| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Prozessorauslastung 100% bei google chromeWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.02.2014, 21:00
| #1 |
 |  Windows 7: Prozessorauslastung 100% bei google chrome Hallo, ich sitze gerade bei einem Freund, er hat ein Problem mit seinem Rechner. Ich weiss nicht exakt, welche Probleme alle auftreten, aber zumindest gibt es eine 100%-Auslastung bei google chrome und anscheinend auch noch weitere Probleme. Leider weiss ich aktuell nicht mehr, ich hoffe, ihr koennt mit den Logs was anfangen. Vielen Dank! Hier die Logs: defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:53 on 09/02/2014 (pc)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-02-2014 02
Ran by pc (administrator) on PC-PC on 09-02-2014 19:58:15
Running from C:\Users\pc\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Just Develop It) C:\Program Files\MyPC Backup\BackupStack.exe
(OptionNV) C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe
(Symantec Corporation) C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Telefónica I+D) C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Pokki) C:\Users\pc\AppData\Local\Pokki\Engine\pokki.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Cyberlink Corp.) C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files\RocketDock\RocketDock.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Smartbar) C:\Users\pc\AppData\Local\Smartbar\Application\SnapDo.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(BrowserSafeguard) C:\Users\pc\AppData\Local\BrowserSafeguard\BrowserSafeguard.exe
(Option) C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
(Pokki) C:\Users\pc\AppData\Local\Pokki\Engine\pokki.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
() C:\Users\pc\AppData\Roaming\VOPackage\VOPackage.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(GreenTree Applications SRL) C:\Program Files\GreenTree Applications\YTD Video Downloader\ytd.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\update\realsched.exe [295072 2013-02-15] (RealNetworks, Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [RemoteControl] - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [32768 2004-11-02] (Cyberlink Corp.)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-01-30] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-09-28] (Adobe Systems Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10029672 2011-04-07] (Realtek Semiconductor)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-3300044895-2285275073-3483894629-1000\...\Run: [RocketDock] - C:\Program Files\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-3300044895-2285275073-3483894629-1000\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [20588704 2013-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-3300044895-2285275073-3483894629-1000\...\Run: [Pokki] - C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
HKU\S-1-5-21-3300044895-2285275073-3483894629-1000\...\Run: [Facebook Update] - C:\Users\pc\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-03-21] (Facebook Inc.)
HKU\S-1-5-21-3300044895-2285275073-3483894629-1000\...\Run: [NTRedirect] - C:\Windows\system32\rundll32.exe "C:\Users\pc\AppData\Roaming\BabSolution\Shared\enhancedNT.dll",Run
HKU\S-1-5-21-3300044895-2285275073-3483894629-1000\...\Run: [Browser Infrastructure Helper] - C:\Users\pc\AppData\Local\Smartbar\Application\SnapDo.exe [21536 2013-10-31] (Smartbar)
HKU\S-1-5-21-3300044895-2285275073-3483894629-1000\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3300044895-2285275073-3483894629-1000\...\Run: [NextLive] - C:\Windows\system32\rundll32.exe "C:\Users\pc\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-3300044895-2285275073-3483894629-1000\...\Run: [BrowserSafeguard] - C:\Users\pc\AppData\Local\BrowserSafeguard\BrowserSafeguard.exe [413696 2014-01-28] (BrowserSafeguard)
HKU\S-1-5-21-3300044895-2285275073-3483894629-1000\...\Run: [BrowserSafeguard Update Task] - C:\Users\pc\AppData\Local\BrowserSafeguard\uninstall.BrowserSafeguard.exe [3345920 2014-01-30] ()
HKU\S-1-5-21-3300044895-2285275073-3483894629-1000\...\MountPoints2: H - H:\AutoRun.exe
HKU\S-1-5-21-3300044895-2285275073-3483894629-1000\...\MountPoints2: {0870d41e-c2fb-11e2-b639-00f1d000f1d0} - F:\AutoRun.exe
HKU\S-1-5-21-3300044895-2285275073-3483894629-1000\...\MountPoints2: {0870d435-c2fb-11e2-b639-002454a3648c} - F:\AutoRun.exe
HKU\S-1-5-21-3300044895-2285275073-3483894629-1000\...\MountPoints2: {0dd2f213-e33b-11e2-8cd9-00f1d000f1d0} - H:\AutoRun.exe
==================== Internet (Whitelisted) ====================
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:49178;https=127.0.0.1:49178;
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=1b01a646-ad70-a522-f4dd-28e2896987b4&searchtype=ds&q={searchTerms}&installDate=11/11/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1390344815&from=tugs&uid=SAMSUNGXHM250HI_S20TJDQZ614071
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3DB3071F840BCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?babsrc=HP_ss_wls&mntrId=F2F900F1D000F1D0&affID=119357&tsp=4978
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=1b01a646-ad70-a522-f4dd-28e2896987b4&searchtype=ds&q={searchTerms}&installDate=11/11/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1390344815&from=tugs&uid=SAMSUNGXHM250HI_S20TJDQZ614071
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1390344815&from=tugs&uid=SAMSUNGXHM250HI_S20TJDQZ614071&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.nationzoom.com/?type=hp&ts=1390344815&from=tugs&uid=SAMSUNGXHM250HI_S20TJDQZ614071
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nationzoom.com/?type=hp&ts=1390344815&from=tugs&uid=SAMSUNGXHM250HI_S20TJDQZ614071
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nationzoom.com/web/?type=ds&ts=1390344815&from=tugs&uid=SAMSUNGXHM250HI_S20TJDQZ614071&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1390344815&from=tugs&uid=SAMSUNGXHM250HI_S20TJDQZ614071
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1390344815&from=tugs&uid=SAMSUNGXHM250HI_S20TJDQZ614071&q={searchTerms}
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=1b01a646-ad70-a522-f4dd-28e2896987b4&searchtype=ds&q={searchTerms}&installDate=11/11/2013
