bin\T8RES.DLL
c:\program files (x86)\TelevisionFanatic\bar\1.bin\T8TICKER.DLL
c:\program files (x86)\TelevisionFanatic\bar\gen1\COMMON.T8S
c:\program files (x86)\TelevisionFanatic\bar\IE9Mesg\COMMON.T8S
c:\program files (x86)\TelevisionFanatic\bar\Message\COMMON.T8S
c:\program files (x86)\TelevisionFanatic\bar\Settings\s_pid.dat
c:\users\majdi ameni elvira\AppData\Roaming\Mozilla\Firefox\Profiles\bo9166oc.default\extensions\64ffxtbr@TelevisionFanatic.com
c:\users\majdi ameni elvira\AppData\Roaming\Mozilla\Firefox\Profiles\bo9166oc.default\extensions\64ffxtbr@TelevisionFanatic.com\bootstrap.js
c:\users\majdi ameni elvira\AppData\Roaming\Mozilla\Firefox\Profiles\bo9166oc.default\extensions\64ffxtbr@TelevisionFanatic.com\chrome.manifest
c:\users\majdi ameni elvira\AppData\Roaming\Mozilla\Firefox\Profiles\bo9166oc.default\extensions\64ffxtbr@TelevisionFanatic.com\chrome\64ffxtbr.jar
c:\users\majdi ameni elvira\AppData\Roaming\Mozilla\Firefox\Profiles\bo9166oc.default\extensions\64ffxtbr@TelevisionFanatic.com\install.rdf
c:\users\majdi ameni elvira\AppData\Roaming\Mozilla\Firefox\Profiles\bo9166oc.default\extensions\64ffxtbr@TelevisionFanatic.com\META-INF\manifest.mf
c:\users\majdi ameni elvira\AppData\Roaming\Mozilla\Firefox\Profiles\bo9166oc.default\extensions\64ffxtbr@TelevisionFanatic.com\META-INF\zigbert.rsa
c:\users\majdi ameni elvira\AppData\Roaming\Mozilla\Firefox\Profiles\bo9166oc.default\extensions\64ffxtbr@TelevisionFanatic.com\META-INF\zigbert.sf
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_TelevisionFanaticService
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-18 bis 2013-03-18 ))))))))))))))))))))))))))))))
.
.
2013-03-18 12:37 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1D121B92-1E23-4179-9CF9-EA7FE4CDF6FD}\mpengine.dll
2013-03-13 14:34 . 2013-02-02 07:31 17815040 ----a-w- c:\windows\system32\mshtml.dll
2013-03-13 14:34 . 2013-02-02 06:58 10925568 ----a-w- c:\windows\system32\ieframe.dll
2013-03-12 23:28 . 2013-03-12 23:28 -------- d-----w- c:\users\majdi ameni elvira\AppData\Roaming\Malwarebytes
2013-03-12 23:28 . 2013-03-12 23:28 -------- d-----w- c:\programdata\Malwarebytes
2013-03-12 23:28 . 2013-03-12 23:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-12 23:28 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-12 23:28 . 2013-03-12 23:28 -------- d-----w- c:\users\majdi ameni elvira\AppData\Local\Programs
2013-03-12 22:51 . 2013-03-12 23:30 -------- d--h--w- c:\users\majdi ameni elvira\AppData\Roaming\3EE0BCD6
2013-03-12 22:50 . 2013-03-12 23:34 -------- d-----w- c:\users\majdi ameni elvira\Sbblisr
2013-03-12 11:35 . 2013-03-12 11:35 -------- d-----w- c:\program files (x86)\MSXML 4.0
2013-03-12 11:32 . 2013-03-12 11:32 -------- d-----w- c:\users\majdi ameni elvira\AppData\Roaming\U3
2013-03-11 14:02 . 2013-03-11 14:02 -------- d-----w- c:\program files (x86)\AskTBar
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 14:36 . 2012-09-30 09:34 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-03-13 13:38 . 2012-10-04 04:24 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 13:38 . 2012-10-04 04:24 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-17 00:28 . 2012-09-28 06:06 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-05 05:57 . 2013-02-13 12:53 5500776 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:02 . 2013-02-13 12:53 3957608 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:02 . 2013-02-13 12:53 3902312 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:41 . 2013-02-13 12:53 1893224 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-04 05:40 . 2013-02-13 12:53 287576 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-01-04 05:37 . 2013-02-13 12:53 362496 ----a-w- c:\windows\system32\wow64win.dll
2013-01-04 05:37 . 2013-02-13 12:53 243200 ----a-w- c:\windows\system32\wow64.dll
2013-01-04 05:37 . 2013-02-13 12:53 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2013-01-04 05:36 . 2013-02-13 12:53 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 05:33 . 2013-02-13 12:53 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2013-01-04 05:30 . 2013-02-13 12:53 424960 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-04 05:30 . 2013-02-13 12:53 1161216 ----a-w- c:\windows\system32\kernel32.dll
2013-01-04 05:27 . 2013-02-13 12:53 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-01-04 05:27 . 2013-02-13 12:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-04 05:27 . 2013-02-13 12:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-01-04 05:27 . 2013-02-13 12:53 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-04 05:27 . 2013-02-13 12:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-04 05:27 . 2013-02-13 12:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-01-04 05:27 . 2013-02-13 12:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-04 05:27 . 2013-02-13 12:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-01-04 05:27 . 2013-02-13 12:53 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-04 05:27 . 2013-02-13 12:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-04 05:27 . 2013-02-13 12:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 12:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 12:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 12:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 12:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 12:53 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 12:53 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 12:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 12:53 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 12:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 12:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 12:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 12:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 12:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 12:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 12:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 12:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-04 05:26 . 2013-02-13 12:53 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-01-04 04:51 . 2013-02-13 12:53 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-04 04:51 . 2013-02-13 12:53 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2013-01-04 04:43 . 2013-02-13 12:53 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 12:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 12:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 12:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 12:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 12:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 12:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 12:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 12:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 12:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 12:53 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 12:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 12:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 12:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 12:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 12:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 12:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 12:53 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 12:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 12:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 12:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 12:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 12:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 12:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2013-01-04 04:43 . 2013-02-13 12:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-04 03:22 . 2013-02-13 12:53 3150848 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 03:19 . 2013-02-13 12:53 338432 ----a-w- c:\windows\system32\conhost.exe
2013-01-04 02:48 . 2013-02-13 12:53 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-04 02:48 . 2013-02-13 12:53 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-04 02:48 . 2013-02-13 12:53 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-04 02:48 . 2013-02-13 12:53 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-04 02:43 . 2013-02-13 12:53 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-04 02:43 . 2013-02-13 12:53 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-01-04 02:43 . 2013-02-13 12:53 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-04 02:43 . 2013-02-13 12:53 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files (x86)\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2013-03-11 57344]
.