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1390344815&from=tugs&uid=SAMSUNGXHM250HI_S20TJDQZ614071&q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1390344815&from=tugs&uid=SAMSUNGXHM250HI_S20TJDQZ614071&q={searchTerms}
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=Tuguu&co=DE&userid=1b01a646-ad70-a522-f4dd-28e2896987b4&searchtype=ds&q={searchTerms}&installDate=11/11/2013
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nationzoom.com/web/?type=ds&ts=1390344815&from=tugs&uid=SAMSUNGXHM250HI_S20TJDQZ614071&q={searchTerms}
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: No Name - {377e5d4d-77e5-476a-8716-7e70a9272da0} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: No Name - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - No File
BHO: DataMngr - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\Program Files\Search Results Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media Inc)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - No File
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - No Name - {377e5d4d-77e5-476a-8716-7e70a9272da0} - No File
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\oytm4t9x.default
FF user.js: detected! => C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\oytm4t9x.default\user.js
FF NewTab: hxxp://www.nationzoom.com/newtab/?type=nt&ts=1390344815&from=tugs&uid=SAMSUNGXHM250HI_S20TJDQZ614071
FF DefaultSearchEngine: nationzoom
FF Homepage: https://www.google.de/?gws_rd=cr&ei=oF7RUrXfN8GdtAay54GwCQ
FF NetworkProxy: "gopher", ""
FF NetworkProxy: "gopher_port", 0
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.0.282 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\pc\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\oytm4t9x.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\nationzoom.xml
FF Extension: Feven 1.5 - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\oytm4t9x.default\Extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com [2014-01-31]
FF Extension: Plus-HD-1.3 - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\oytm4t9x.default\Extensions\509508ef-0b14-4616-a557-0d58601be33d@c4a581e9-0ea6-46db-a185-58e021ee138c.com [2014-01-31]
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-02-21]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-02-15]
FF HKLM\...\Firefox\Extensions: [xz123@ya456.com] - C:\Program Files\BetterSurf\ff
FF Extension: BetterSurf - C:\Program Files\BetterSurf\ff [2013-11-14]
FF HKLM\...\Firefox\Extensions: [ext@bettersurfplus.com] - C:\Program Files\BetterSurf\BetterSurfPlus\ff
FF Extension: Better Surf Plus - C:\Program Files\BetterSurf\BetterSurfPlus\ff [2013-12-10]
FF HKLM\...\Firefox\Extensions: [ext@VideoPlayerV3beta559.net] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta559\ff
FF Extension: Video Player - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta559\ff [2014-01-09]
FF HKLM\...\Firefox\Extensions: [ext@MediaPlayerV1alpha43.net] - C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha43\ff
FF Extension: Media Player - C:\Program Files\MediaPlayerV1\MediaPlayerV1alpha43\ff [2014-01-29]
FF HKCU\...\Firefox\Extensions: [{25be085a-951b-4ba7-b817-9d42029d9fbe}] - C:\Program Files\Auto-Lyrics\133.xpi
FF Extension: Auto-Lyrics - C:\Program Files\Auto-Lyrics\133.xpi [2013-09-12]
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\pc\AppData\Roaming\IDM\idmmzcc5
Chrome:
=======
CHR DefaultSearchKeyword: nationzoom
CHR DefaultSearchProvider: nationzoom
CHR DefaultSearchURL: hxxp://www.nationzoom.com/web/?type=ds&ts=1390344815&from=tugs&uid=SAMSUNGXHM250HI_S20TJDQZ614071&q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Feven 1.5) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\baodmgdpdoelldjmkhknbolcldnfjegg [2014-01-23]
CHR Extension: (Auto-Lyrics) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cikcekchnfcbjeebbjnjklcdnpidpaen [2013-08-17]
CHR Extension: (Plus-HD-1.3) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl [2014-01-22]
CHR Extension: (Google Wallet) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-06-02]
CHR Extension: (Media Player) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\oaajcligpplkibjbmhfjccbhenmjgkoa [2014-02-09]
CHR Extension: (Lightning speedDial) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkndmigholgfjlniaohblojbhgjbkakn [2014-01-22]
CHR HKLM\...\Chrome\Extension: [cikcekchnfcbjeebbjnjklcdnpidpaen] - C:\Program Files\Auto-Lyrics\133.crx [2013-09-11]
CHR HKLM\...\Chrome\Extension: [dedmngkbaffkenlfdcbganndoghblmap] - C:\Program Files\BetterSurf\ch\Chrome.crx [2013-11-11]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
CHR HKLM\...\Chrome\Extension: [kldhfoooacjngeimdgdccggdagejpooj] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta559\ch\VideoPlayerV3beta559.crx [2014-01-07]
CHR HKLM\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx [2013-12-10]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-02-07]
CHR HKLM\...\Chrome\Extension: [pkndmigholgfjlniaohblojbhgjbkakn] - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx [2014-01-21]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-30] (Avira Operations GmbH & Co. KG)
R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [32808 2013-07-01] (Just Develop It)
R2 GtDetectSc; C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe [200704 2008-04-30] (OptionNV)
R2 Norton PC Checkup Application Launcher; C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [132504 2014-01-01] (Symantec Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
S4 SrvUpdater; C:\Program Files\SoftwareUpdater\UpdaterService.exe [31744 2013-04-12] ()
R2 TGCM_ImportWiFiSvc; C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe [200624 2010-09-29] (Telefónica I+D)
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [493568 2014-01-21] (Cherished Technololgy LIMITED)
==================== Drivers (Whitelisted) ====================
S3 AR5416; C:\Windows\System32\DRIVERS\athw.sys [1938272 2010-11-05] (Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-30] (Avira Operations GmbH & Co. KG)
S3 GT72NDISIPXP; C:\Windows\System32\DRIVERS\Gt51Ip.sys [106624 2008-02-18] (Option N.V.)
S3 GT72UBUS; C:\Windows\System32\DRIVERS\gt72ubus.sys [59648 2008-02-08] (Option N.V.)
S3 GTPTSER; C:\Windows\System32\DRIVERS\gtptser.sys [8064 2007-03-30] (Option N.V.)
R0 oem-drv86; C:\Windows\System32\DRIVERS\oem-drv86.sys [28160 2014-02-09] (secr9tos)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
R2 VBoxDrv; C:\Program Files\YouWave_Android\vb\VBoxDrv.sys [135680 2011-07-15] (Oracle Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-09 19:58 - 2014-02-09 19:58 - 00025033 _____ () C:\Users\pc\Desktop\FRST.txt
2014-02-09 19:57 - 2014-02-09 19:58 - 00000000 ____D () C:\FRST
2014-02-09 19:57 - 2014-02-09 19:57 - 01138688 _____ (Farbar) C:\Users\pc\Desktop\FRST.exe
2014-02-09 19:53 - 2014-02-09 19:54 - 00000466 _____ () C:\Users\pc\Desktop\defogger_disable.log
2014-02-09 19:53 - 2014-02-09 19:53 - 00000000 _____ () C:\Users\pc\defogger_reenable
2014-02-09 19:52 - 2014-02-09 19:52 - 00050477 _____ () C:\Users\pc\Desktop\Defogger.exe
2014-02-07 17:14 - 2014-02-07 17:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-03 23:19 - 2014-02-03 23:19 - 00438080 _____ () C:\Users\pc\Desktop\manifest generator.zip
2014-02-03 18:32 - 2014-02-03 18:32 - 00000000 ___HD () C:\Windows\system32\CanonIJ Uninstaller Information
2014-02-03 18:32 - 2014-02-03 18:32 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-02-03 18:32 - 2014-02-03 18:32 - 00000000 ___HD () C:\Program Files\CanonBJ
2014-02-03 18:32 - 2006-09-26 05:00 - 00049152 _____ (Canon Inc.) C:\Windows\system32\cncisco.dll
2014-02-03 18:32 - 2006-09-26 04:59 - 00159744 _____ (CANON INC.) C:\Windows\system32\CNCC110.DLL
2014-02-03 18:32 - 2006-09-26 04:59 - 00094208 _____ (CANON INC.) C:\Windows\system32\CNCL110.DLL
2014-02-03 18:32 - 2006-09-26 04:59 - 00037376 _____ (CANON INC.) C:\Windows\system32\CNCI110.DLL
2014-02-03 18:32 - 2006-09-12 20:00 - 00197632 _____ (CANON INC.) C:\Windows\system32\CNMLM6F.DLL
2014-02-03 18:32 - 2006-03-03 06:35 - 00389180 _____ (Canon) C:\Windows\system32\UCS32P.DLL
2014-02-03 18:20 - 2014-02-03 18:31 - 00000000 ____D () C:\Users\pc\Desktop\Canon
2014-02-03 18:09 - 2014-02-03 18:21 - 00000000 ____D () C:\Program Files\Canon
2014-01-30 00:07 - 2014-01-30 00:07 - 00000000 ____D () C:\Program Files\Lightspark 0.5.3-git
2014-01-30 00:03 - 2014-01-30 00:03 - 00000000 ____D () C:\Users\pc\AppData\Local\BrowserSafeguard
2014-01-29 20:44 - 2014-01-29 20:44 - 00000652 __RSH () C:\ProgramData\ntuser.pol
2014-01-29 20:43 - 2014-01-29 20:43 - 00000000 ____D () C:\Program Files\MediaPlayerV1
2014-01-23 23:21 - 2014-01-23 23:21 - 00414710 _____ () C:\Windows\PFRO.log
2014-01-23 22:51 - 2014-02-09 01:08 - 00002016 _____ () C:\Windows\setupact.log
2014-01-23 22:51 - 2014-01-23 22:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-01-21 23:55 - 2014-02-09 18:59 - 00000000 ____D () C:\Users\pc\AppData\Roaming\newnext.me
2014-01-21 23:55 - 2014-01-22 00:35 - 00000000 ____D () C:\Users\pc\AppData\Local\Mobogenie
2014-01-21 23:55 - 2014-01-21 23:55 - 00000000 ____D () C:\Users\pc\Documents\Mobogenie
2014-01-21 23:55 - 2014-01-21 23:55 - 00000000 ____D () C:\Users\pc\AppData\Roaming\VOPackage
2014-01-21 23:55 - 2014-01-21 23:55 - 00000000 ____D () C:\Users\pc\AppData\Local\genienext
2014-01-21 23:55 - 2014-01-21 23:55 - 00000000 ____D () C:\Users\pc\AppData\Local\cache
2014-01-21 23:55 - 2014-01-21 23:55 - 00000000 ____D () C:\Users\pc\.android
2014-01-21 23:55 - 2014-01-21 23:55 - 00000000 _____ () C:\Users\pc\daemonprocess.txt
2014-01-21 23:54 - 2014-01-22 00:35 - 00000000 ____D () C:\Program Files\Mobogenie
2014-01-21 23:54 - 2014-01-21 23:54 - 00000000 ____D () C:\ProgramData\WPM
2014-01-21 16:01 - 2014-01-21 16:27 - 107296635 _____ () C:\Users\pc\Documents\ثم إستقاموا - د. عدنان إبراهيم.flv
2014-01-20 23:17 - 2014-01-21 00:02 - 142013063 _____ () C:\Users\pc\Documents\الفلم الخطير _ النظام والفوضى _ قصة المعلومات _ 1080p , HDTV.flv
2014-01-20 23:16 - 2014-01-20 23:39 - 146966948 _____ () C:\Users\pc\Documents\هدية الاسبوع الأكوان المتعددة والسموات السبع.flv
2014-01-20 23:03 - 2014-01-20 23:11 - 00000000 ____D () C:\Users\pc\Documents\adnan
2014-01-20 22:35 - 2014-01-20 22:35 - 00000000 ____D () C:\Program Files\Recuva
2014-01-20 20:25 - 2014-01-20 20:37 - 78049014 _____ () C:\Users\pc\Documents\How to Change Your Frequency to Change Your Reality.flv
2014-01-12 17:34 - 2014-01-12 17:34 - 00000000 ____D () C:\Users\pc\AppData\Roaming\HideIPEasy
2014-01-12 17:34 - 2014-01-12 17:34 - 00000000 ____D () C:\ProgramData\HideIPEasy
2014-01-12 17:34 - 2014-01-12 17:34 - 00000000 ____D () C:\Program Files\HideIPEasy
2014-01-11 16:14 - 2014-01-11 16:25 - 09559069 _____ () C:\Users\pc\Documents\أبدا لن تنساني.. أحلام مستغانمي.. جاهدة وهبه.wmv.flv
2014-01-11 16:05 - 2014-01-11 16:07 - 09494253 _____ () C:\Users\pc\Documents\كنت سأنجب منك قبيلة - جاهدة وهبة.flv
2014-01-11 14:23 - 2014-01-11 15:56 - 234448340 _____ () C:\Users\pc\Documents\Zero Point _ Volume II - The Structure of Infinity FULL MOVIE 1080p.flv
2014-01-11 14:22 - 2014-01-11 14:29 - 41587863 _____ () C:\Users\pc\Documents\Spirit Science 22 (Part 3) ~ The God Particles.flv
2014-01-11 12:14 - 2014-01-11 12:14 - 06951048 _____ (Microsoft Corporation) C:\Users\pc\Desktop\Silverlight.exe