[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-02-22 26104104]
"Facebook Update"="c:\users\majdi ameni elvira\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-30 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-05-29 115032]
"Sweetpacks Communicator"="c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader - Schnellstart.lnk - c:\program files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 11392]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-04 13:38]
.
2013-03-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3828282979-3244811858-1549132693-1000Core.job
- c:\users\majdi ameni elvira\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-30 05:51]
.
2013-03-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3828282979-3244811858-1549132693-1000UA.job
- c:\users\majdi ameni elvira\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-30 05:51]
.
2013-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-13 22:40]
.
2013-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-13 22:40]
.
2013-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3828282979-3244811858-1549132693-1000Core.job
- c:\users\majdi ameni elvira\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-30 05:45]
.
2013-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3828282979-3244811858-1549132693-1000UA.job
- c:\users\majdi ameni elvira\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-30 05:45]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^XP^xdm284^YY^de&ptb=9793F69C-12AB-4040-8A21-21C370963563&si=CMWkj4Ce_LQCFUmN3godwloAZQ
mStart Page = hxxp://home.sweetim.com/?st=6&barid={258AC3B4-38E1-11E2-8D52-802D4622B6AB}
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\majdi ameni elvira\AppData\Roaming\Mozilla\Firefox\Profiles\bo9166oc.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://home.mywebsearch.com/index.jhtml?ptb=9793F69C-12AB-4040-8A21-21C370963563&n=77fc20f8&p2=^XP^xdm284^YY^de&si=CMWkj4Ce_LQCFUmN3godwloAZQ
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=9793F69C-12AB-4040-8A21-21C370963563&n=77fc20f8&ind=2013012216&p2=^XP^xdm284^YY^de&si=CMWkj4Ce_LQCFUmN3godwloAZQ&searchfor=
FF - ExtSQL: 2013-01-22 16:05; 64ffxtbr@TelevisionFanatic.com; c:\users\majdi ameni elvira\AppData\Roaming\Mozilla\Firefox\Profiles\bo9166oc.default\extensions\64ffxtbr@TelevisionFanatic.com
FF - ExtSQL: !HIDDEN! 2013-01-22 16:05; 64ffxtbr@TelevisionFanatic.com; c:\program files (x86)\TelevisionFanatic\bar\1.bin
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=1839a315000000000000062737ac3dfd&q=
FF - user.js: extensions.BabylonToolbar.id - 1839a315000000000000062737ac3dfd
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15667
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.822:01
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - irhnew
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQQWpXjtr&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 1839a315000000000000062737ac3dfd
FF - user.js: extensions.incredibar_i.instlDay - 15671
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.141:15
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQQWpXjtr
FF - user.js: extensions.incredibar_i.upn2n - 92543995753433061
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 6666660837
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{5d79f641-c168-40df-a32f-bacea7509e75} - c:\program files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll
BHO-{cb41fc95-f1b3-4797-8bb6-1012ff62abba} - c:\progra~2\TELEVI~2\bar\1.bin\64bar.dll
Toolbar-{c98d5b61-b0ea-4d48-9839-1079d352d880} - c:\program files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll
Wow6432Node-HKLM-Run-TelevisionFanatic Search Scope Monitor - c:\progra~2\TELEVI~2\bar\1.bin\64srchmn.exe
Wow6432Node-HKLM-Run-TelevisionFanatic Browser Plugin Loader - c:\progra~2\TELEVI~2\bar\1.bin\64brmon.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-03-18 19:29:49 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-03-18 18:29
.
Vor Suchlauf: 6 Verzeichnis(se), 60.571.811.840 Bytes frei
Nach Suchlauf: 9 Verzeichnis(se), 61.995.118.592 Bytes frei
.
- - End Of File - - 32D4FDAFFDCFE9993069CC27B29BF320
|
|
18.03.2013, 23:34
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Mahnungsemail mit Rechnung im Anhang, das öffnen des Anhangs ist fehlgeschlagen, und durch scan habe ich 15 mit trojaner infizierte objekte. JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.03.2013, 23:59
| #15 |
| | Mahnungsemail mit Rechnung im Anhang, das öffnen des Anhangs ist fehlgeschlagen, und durch scan habe ich 15 mit trojaner infizierte objekte.Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.2 (03.15.2013:1)
OS: Windows 7 Ultimate x64
Ran by majdi ameni elvira on 19.03.2013 at 23:21:52,82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\sweetim
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\sweetpacks communicator
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{c98d5b61-b0ea-4d48-9839-1079d352d880}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-3828282979-3244811858-1549132693-1000\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-3828282979-3244811858-1549132693-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
Failed to delete: [Registry Key] hkey_local_machine\software\datamngr
Failed to delete: [Registry Key] hkey_current_user\software\datamngr_toolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\ib updater
Successfully deleted: [Registry Key] hkey_current_user\software\im
Successfully deleted: [Registry Key] hkey_current_user\software\iminstaller
Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mediaplayer.graphicsutils
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mediaplayer.graphicsutils.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mgmediaplayer.gifanimator
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mgmediaplayer.gifanimator.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\sim-packages
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\bundlesweetimsetup_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\bundlesweetimsetup_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\giant savings-internalinstaller_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\giant savings-internalinstaller_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\giant savings_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\giant savings_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibar_installer_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibar_installer_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibartoolbar_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibartoolbar_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetim_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetim_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetpacksupdatemanager_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetpacksupdatemanager_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\app paths\sweetim.exe
Failed to delete: [Registry Key] hkey_local_machine\software\wow6432node\datamngr
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{0696f815-a3a9-490a-bb14-9ec3350b1276}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{147a976f-eee1-4377-8ea7-4716e4cdd239}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{5d79f641-c168-40df-a32f-bacea7509e75}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{5d79f641-c168-40df-a32f-bacea7509e75}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{9afb8248-617f-460d-9366-d71cdeda3179}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{c98d5b61-b0ea-4d48-9839-1079d352d880}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{cb41fc95-f1b3-4797-8bb6-1012ff62abba}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{cb41fc95-f1b3-4797-8bb6-1012ff62abba}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{cff4db9b-135f-47c0-9269-b4c6572fd61a}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{eee6c360-6118-11dc-9c72-001320c79847}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{eee6c360-6118-11dc-9c72-001320c79847}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{fe063db1-4ec0-403e-8dd8-394c54984b2c}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{fe063db1-4ec0-403e-8dd8-394c54984b2c}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\sweetim"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\majdi ameni elvira\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\majdi ameni elvira\AppData\Roaming\goforfiles"
Successfully deleted: [Folder] "C:\Users\majdi ameni elvira\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\majdi ameni elvira\appdata\local\televisionfanatic"
Successfully deleted: [Folder] "C:\Users\majdi ameni elvira\appdata\locallow\babylontoolbar"
Successfully deleted: [Folder] "C:\Users\majdi ameni elvira\appdata\locallow\televisionfanatic"
Successfully deleted: [Folder] "C:\Program Files (x86)\goforfiles"
Successfully deleted: [Folder] "C:\Program Files (x86)\optimizer pro"
Successfully deleted: [Folder] "C:\Program Files (x86)\perion"
Successfully deleted: [Folder] "C:\Program Files (x86)\sweetim"
~~~ FireFox
Successfully deleted: [File] C:\user.js
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\firefox\profiles\bo9166oc.default\user.js
Successfully deleted: [File] C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\firefox\profiles\bo9166oc.default\extensions\{eee6c361-6118-11dc-9c72-001320c79847}.xpi
Successfully deleted: [File] C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\firefox\profiles\bo9166oc.default\searchplugins\mngr.xml
Successfully deleted: [File] C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\firefox\profiles\bo9166oc.default\searchplugins\my-web-search.xml
Successfully deleted: [File] C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\firefox\profiles\bo9166oc.default\searchplugins\mystart search.xml
Successfully deleted: [File] C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\firefox\profiles\bo9166oc.default\searchplugins\sweetim.xml
Successfully deleted: [Folder] C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\firefox\profiles\bo9166oc.default\extensions\ffxtlbr@incredibar.com
Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\64ffxtbr@televisionfanatic.com
Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\{336d0c35-8a85-403a-b9d2-65c292c39087}
Successfully deleted the following from C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\firefox\profiles\bo9166oc.default\prefs.js
user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=110824&tt=4712_1&babsrc=HP_ss_cr&mntrId=1839a315000000000000062737ac3dfd");