2014-01-11 11:36 - 2014-01-11 11:36 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-11 11:36 - 2014-01-11 11:36 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-01-11 11:35 - 2014-01-11 11:35 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-11 11:35 - 2014-01-11 11:34 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-11 11:35 - 2014-01-11 11:34 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-11 11:35 - 2014-01-11 11:34 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
==================== One Month Modified Files and Folders =======
2014-02-09 19:58 - 2014-02-09 19:58 - 00025033 _____ () C:\Users\pc\Desktop\FRST.txt
2014-02-09 19:58 - 2014-02-09 19:57 - 00000000 ____D () C:\FRST
2014-02-09 19:57 - 2014-02-09 19:57 - 01138688 _____ (Farbar) C:\Users\pc\Desktop\FRST.exe
2014-02-09 19:54 - 2014-02-09 19:53 - 00000466 _____ () C:\Users\pc\Desktop\defogger_disable.log
2014-02-09 19:53 - 2014-02-09 19:53 - 00000000 _____ () C:\Users\pc\defogger_reenable
2014-02-09 19:53 - 2013-02-06 23:03 - 00000000 ____D () C:\Users\pc
2014-02-09 19:52 - 2014-02-09 19:52 - 00050477 _____ () C:\Users\pc\Desktop\Defogger.exe
2014-02-09 19:47 - 2013-02-15 14:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-09 19:36 - 2013-02-15 14:51 - 00000000 ____D () C:\Users\pc\AppData\Roaming\Skype
2014-02-09 19:17 - 2013-11-11 19:12 - 00001800 _____ () C:\Windows\Tasks\Plus-HD-1.3-firefoxinstaller.job
2014-02-09 19:16 - 2013-11-11 19:16 - 00001266 _____ () C:\Windows\Tasks\Feven 1.5-updater.job
2014-02-09 19:16 - 2013-11-11 19:15 - 00001278 _____ () C:\Windows\Tasks\Plus-HD-1.3-updater.job
2014-02-09 19:15 - 2013-11-11 19:15 - 00001080 _____ () C:\Windows\Tasks\Plus-HD-1.3-enabler.job
2014-02-09 19:15 - 2013-11-11 19:15 - 00001068 _____ () C:\Windows\Tasks\Feven 1.5-enabler.job
2014-02-09 19:14 - 2013-11-11 19:14 - 00001180 _____ () C:\Windows\Tasks\Plus-HD-1.3-codedownloader.job
2014-02-09 19:14 - 2013-11-11 19:14 - 00001168 _____ () C:\Windows\Tasks\Feven 1.5-codedownloader.job
2014-02-09 19:13 - 2013-11-11 19:13 - 00001784 _____ () C:\Windows\Tasks\Feven 1.5-firefoxinstaller.job
2014-02-09 19:13 - 2013-02-15 13:31 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-09 19:12 - 2013-11-11 19:12 - 00001876 _____ () C:\Windows\Tasks\Plus-HD-1.3-chromeinstaller.job
2014-02-09 19:12 - 2013-11-11 19:12 - 00001860 _____ () C:\Windows\Tasks\Feven 1.5-chromeinstaller.job
2014-02-09 18:59 - 2014-01-21 23:55 - 00000000 ____D () C:\Users\pc\AppData\Roaming\newnext.me
2014-02-09 18:53 - 2013-03-21 18:48 - 00000916 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3300044895-2285275073-3483894629-1000UA.job
2014-02-09 18:53 - 2013-03-21 18:48 - 00000894 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3300044895-2285275073-3483894629-1000Core.job
2014-02-09 18:46 - 2013-02-06 22:57 - 01260646 _____ () C:\Windows\WindowsUpdate.log
2014-02-09 18:22 - 2013-07-03 18:35 - 00000344 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-02-09 01:28 - 2013-07-03 18:14 - 00000358 _____ () C:\Windows\Tasks\Auto-Lyrics Update.job
2014-02-09 01:17 - 2009-07-14 05:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-09 01:17 - 2009-07-14 05:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-09 01:11 - 2013-03-10 20:14 - 00000000 ____D () C:\Users\pc\AppData\Local\Pokki
2014-02-09 01:10 - 2013-02-15 13:30 - 00001086 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-09 01:08 - 2014-01-23 22:51 - 00002016 _____ () C:\Windows\setupact.log
2014-02-09 01:08 - 2013-02-15 14:29 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-09 01:08 - 2013-02-06 23:03 - 00028160 _____ (secr9tos) C:\Windows\system32\Drivers\oem-drv86.sys
2014-02-09 01:08 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-07 18:16 - 2013-02-15 13:33 - 00000000 ____D () C:\Users\pc\AppData\Roaming\vlc
2014-02-07 17:15 - 2014-02-07 17:14 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-07 16:58 - 2012-02-26 20:58 - 00716728 _____ () C:\Windows\system32\perfh019.dat
2014-02-07 16:58 - 2012-02-26 20:58 - 00149710 _____ () C:\Windows\system32\perfc019.dat
2014-02-07 16:58 - 2010-11-20 22:01 - 04325570 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-06 12:47 - 2013-02-15 14:31 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-06 12:47 - 2013-02-15 14:31 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-03 23:19 - 2014-02-03 23:19 - 00438080 _____ () C:\Users\pc\Desktop\manifest generator.zip
2014-02-03 18:34 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\twain_32
2014-02-03 18:34 - 2009-07-14 03:37 - 00000000 __RSD () C:\Windows\Media
2014-02-03 18:33 - 2013-02-21 19:56 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-02-03 18:32 - 2014-02-03 18:32 - 00000000 ___HD () C:\Windows\system32\CanonIJ Uninstaller Information
2014-02-03 18:32 - 2014-02-03 18:32 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-02-03 18:32 - 2014-02-03 18:32 - 00000000 ___HD () C:\Program Files\CanonBJ
2014-02-03 18:31 - 2014-02-03 18:20 - 00000000 ____D () C:\Users\pc\Desktop\Canon
2014-02-03 18:25 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-02-03 18:21 - 2014-02-03 18:09 - 00000000 ____D () C:\Program Files\Canon