user_pref("avg.install.userSPSettings", "Search the web (Babylon)");
user_pref("browser.newtab.url", "hxxp://home.sweetim.com/?src=97&barid={258AC3B4-38E1-11E2-8D52-802D4622B6AB}");
user_pref("browser.search.defaultenginename", "My Web Search");
user_pref("browser.search.selectedEngine", "My Web Search");
user_pref("browser.startup.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=9793F69C-12AB-4040-8A21-21C370963563&n=77fc20f8&p2=^XP^xdm284^YY^de&si=CMWkj4Ce_LQCFUmN3godw
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
user_pref("extensions.BabylonToolbar.dfltLng", "en");
user_pref("extensions.BabylonToolbar.excTlbr", false);
user_pref("extensions.BabylonToolbar.id", "1839a315000000000000062737ac3dfd");
user_pref("extensions.BabylonToolbar.instlDay", "15667");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.tlbrId", "irhnew");
user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=1839a315000000000000062737ac3dfd&q=");
user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.822:01:50");
user_pref("extensions.crossrider.bic", "13b2f136ebd157307c2c9e06c780d584");
user_pref("extensions.incredibar.actvtyRptTime", "1363178958927");
user_pref("extensions.incredibar.admin", false);
user_pref("extensions.incredibar.aflt", "orgnl");
user_pref("extensions.incredibar.afterInstallRpt", "sent");
user_pref("extensions.incredibar.cntry", "DE");
user_pref("extensions.incredibar.dfltLng", "EN");
user_pref("extensions.incredibar.dfltSrch", false);
user_pref("extensions.incredibar.dfltlng", "en");
user_pref("extensions.incredibar.dfltsrch", "false");
user_pref("extensions.incredibar.did", "10643");
user_pref("extensions.incredibar.envrmnt", "production");
user_pref("extensions.incredibar.excTlbr", false);
user_pref("extensions.incredibar.hdrMd5", "D25AD09ED0BB33979A04FA38701C4EB0");
user_pref("extensions.incredibar.hmpg", false);
user_pref("extensions.incredibar.hrdid", "1839a315000000000000062737ac3dfd");
user_pref("extensions.incredibar.id", "1839a315000000000000062737ac3dfd");
user_pref("extensions.incredibar.installerproductid", "26");
user_pref("extensions.incredibar.instlDay", "15671");
user_pref("extensions.incredibar.instlRef", "");
user_pref("extensions.incredibar.instlday", "15671");
user_pref("extensions.incredibar.instlref", "");
user_pref("extensions.incredibar.isDcmntCmplt", false);
user_pref("extensions.incredibar.isdcmntcmplt", "false");
user_pref("extensions.incredibar.keywordurl", "");
user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.141:15:19");
user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
user_pref("extensions.incredibar.newTab", false);
user_pref("extensions.incredibar.newtab", "false");
user_pref("extensions.incredibar.newtaburl", "");
user_pref("extensions.incredibar.noFFXTlbr", false);
user_pref("extensions.incredibar.ppd", "6666660837");
user_pref("extensions.incredibar.prdct", "incredibar");
user_pref("extensions.incredibar.productid", "26");
user_pref("extensions.incredibar.prtnrId", "Incredibar");
user_pref("extensions.incredibar.prtnrid", "Incredibar");
user_pref("extensions.incredibar.sg", "none");
user_pref("extensions.incredibar.smplGrp", "none");
user_pref("extensions.incredibar.smplgrp", "none");
user_pref("extensions.incredibar.srch", "");
user_pref("extensions.incredibar.srchprvdr", "");
user_pref("extensions.incredibar.tlbrId", "base");
user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQQWpXjtr&loc=IB_TB&i=26&search=");
user_pref("extensions.incredibar.tlbrid", "base");
user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6PQQWpXjtr&loc=IB_TB&i=26&search=");
user_pref("extensions.incredibar.upn2", "6PQQWpXjtr");
user_pref("extensions.incredibar.upn2n", "92543995753433061");
user_pref("extensions.incredibar.vrsn", "1.5.11.14");
user_pref("extensions.incredibar.vrsnTs", "1.5.11.141:15:19");
user_pref("extensions.incredibar.vrsni", "1.5.11.14");
user_pref("extensions.incredibar.vrsnts", "1.5.11.141:15:19");
user_pref("extensions.incredibar_i.aflt", "orgnl");
user_pref("extensions.incredibar_i.dfltLng", "");
user_pref("extensions.incredibar_i.did", "10643");
user_pref("extensions.incredibar_i.excTlbr", false);
user_pref("extensions.incredibar_i.id", "1839a315000000000000062737ac3dfd");
user_pref("extensions.incredibar_i.installerproductid", "26");
user_pref("extensions.incredibar_i.instlDay", "15671");
user_pref("extensions.incredibar_i.instlRef", "");
user_pref("extensions.incredibar_i.ms_url_id", "");
user_pref("extensions.incredibar_i.newTab", false);
user_pref("extensions.incredibar_i.ppd", "6666660837");
user_pref("extensions.incredibar_i.prdct", "incredibar");
user_pref("extensions.incredibar_i.productid", "26");
user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
user_pref("extensions.incredibar_i.smplGrp", "none");
user_pref("extensions.incredibar_i.tlbrId", "base");
user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQQWpXjtr&loc=IB_TB&i=26&search=");
user_pref("extensions.incredibar_i.upn2", "6PQQWpXjtr");
user_pref("extensions.incredibar_i.upn2n", "92543995753433061");
user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.141:15:19");
user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
user_pref("extensions.kango.storage.minibar.config", "{\"name\":\"Layouts Express\",\"description\":\"Change facebook to look just the way you want it, with hundreds of unique
user_pref("extensions.mywebsearch.prevDefaultEngine", "Search the web (Babylon)");
user_pref("extensions.mywebsearch.prevKwdEnabled", true);
user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.sweetim.com/search.asp?barid={258AC3B4-38E1-11E2-8D52-802D4622B6AB}&src=2&crg=3.1010000.10007&q=");
user_pref("extensions.mywebsearch.prevSelectedEngine", "Search the web (Babylon)");
user_pref("extensions.toolbar.mindspark._64Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=9793F69C-12AB-4040-8A21-21C370963563&n=77fc20f8&p2=^XP^xdm284^YY^de
user_pref("extensions.toolbar.mindspark._64Members_.hp.enabled", true);
user_pref("extensions.toolbar.mindspark._64Members_.initialized", true);
user_pref("extensions.toolbar.mindspark._64Members_.installation.contextKey", "");
user_pref("extensions.toolbar.mindspark._64Members_.installation.installDate", "2013012216");
user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerId", "^XP^xdm284^YY^de");
user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerSubId", "CMWkj4Ce_LQCFUmN3godwloAZQ");
user_pref("extensions.toolbar.mindspark._64Members_.installation.success", true);