2014-02-01 19:00 - 2013-11-10 20:50 - 00000000 ____D () C:\Users\pc\Desktop\Adopa
2014-01-30 09:16 - 2013-03-10 20:15 - 00002091 _____ () C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Edgeworld.lnk
2014-01-30 00:07 - 2014-01-30 00:07 - 00000000 ____D () C:\Program Files\Lightspark 0.5.3-git
2014-01-30 00:03 - 2014-01-30 00:03 - 00000000 ____D () C:\Users\pc\AppData\Local\BrowserSafeguard
2014-01-29 20:44 - 2014-01-29 20:44 - 00000652 __RSH () C:\ProgramData\ntuser.pol
2014-01-29 20:43 - 2014-01-29 20:43 - 00000000 ____D () C:\Program Files\MediaPlayerV1
2014-01-29 20:43 - 2009-07-14 03:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-01-25 01:49 - 2013-11-11 19:12 - 00000000 ____D () C:\Program Files\Feven 1.5
2014-01-24 19:25 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-01-23 23:21 - 2014-01-23 23:21 - 00414710 _____ () C:\Windows\PFRO.log
2014-01-23 23:21 - 2013-11-06 22:06 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-01-23 22:51 - 2014-01-23 22:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-01-22 00:35 - 2014-01-21 23:55 - 00000000 ____D () C:\Users\pc\AppData\Local\Mobogenie
2014-01-22 00:35 - 2014-01-21 23:54 - 00000000 ____D () C:\Program Files\Mobogenie
2014-01-21 23:55 - 2014-01-21 23:55 - 00000000 ____D () C:\Users\pc\Documents\Mobogenie
2014-01-21 23:55 - 2014-01-21 23:55 - 00000000 ____D () C:\Users\pc\AppData\Roaming\VOPackage
2014-01-21 23:55 - 2014-01-21 23:55 - 00000000 ____D () C:\Users\pc\AppData\Local\genienext
2014-01-21 23:55 - 2014-01-21 23:55 - 00000000 ____D () C:\Users\pc\AppData\Local\cache
2014-01-21 23:55 - 2014-01-21 23:55 - 00000000 ____D () C:\Users\pc\.android
2014-01-21 23:55 - 2014-01-21 23:55 - 00000000 _____ () C:\Users\pc\daemonprocess.txt
2014-01-21 23:54 - 2014-01-21 23:54 - 00000000 ____D () C:\ProgramData\WPM
2014-01-21 23:53 - 2013-11-11 19:18 - 00002436 _____ () C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-01-21 23:53 - 2013-11-11 19:18 - 00002389 _____ () C:\Users\pc\Desktop\Search.lnk
2014-01-21 23:53 - 2013-07-06 00:48 - 00001297 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-21 23:53 - 2013-04-29 18:56 - 00002393 _____ () C:\Users\pc\Desktop\Google Chrome.lnk
2014-01-21 16:27 - 2014-01-21 16:01 - 107296635 _____ () C:\Users\pc\Documents\ثم إستقاموا - د. عدنان إبراهيم.flv
2014-01-21 00:02 - 2014-01-20 23:17 - 142013063 _____ () C:\Users\pc\Documents\الفلم الخطير _ النظام والفوضى _ قصة المعلومات _ 1080p , HDTV.flv
2014-01-20 23:39 - 2014-01-20 23:16 - 146966948 _____ () C:\Users\pc\Documents\هدية الاسبوع الأكوان المتعددة والسموات السبع.flv
2014-01-20 23:11 - 2014-01-20 23:03 - 00000000 ____D () C:\Users\pc\Documents\adnan
2014-01-20 22:35 - 2014-01-20 22:35 - 00000000 ____D () C:\Program Files\Recuva
2014-01-20 20:37 - 2014-01-20 20:25 - 78049014 _____ () C:\Users\pc\Documents\How to Change Your Frequency to Change Your Reality.flv
2014-01-17 23:41 - 2013-11-11 19:12 - 00000000 ____D () C:\Program Files\Plus-HD-1.3
2014-01-12 17:34 - 2014-01-12 17:34 - 00000000 ____D () C:\Users\pc\AppData\Roaming\HideIPEasy
2014-01-12 17:34 - 2014-01-12 17:34 - 00000000 ____D () C:\ProgramData\HideIPEasy
2014-01-12 17:34 - 2014-01-12 17:34 - 00000000 ____D () C:\Program Files\HideIPEasy
2014-01-11 16:25 - 2014-01-11 16:14 - 09559069 _____ () C:\Users\pc\Documents\أبدا لن تنساني.. أحلام مستغانمي.. جاهدة وهبه.wmv.flv
2014-01-11 16:07 - 2014-01-11 16:05 - 09494253 _____ () C:\Users\pc\Documents\كنت سأنجب منك قبيلة - جاهدة وهبة.flv
2014-01-11 15:56 - 2014-01-11 14:23 - 234448340 _____ () C:\Users\pc\Documents\Zero Point _ Volume II - The Structure of Infinity FULL MOVIE 1080p.flv
2014-01-11 14:29 - 2014-01-11 14:22 - 41587863 _____ () C:\Users\pc\Documents\Spirit Science 22 (Part 3) ~ The God Particles.flv
2014-01-11 12:38 - 2013-02-15 14:30 - 00000000 ____D () C:\Users\pc\AppData\Local\Mozilla
2014-01-11 12:25 - 2013-03-10 17:07 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-01-11 12:14 - 2014-01-11 12:14 - 06951048 _____ (Microsoft Corporation) C:\Users\pc\Desktop\Silverlight.exe
2014-01-11 11:36 - 2014-01-11 11:36 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-11 11:36 - 2014-01-11 11:36 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-01-11 11:35 - 2014-01-11 11:35 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-11 11:34 - 2014-01-11 11:35 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-11 11:34 - 2014-01-11 11:35 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-11 11:34 - 2014-01-11 11:35 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-11 11:34 - 2013-06-09 16:33 - 00000000 ____D () C:\Program Files\Java
Some content of TEMP:
====================
C:\Users\pc\AppData\Local\Temp\avgnt.exe
C:\Users\pc\AppData\Local\Temp\djgmejcgdblwff.exe
C:\Users\pc\AppData\Local\Temp\lightspark_setup.exe
C:\Users\pc\AppData\Local\Temp\OptimizerPro.exe
C:\Users\pc\AppData\Local\Temp\Setup2.exe
C:\Users\pc\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\pc\AppData\Local\Temp\System.Data.SQLite14351.dll
C:\Users\pc\AppData\Local\Temp\System.Data.SQLite18511.dll