user_pref("extensions.toolbar.mindspark._64Members_.installation.toolbarId", "9793F69C-12AB-4040-8A21-21C370963563");
user_pref("extensions.toolbar.mindspark._64Members_.lastActivePing", "1363610046353");
user_pref("extensions.toolbar.mindspark._64Members_.options.defaultSearch", true);
user_pref("extensions.toolbar.mindspark._64Members_.options.homePageEnabled", true);
user_pref("extensions.toolbar.mindspark._64Members_.options.keywordEnabled", true);
user_pref("extensions.toolbar.mindspark._64Members_.options.tabEnabled", true);
user_pref("extensions.toolbar.mindspark._64Members_.searchHistory", "facebook.com");
user_pref("extensions.toolbar.mindspark._64Members_.weather.location", "10001");
user_pref("extensions.toolbar.mindspark.hp.enabled", true);
user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "televisionfanatic@mindspark.com");
user_pref("extensions.toolbar.mindspark.lastInstalled", "televisionfanatic@mindspark.com");
user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=9793F69C-12AB-4040-8A21-21C370963563&n=77fc20f8&ind=2013012216&p2=^XP^xdm284^YY^de&
user_pref("sweetim.toolbar.RevertDialog.enable", "false");
user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
user_pref("sweetim.toolbar.Visibility.enable", "true");
user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
user_pref("sweetim.toolbar.cargo", "3.1010000.10007");
user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
user_pref("sweetim.toolbar.cda.returnValue", "none");
user_pref("sweetim.toolbar.dialogs.0.enable", "true");
user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
user_pref("sweetim.toolbar.dialogs.0.height", "335");
user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;");
user_pref("sweetim.toolbar.dialogs.0.width", "761");
user_pref("sweetim.toolbar.dialogs.1.enable", "true");
user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
user_pref("sweetim.toolbar.dialogs.1.height", "300");
user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
user_pref("sweetim.toolbar.dialogs.1.width", "500");
user_pref("sweetim.toolbar.dialogs.2.enable", "true");
user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
user_pref("sweetim.toolbar.dialogs.2.height", "150");
user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
user_pref("sweetim.toolbar.dialogs.2.width", "530");
user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube
user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
user_pref("sweetim.toolbar.mode.debug", "false");
user_pref("sweetim.toolbar.newtab.created", "true");
user_pref("sweetim.toolbar.newtab.enable", "true");
user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Search the web (Babylon)");
user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Search the web (Babylon)");
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://search.babylon.com/?affID=110824&tt=4712_1&babsrc=HP_ss_cr&mntrId=1839a315000000000000062737ac3dfd");
user_pref("sweetim.toolbar.previous.keyword.URL", "");
user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;");
user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
user_pref("sweetim.toolbar.scripts.0.enable", "false");
user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
user_pref("sweetim.toolbar.scripts.1.enable", "false");
user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
user_pref("sweetim.toolbar.scripts.2.callback", "");
user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");
user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
user_pref("sweetim.toolbar.scripts.2.enable", "false");
user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://sear
user_pref("sweetim.toolbar.search.history.capacity", "10");
user_pref("sweetim.toolbar.searchguard.enable", "false");
user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
user_pref("sweetim.toolbar.simapp_id", "{258AC3B4-38E1-11E2-8D52-802D4622B6AB}");
user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?st=6&barid={258AC3B4-38E1-11E2-8D52-802D4622B6AB}");
user_pref("sweetim.toolbar.version", "1.9.0.0");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocatio
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer", "hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=hxxp://nonexistent.yontoo.com/|
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer", "hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=hxxp://nonexistent.yontoo.c
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.sweetim.com\":\"q\",\"search.imesh.net\":\"q\",\"www.searc
Emptied folder: C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\firefox\profiles\bo9166oc.default\minidumps [168 files]
~~~ Chrome
Successfully deleted: [Folder] C:\Users\majdi ameni elvira\appdata\local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\pgafcinpmmpklohkojmllohdhomoefph
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.03.2013 at 23:30:36,29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.115 - Logfile created 03/20/2013 at 00:14:17
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Ultimate (64 bits)
# User : majdi ameni elvira - MAJDIAMENIELVIR
# Boot Mode : Normal
# Running from : C:\Users\majdi ameni elvira\Downloads\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Program Files (x86)\AskTBar
Folder Deleted : C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Folder Deleted : C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Folder Deleted : C:\Users\majdi ameni elvira\AppData\Roaming\Mozilla\Firefox\Profiles\bo9166oc.default\SweetPacksToolbarData
Folder Deleted : C:\Windows\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
***** [Registry] *****
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\5aeddd0e53fed44
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\Software\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D
Key Deleted : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : HKLM\Software\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D
Key Deleted : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F02C0832-C85C-4B93-8C6F-9DF20121A10D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\5aeddd0e53fed44
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9CB65206-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F02C0832-C85C-4B93-8C6F-9DF20121A10D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{9CB65206-89C4-402C-BA80-02D8C59F9B1D}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{FE063DB9-4EC0-403E-8DD8-394C54984B2C}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16470
[OK] Registry is clean.