C:\Users\pc\AppData\Local\Temp\System.Data.SQLite19422.dll
C:\Users\pc\AppData\Local\Temp\System.Data.SQLite28657.dll
C:\Users\pc\AppData\Local\Temp\System.Data.SQLite33195.dll
C:\Users\pc\AppData\Local\Temp\System.Data.SQLite33370.dll
C:\Users\pc\AppData\Local\Temp\System.Data.SQLite35428.dll
C:\Users\pc\AppData\Local\Temp\System.Data.SQLite40360.dll
C:\Users\pc\AppData\Local\Temp\System.Data.SQLite42152.dll
C:\Users\pc\AppData\Local\Temp\System.Data.SQLite43118.dll
C:\Users\pc\AppData\Local\Temp\System.Data.SQLite46226.dll
C:\Users\pc\AppData\Local\Temp\System.Data.SQLite64432.dll
C:\Users\pc\AppData\Local\Temp\System.Data.SQLite64515.dll
C:\Users\pc\AppData\Local\Temp\System.Data.SQLite70578.dll
C:\Users\pc\AppData\Local\Temp\System.Data.SQLite71783.dll
C:\Users\pc\AppData\Local\Temp\System.Data.SQLite79140.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe
[2012-02-27 16:29] - [2012-02-27 16:29] - 0287232 ____A (Microsoft Corporation) 7295110E1BF93885D29480D29D967E0F
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe
[2012-02-27 15:14] - [2012-02-27 15:14] - 0021504 ____A (Microsoft Corporation) ECDB182F885292145826C58252B53000
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll
[2012-03-04 16:31] - [2012-03-04 16:31] - 0811520 ____A (Microsoft Corporation) F423305D648659593E61ADE582B53E69
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys
[2012-02-27 16:48] - [2012-02-27 16:48] - 0246128 ____A (Microsoft Corporation) 4B93EBB74FBAA2A6C16A7E65ABCF1F16
LastRegBack: 2014-02-09 16:22
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-02-2014 02
Ran by pc at 2014-02-09 19:59:04
Running from C:\Users\pc\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Out of date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Out of date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 12 ActiveX (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader X (10.1.1) - Arabic (Version: 10.1.1 - Adobe Systems Incorporated)
Apple Mobile Device Support (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Auto-Lyrics (Version: - Mansoft AutoLyrics) <==== ATTENTION
Avira Free Antivirus (Version: 14.0.2.286 - Avira)
Better Surf Plus (Version: 1.1 - Better Surf) <==== ATTENTION
BrowserSafeguard with RocketTab (HKCU Version: - Browsersafeguard) <==== ATTENTION
Canon MP110 (Version: - )
Canon My Printer (Version: 3.1.0 - Canon Inc.)
Canon ScanGear Starter (Version: - )
Canon Utilities Easy-LayoutPrint (Version: - )
CCleaner (Version: 3.04 - Piriform)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Delta Chrome Toolbar (Version: - Visual Tools) <==== ATTENTION
Dirk's Piano Tuner Trial V4.0 (Version: 4.0 - Dirk's Projects)
DivX Setup (Version: 2.6.1.24 - DivX, LLC)
DriverPack Solution Lite version 13 (Version: 13 - Kuzyakov Artur)
EasyLink (Version: 1.0.7 - Linkat)
Edgeworld (HKCU Version: 1.1.3.54042 - Pokki)
Facebook Video Calling 2.0.0.447 (Version: 2.0.447 - Skype Limited)
Feven 1.5 (Version: 1.30.153.0 - Feven) <==== ATTENTION
FreeMind (Version: 0.9.0 - )
GlobeTrotter Connect (Version: 3.0.0.866 - Option NV)
GlobeTrotter Connect (Version: 3.0.0.866 - Option NV) Hidden
GoforFiles (HKCU Version: 1.7.1 - hxxp://www.goforfiles.com/) <==== ATTENTION
Google Chrome (Version: 32.0.1700.107 - Google Inc.)
Google Earth Plug-in (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
Hide IP Easy (Version: 5.3.1.8 - )
HUAWEI DataCard Driver 4.20.12.00 (Version: 4.20.12.00 - Huawei technologies Co., Ltd.)
iTunes (Version: 11.0.2.26 - Apple Inc.)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 23 (Version: 6.0.230 - Oracle)
jetAudio Plus VX (Version: 6.2.4 - JetAudio, Inc.)
Lightspark 0.5.3-git (Version: 0.5.3-git - Lightspark Team)
Media Player (Version: 1.1 - Media Player)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (Version: 11.0.7969.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Mobile Connection Manager (Version: - Mobile Connection Manager)
Mozilla Firefox 28.0 (x86 ar) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (Version: 28.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MuseBook Tuner 2.2 (Version: 2.20 - AMuseTec Co., Ltd.)
MusicTuner (Version: 8.0.0.2 - GINtech Systems)
MusicTuner (Version: 8.0.0.2 - GINtech Systems) Hidden
MyPC Backup (Version: - MyPC Backup) <==== ATTENTION
Natura Sound Therapy (Version: 3.00 - Blissive Software)
Norton PC Checkup (Version: 3.0.2.122.0 - NortonLive Services)
Photo Common (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Plus-HD-1.3 (Version: 1.30.153.0 - Plus HD) <==== ATTENTION
Pokki (HKCU Version: 0.266.1.172 - Pokki)
PowerDVD (Version: - )
Qtrax Player (HKCU Version: - portal.qtrax.com)
QuickTime (Version: 7.73.80.64 - Apple Inc.)
Readon TV Movie Radio Player 7.6.0.0 (Version: 7.6.0 - Readon Technology)
RealDownloader (Version: 1.3.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (Version: 16.0.0 - RealNetworks)
Realtek High Definition Audio Driver (Version: 6.0.1.6348 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (Version: 1.50 - Piriform)
RocketDock 1.3.5 (Version: - Punk Software)
Skype™ 6.11 (Version: 6.11.102 - Skype Technologies S.A.)
Snap.Do (Version: 11.8.1.13233 - ReSoft Ltd.) <==== ATTENTION
Snap.Do Engine (HKCU Version: 11.8.1.13233 - ReSoft Ltd.) <==== ATTENTION
SocialHelper version 1.0 (Version: 1.0 - SocialHelper)
Software Version Updater (Version: 1.1.3.7 - ) <==== ATTENTION
SoftwareUpdater (Version: - )
Update for Mipony Download Manager (HKCU Version: - ) <==== ATTENTION
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Viber (HKCU Version: 3.0.0.133634 - Viber Media Inc)
Video Player (Version: 1.1 - Video Player) <==== ATTENTION
Video To MP3 (HKCU Version: - )
VLC media player 2.0.2 (Version: 2.0.2 - VideoLAN)
VO Package (Version: 1.0.0.0 - )
Windows Live Communications Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR 4.20 (32-bit) (Version: 4.20.0 - win.rar GmbH)
WinZip 17.5 (Version: 17.5.10480 - WinZip Computing, S.L. )
Wondershare Dr.Fone (iPhone 3GS)(Build 2.0.0.11) (Version: 2.0.0.11 - Wondershare Software Co.,Ltd.)
WPM17.8.0.3325 (Version: 17.8.0.3325 - Cherished Technololgy LIMITED) <==== ATTENTION
Yahoo! Messenger (Version: - Yahoo! Inc.)
Yahoo! Software Update (Version: - )
Yahoo! Toolbar (Version: - Yahoo! Inc.)
YouWave_Android (Version: 1.0 - masitlab)
YTD Video Downloader 4.2.2 (Version: 4.2.2 - GreenTree Applications SRL)
دعم تطبيق Apple (Version: 2.3.3 - Apple Inc.)
==================== Restore Points =========================
23-01-2014 22:15:37 avast! antivirus system restore point
02-02-2014 13:18:46 Geplanter Prüfpunkt
03-02-2014 17:32:58 Installed Canon ScanGear Starter
==================== Hosts content: ==========================
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0647F04D-DC95-4011-A806-A1500892A4DB} - System32\Tasks\Plus-HD-1.3-updater => C:\Program Files\Plus-HD-1.3\Plus-HD-1.3-updater.exe [2013-11-11] (Plus HD) <==== ATTENTION
Task: {1952B746-A8A4-4C01-9BD1-73A9EDF56A66} - System32\Tasks\Feven 1.5-codedownloader => C:\Program Files\Feven 1.5\Feven 1.5-codedownloader.exe [2013-11-11] (Feven) <==== ATTENTION
Task: {1ED03801-1085-4A01-8BED-4567B22E444E} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3300044895-2285275073-3483894629-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {24E6C2B5-B878-43BA-BACC-ADC1D1ACB324} - System32\Tasks\Feven 1.5-chromeinstaller => C:\Program Files\Feven 1.5\Feven 1.5-chromeinstaller.exe [2013-11-11] (Feven) <==== ATTENTION
Task: {40398609-AC98-4BE1-96FD-E2F72D683002} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3300044895-2285275073-3483894629-1000UA => C:\Users\pc\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-21] (Facebook Inc.)
Task: {41F8FA01-065F-412F-8F1F-8E9EBC6428B8} - System32\Tasks\UpdateVO => C:\Users\pc\AppData\Roaming\VOPackage\VOPackage.exe [2014-01-21] ()
Task: {41FCB431-518D-4DAE-918A-9ABEF6CC4E06} - System32\Tasks\Feven 1.5-updater => C:\Program Files\Feven 1.5\Feven 1.5-updater.exe [2013-11-11] (Feven) <==== ATTENTION
Task: {4F680A76-24EB-4630-A044-82AA0AEC029A} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3300044895-2285275073-3483894629-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {782CE96A-6286-484C-B40C-EF232C729568} - System32\Tasks\GoforFilesUpdate => C:\Program Files\GoforFiles\GFFUpdater.exe [2013-03-10] (hxxp://www.goforfiles.com/) <==== ATTENTION
Task: {89A7AE0C-AA3F-42B4-B841-F61E267C207D} - System32\Tasks\Plus-HD-1.3-enabler => C:\Program Files\Plus-HD-1.3\Plus-HD-1.3-enabler.exe [2013-11-11] (Plus HD) <==== ATTENTION
Task: {917904A0-3EB2-499C-B59C-7A0220B386DC} - System32\Tasks\Plus-HD-1.3-codedownloader => C:\Program Files\Plus-HD-1.3\Plus-HD-1.3-codedownloader.exe [2013-11-11] (Plus HD) <==== ATTENTION
Task: {97CDDEB3-8BD0-4721-BE32-E789B0F1F5CD} - System32\Tasks\AmiUpdXp => C:\Users\pc\AppData\Local\SwvUpdater\Updater.exe [2013-07-21] (Amonetize ltd.) <==== ATTENTION
Task: {97F12B74-A5F1-4677-8EFD-E99E5BD4052E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3300044895-2285275073-3483894629-1000Core => C:\Users\pc\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-21] (Facebook Inc.)
Task: {A9BFCAB6-2E40-4F56-A578-7176587F0914} - System32\Tasks\DealPlyUpdate => C:\Program
Task: {A9E2F6A5-4599-4EE8-8ADB-741A2344135E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-06] (Adobe Systems Incorporated)
Task: {BD94CAF2-173C-4DE2-9F7C-2C086392CE5B} - System32\Tasks\Feven 1.5-enabler => C:\Program Files\Feven 1.5\Feven 1.5-enabler.exe [2013-11-11] (Feven) <==== ATTENTION
Task: {BE500577-B785-4966-89FE-5DF45C1E761B} - System32\Tasks\Plus-HD-1.3-firefoxinstaller => C:\Program Files\Plus-HD-1.3\Plus-HD-1.3-firefoxinstaller.exe [2013-11-11] (Plus HD) <==== ATTENTION
Task: {C2AFA062-3F21-474A-9C19-EF14BAEEC7C1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-15] (Google Inc.)
Task: {C8C1396E-2E5A-4C5D-AFF1-3869E9F1D23B} - System32\Tasks\Plus-HD-1.3-chromeinstaller => C:\Program Files\Plus-HD-1.3\Plus-HD-1.3-chromeinstaller.exe [2013-11-11] (Plus HD) <==== ATTENTION
Task: {CEE97F4B-6B3D-46C5-B4B7-48EACFC3B778} - System32\Tasks\Auto-Lyrics Update => C:\Program Files\Auto-Lyrics\alUpdater.exe <==== ATTENTION
Task: {D1315B48-05C4-45C1-98C9-9A1966A782F0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EFCF52DA-C9F9-41FA-9AC7-74C503B5193D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-15] (Google Inc.)