-\\ Mozilla Firefox v19.0.2 (fr)
File : C:\Users\majdi ameni elvira\AppData\Roaming\Mozilla\Firefox\Profiles\bo9166oc.default\prefs.js
Deleted : user_pref("extensions.kango.storage.minibar.config", "{\"name\":\"Layouts Express\",\"description\":[...]
Deleted : user_pref("extensions.kango.storage.ui.button.iconCache", "\"data:image/png;base64,iVBORw0KGgoAAAANS[...]
Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]
-\\ Google Chrome v25.0.1364.172
File : C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted [l.38] : keyword = "search.sweetim.com",
Deleted [l.41] : search_url = "hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={258AC3B4[...]
Deleted [l.1920] : homepage = "hxxp://home.sweetim.com/?st=6&barid={258AC3B4-38E1-11E2-8D52-802D4622B6AB}",
Deleted [l.2240] : urls_to_restore_on_startup = [ "hxxp://home.sweetim.com/?st=6&barid={258AC3B4-38E1-11E2-8D52-[...]
*************************
AdwCleaner[S1].txt - [6782 octets] - [20/03/2013 00:14:17]
########## EOF - C:\AdwCleaner[S1].txt - [6842 octets] ##########
Code:
ATTFilter OTL logfile created on: 20.03.2013 00:20:12 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\majdi ameni elvira\Downloads 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 3,98 Gb Total Physical Memory | 2,81 Gb Available Physical Memory | 70,68% Memory free 7,96 Gb Paging File | 6,88 Gb Available in Paging File | 86,35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,56 Gb Total Space | 56,89 Gb Free Space | 58,32% Space Free | Partition Type: NTFS Drive D: | 368,10 Gb Total Space | 368,00 Gb Free Space | 99,97% Space Free | Partition Type: NTFS Computer Name: MAJDIAMENIELVIR | User Name: majdi ameni elvira | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\majdi ameni elvira\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () ========== Services (SafeList) ========== SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,defaultscope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,defaultscope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,defaultscope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,defaultscope = IE - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 BB A3 4F 92 BA CD 01 [binary data] IE - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@TelevisionFanatic.com/Plugin: C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\majdi ameni elvira\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\majdi ameni elvira\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\majdi ameni elvira\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 16:02:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 16:02:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.04 04:58:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\Extensions [2013.03.19 23:30:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\Firefox\Profiles\bo9166oc.default\extensions [2012.10.21 12:46:43 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\Firefox\Profiles\bo9166oc.default\extensions\mail@gutscheinrausch.de [2013.03.08 16:02:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.08 16:02:30 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.01.22 17:52:09 | 000,001,609 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-france.xml [2012.09.06 02:54:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.12.05 23:23:43 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml [2013.02.19 21:24:29 | 000,001,472 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-france.xml [2013.01.22 17:52:09 | 000,001,399 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fr.xml [2012.12.05 23:23:43 | 000,001,169 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-france.xml ========== Chrome ========== CHR - default_search_provider: SweetIM Search (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll CHR - plugin: Google Update (Enabled) = C:\Users\majdi ameni elvira\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: YouTube = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: IncrediBar for Chrome = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\niogeckbkdcabhnapjbkeiklablhjoca\1.0.5_0\ CHR - Extension: Google Mail = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: YouTube = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: IncrediBar for Chrome = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\niogeckbkdcabhnapjbkeiklablhjoca\1.0.5_0\ CHR - Extension: Google Mail = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2013.03.18 19:25:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O4 - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000..\Run: [Facebook Update] C:\Users\majdi ameni elvira\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E1F1FCF9-F9FF-4066-90F7-CD9D1F1AD570}: DhcpNameServer = 192.168.1.1 O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.19 23:21:50 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.03.19 23:21:42 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.18 19:29:51 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.03.18 19:25:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.03.18 19:17:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.03.18 19:17:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.03.18 19:17:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.03.18 19:17:33 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.18 19:17:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.03.16 17:18:28 | 000,000,000 | ---D | C] -- C:\Users\majdi ameni elvira\Desktop\mbar [2013.03.13 15:35:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.03.13 15:35:06 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.03.13 15:35:06 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.03.13 15:35:05 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.03.13 15:35:05 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.03.13 15:35:05 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.03.13 15:35:05 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.03.13 15:35:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.03.13 15:35:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.03.13 15:35:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.03.13 15:35:04 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.03.13 15:35:04 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.13 15:35:02 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.03.13 15:35:02 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.03.13 15:35:02 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.03.13 00:28:56 | 000,000,000 | ---D | C] -- C:\Users\majdi ameni elvira\AppData\Roaming\Malwarebytes [2013.03.13 00:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.13 00:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.13 00:28:33 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.13 00:28:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.13 00:28:12 | 000,000,000 | ---D | C] -- C:\Users\majdi ameni elvira\AppData\Local\Programs [2013.03.12 23:51:33 | 000,000,000 | -H-D | C] -- C:\Users\majdi ameni elvira\AppData\Roaming\3EE0BCD6 [2013.03.12 23:50:02 | 000,000,000 | ---D | C] -- C:\Users\majdi ameni elvira\Sbblisr [2013.03.12 12:35:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2013.03.12 12:32:36 | 000,000,000 | ---D | C] -- C:\Users\majdi ameni elvira\AppData\Roaming\U3 [2013.03.12 11:51:26 | 000,000,000 | ---D | C] -- C:\Users\majdi ameni elvira\Desktop\musik neu [2013.03.08 16:02:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.01 20:53:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth ========== Files - Modified Within 30 Days ========== [2013.03.20 00:20:11 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.20 00:20:11 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.20 00:19:26 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.20 00:19:26 | 000,641,706 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.20 00:19:26 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.20 00:19:26 | 000,126,062 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.20 00:19:26 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.20 00:15:09 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.20 00:15:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.20 00:14:56 | 3206,959,104 | -HS- | M] () -- C:\hiberfil.sys [2013.03.20 00:00:00 | 000,001,172 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3828282979-3244811858-1549132693-1000UA.job [2013.03.19 23:50:01 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.19 23:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.19 22:56:01 | 000,000,980 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3828282979-3244811858-1549132693-1000UA.job [2013.03.19 22:56:00 | 000,000,958 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3828282979-3244811858-1549132693-1000Core.job [2013.03.18 19:25:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.03.17 23:48:31 | 000,000,512 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\MBR.dat [2013.03.17 01:00:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3828282979-3244811858-1549132693-1000Core.job [2013.03.16 22:33:30 | 000,214,374 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\888951_617600784933108_956178932_o.jpg [2013.03.16 22:32:13 | 000,137,609 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\862389_617088378317682_1757131080_n.jpg [2013.03.16 22:32:03 | 000,055,333 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\804300_617195524973634_123515814_n.jpg [2013.03.16 22:31:51 | 000,064,652 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\862185_617195691640284_854219262_n.jpg [2013.03.16 22:31:38 | 000,173,307 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\888810_617600941599759_392689594_o.jpg [2013.03.14 20:01:49 | 000,002,395 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\Google Chrome.lnk [2013.03.13 14:38:22 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.13 14:38:22 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.03.11 22:32:35 | 000,095,176 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\602166_574832465874756_198468293_n.jpg [2013.03.10 01:01:37 | 000,934,836 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\attachment.php.jpg [2013.03.09 10:18:49 | 000,091,328 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\702889_571393502887170_527173581_n.jpg [2013.03.09 10:18:31 | 000,139,126 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\702923_571393476220506_597571333_n.jpg [2013.03.08 18:10:22 | 000,017,927 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\601592_570957746249165_1027927645_n.jpg [2013.03.08 18:09:49 | 000,040,828 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\734632_571303722881234_1523163912_n.jpg [2013.03.08 16:01:13 | 000,031,133 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\577996_10151559285256614_1219465472_n.jpg [2013.03.07 16:29:46 | 000,057,079 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\65547_346293635492142_879126177_n.jpg [2013.02.28 23:03:42 | 000,071,558 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\803380_608383912521462_350012141_n.jpg [2013.02.28 23:02:57 | 000,067,753 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\730621_609338392426014_1849945632_n.jpg [2013.02.28 23:02:46 | 000,024,753 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\730599_609328659093654_2139714039_n.jpg [2013.02.28 13:11:10 | 000,306,636 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\859076_316425691793924_261292111_o.jpg [2013.02.26 19:13:19 | 000,096,306 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\480151_610010319025863_232090152_n.jpg [2013.02.26 19:12:50 | 000,074,640 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\524955_610019829024912_1986722450_n.jpg [2013.02.26 19:10:46 | 000,034,721 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\485047_611786715514890_1200217643_n.jpg [2013.02.26 15:28:23 | 000,037,588 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\285260_10151585540105209_864790281_n.jpg [2013.02.26 15:09:38 | 000,011,837 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\430935_315873545195684_1097459838_n.jpg [2013.02.25 19:59:10 | 000,017,239 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\317977_521838064503053_417561600_n.jpg [2013.02.22 16:28:23 | 000,031,910 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\559878_339374372850735_142926935_n.jpg ========== Files Created - No Company Name ========== [2013.03.18 19:17:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.03.18 19:17:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.03.18 19:17:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.03.18 19:17:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.03.18 19:17:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.03.17 23:48:31 | 000,000,512 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\MBR.dat [2013.03.16 22:33:29 | 000,214,374 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\888951_617600784933108_956178932_o.jpg [2013.03.16 22:32:13 | 000,137,609 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\862389_617088378317682_1757131080_n.jpg [2013.03.16 22:32:03 | 000,055,333 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\804300_617195524973634_123515814_n.jpg [2013.03.16 22:31:50 | 000,064,652 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\862185_617195691640284_854219262_n.jpg [2013.03.16 22:31:37 | 000,173,307 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\888810_617600941599759_392689594_o.jpg [2013.03.11 22:32:33 | 000,095,176 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\602166_574832465874756_198468293_n.jpg [2013.03.10 01:01:34 | 000,934,836 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\attachment.php.jpg [2013.03.09 10:18:48 | 000,091,328 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\702889_571393502887170_527173581_n.jpg [2013.03.09 10:18:30 | 000,139,126 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\702923_571393476220506_597571333_n.jpg [2013.03.08 18:10:21 | 000,017,927 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\601592_570957746249165_1027927645_n.jpg [2013.03.08 18:09:47 | 000,040,828 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\734632_571303722881234_1523163912_n.jpg [2013.03.08 15:59:57 | 000,031,133 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\577996_10151559285256614_1219465472_n.jpg [2013.03.07 16:29:44 | 000,057,079 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\65547_346293635492142_879126177_n.jpg [2013.02.28 23:03:41 | 000,071,558 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\803380_608383912521462_350012141_n.jpg [2013.02.28 23:02:56 | 000,067,753 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\730621_609338392426014_1849945632_n.jpg [2013.02.28 23:02:45 | 000,024,753 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\730599_609328659093654_2139714039_n.jpg [2013.02.28 13:11:09 | 000,306,636 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\859076_316425691793924_261292111_o.jpg [2013.02.26 19:13:17 | 000,096,306 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\480151_610010319025863_232090152_n.jpg [2013.02.26 19:12:49 | 000,074,640 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\524955_610019829024912_1986722450_n.jpg [2013.02.26 19:10:46 | 000,034,721 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\485047_611786715514890_1200217643_n.jpg [2013.02.26 15:28:22 | 000,037,588 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\285260_10151585540105209_864790281_n.jpg [2013.02.26 15:09:36 | 000,011,837 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\430935_315873545195684_1097459838_n.jpg [2013.02.25 19:59:09 | 000,017,239 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\317977_521838064503053_417561600_n.jpg [2013.02.22 16:28:22 | 000,031,910 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\559878_339374372850735_142926935_n.jpg [2012.10.29 18:23:43 | 000,003,584 | ---- | C] () -- C:\Users\majdi ameni elvira\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Files - Unicode (All) ========== [2013.03.16 19:45:01 | 019,652,117 | ---- | M] ()(C:\Users\majdi ameni elvira\Desktop\???? ??????? ?????? hadhra jaret achwaki - YouTube.FLV) -- C:\Users\majdi ameni elvira\Desktop\جارت الاشواق الحضرة hadhra jaret achwaki - YouTube.FLV [2013.03.16 19:31:45 | 019,652,117 | ---- | C] ()(C:\Users\majdi ameni elvira\Desktop\???? ??????? ?????? hadhra jaret achwaki - YouTube.FLV) -- C:\Users\majdi ameni elvira\Desktop\جارت الاشواق الحضرة hadhra jaret achwaki - YouTube.FLV < End of report > tut mir leid hab die 2te logfile doch noch gefunden Code:
ATTFilter OTL Extras logfile created on: 20.03.2013 00:20:12 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\majdi ameni elvira\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
3,98 Gb Total Physical Memory | 2,81 Gb Available Physical Memory | 70,68% Memory free
7,96 Gb Paging File | 6,88 Gb Available in Paging File | 86,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 56,89 Gb Free Space | 58,32% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 368,00 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
Computer Name: MAJDIAMENIELVIR | User Name: majdi ameni elvira | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3828282979-3244811858-1549132693-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D6BD56B-541C-4D5D-9C61-14D0370DFB64}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{28EB52E5-F894-40AE-9BCA-471099896575}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{349FBD90-4322-4D18-963E-D4DF001EFA2C}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{38A045C7-ADA3-4C12-9504-8F141A7026BF}" = dir=in | app=c:\users\majdi ameni elvira\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{5BC526C7-B5DB-432B-A739-ABEDBCFF334E}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{606A77EF-0CA3-4289-A55B-B788A6F25DC8}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{76AEAD72-3658-446A-A037-30FD44B96620}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{7A301976-C47F-46CF-B435-9B8CFC6D618D}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{82A7328E-9E33-4F50-814E-53D66BB6BA0B}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{96DD81E1-F78D-4D0E-86F7-BB011A5A5E3D}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{9815E4D5-1CBF-4579-A788-6514EDC1717F}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{CA7AF6D9-D4CE-4DE9-8F84-2CC704E7033C}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{CAA89A70-CF66-45D7-A00A-42650BCD620E}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{D8C28A7B-7284-411C-AEBB-DD48052AAAFF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F18B3906-C0D2-4096-987D-C0D88A3177F4}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.2
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Atheros WiFi Driver Installation
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A70800000002}" = Adobe Reader 7.0.8 - Deutsch
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AskTBar Uninstall" = Ask Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 19.0.2 (x86 fr)" = Mozilla Firefox 19.0.2 (x86 fr)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"TelevisionFanaticbar Uninstall" = TelevisionFanatic Toolbar
"VLC media player" = VLC media player 2.0.2
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3828282979-3244811858-1549132693-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ==========
[ System Events ]
Error - 19.03.2013 19:15:07 | Computer Name = majdiamenielvir | Source = BTHUSB | ID = 327697
Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen
und wird nicht verwendet. Der Treiber wurde entladen.
< End of report >
|
|
| Themen zu Mahnungsemail mit Rechnung im Anhang, das öffnen des Anhangs ist fehlgeschlagen, und durch scan habe ich 15 mit trojaner infizierte objekte. |
| .com, administrator, anti-malware, appdata, autostart, dateien, email, explorer, infizierte, malware, malware bytes, malwarebytes, microsoft, nicht öffnen, programm, pup.bundle.installer.oi, rechnung, roaming, software, trojan.agent.kbgen, trojan.eorezo, trojan.ransom.ed, trojaner, zufällig |
Linear-Darstellung