Task: {F848B3DE-673A-4AD6-AAEF-7F50792B664F} - System32\Tasks\Feven 1.5-firefoxinstaller => C:\Program Files\Feven 1.5\Feven 1.5-firefoxinstaller.exe [2013-11-11] (Feven) <==== ATTENTION
Task: {FC3B904B-C592-4A28-825D-16E5F8CBF10A} - System32\Tasks\DSite => C:\Users\pc\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\pc\AppData\Local\SwvUpdater\Updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\Auto-Lyrics Update.job => C:\Program Files\Auto-Lyrics\alUpdater.exe <==== ATTENTION
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3300044895-2285275073-3483894629-1000Core.job => C:\Users\pc\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3300044895-2285275073-3483894629-1000UA.job => C:\Users\pc\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\Feven 1.5-chromeinstaller.job => C:\Program Files\Feven 1.5\Feven 1.5-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Feven 1.5-codedownloader.job => C:\Program Files\Feven 1.5\Feven 1.5-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\Feven 1.5-enabler.job => C:\Program Files\Feven 1.5\Feven 1.5-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\Feven 1.5-firefoxinstaller.job => C:\Program Files\Feven 1.5\Feven 1.5-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Feven 1.5-updater.job => C:\Program Files\Feven 1.5\Feven 1.5-updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Plus-HD-1.3-chromeinstaller.job => C:\Program Files\Plus-HD-1.3\Plus-HD-1.3-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-1.3-codedownloader.job => C:\Program Files\Plus-HD-1.3\Plus-HD-1.3-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-1.3-enabler.job => C:\Program Files\Plus-HD-1.3\Plus-HD-1.3-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-1.3-firefoxinstaller.job => C:\Program Files\Plus-HD-1.3\Plus-HD-1.3-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-1.3-updater.job => C:\Program Files\Plus-HD-1.3\Plus-HD-1.3-updater.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2013-02-15 14:33 - 2007-09-02 13:57 - 00069632 _____ () C:\Program Files\RocketDock\RocketDock.dll
2013-11-01 06:31 - 2013-11-01 06:31 - 02017608 _____ () C:\Users\pc\AppData\Local\Pokki\ocdeskband_0.dll
2013-02-13 03:37 - 2013-02-13 03:37 - 01263952 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2013-02-13 03:38 - 2013-02-13 03:38 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2013-02-15 14:33 - 2007-09-02 13:58 - 00495616 _____ () C:\Program Files\RocketDock\RocketDock.exe
2013-08-18 23:05 - 2013-08-22 11:02 - 00187888 _____ () C:\Users\pc\AppData\Roaming\BabSolution\Shared\enhancedNT.dll
2013-10-31 16:29 - 2013-10-31 16:29 - 00034848 _____ () C:\Users\pc\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
2013-10-31 16:29 - 2013-10-31 16:29 - 00056864 _____ () C:\Users\pc\AppData\Local\Smartbar\Application\srau.dll
2013-10-31 16:29 - 2013-10-31 16:29 - 00150560 _____ () C:\Users\pc\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
2013-10-31 16:29 - 2013-10-31 16:29 - 00112672 _____ () C:\Users\pc\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
2013-10-31 16:29 - 2013-10-31 16:29 - 01981472 _____ () C:\Users\pc\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
2013-10-31 16:29 - 2013-10-31 16:29 - 00055840 _____ () C:\Users\pc\AppData\Local\Smartbar\Application\spbl.dll
2013-10-31 16:29 - 2013-10-31 16:29 - 00013344 _____ () C:\Users\pc\AppData\Local\Smartbar\Application\siem.dll
2013-10-31 16:29 - 2013-10-31 16:29 - 00049184 _____ () C:\Users\pc\AppData\Local\Smartbar\Application\sppsm.dll
2013-10-31 16:29 - 2013-10-31 16:29 - 00728096 _____ () C:\Users\pc\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
2013-10-31 16:29 - 2013-10-31 16:29 - 00082464 _____ () C:\Users\pc\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
2013-10-31 16:29 - 2013-10-31 16:29 - 00014368 _____ () C:\Users\pc\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
2013-10-31 16:29 - 2013-10-31 16:29 - 00017440 _____ () C:\Users\pc\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
2013-10-31 16:29 - 2013-10-31 16:29 - 00031264 _____ () C:\Users\pc\AppData\Local\Smartbar\Application\srut.dll
2013-10-31 16:29 - 2013-10-31 16:29 - 00020512 _____ () C:\Users\pc\AppData\Local\Smartbar\Application\srsbs.dll
2013-10-31 16:29 - 2013-10-31 16:29 - 00057888 _____ () C:\Users\pc\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
2013-10-31 16:29 - 2013-10-31 16:29 - 00014880 _____ () C:\Users\pc\AppData\Local\Smartbar\Application\srpdm.dll
2013-11-11 19:16 - 2013-11-11 19:16 - 00911872 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll
2013-10-31 16:29 - 2013-10-31 16:29 - 00014368 _____ () C:\Users\pc\AppData\Local\Smartbar\Application\sgml.dll
2013-10-31 16:29 - 2013-10-31 16:29 - 00053280 _____ () C:\Users\pc\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
2013-10-31 16:28 - 2013-10-31 16:28 - 00048160 _____ () C:\Users\pc\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
2013-10-31 16:28 - 2013-10-31 16:28 - 00039968 _____ () C:\Users\pc\AppData\Local\Smartbar\Application\ar\Smartbar.Resources.LanguageSettings.resources.dll
2013-10-31 16:29 - 2013-10-31 16:29 - 00025632 _____ () C:\Users\pc\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
2013-10-31 15:17 - 2013-10-31 15:17 - 00193056 _____ () C:\Users\pc\AppData\Local\Smartbar\Application\sgmu.dll
2013-10-31 15:16 - 2013-10-31 15:16 - 00068640 _____ () C:\Users\pc\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll
2013-10-31 16:29 - 2013-10-31 16:29 - 00248864 _____ () C:\Users\pc\AppData\Local\Smartbar\Application\srns.dll
2008-09-23 18:17 - 2008-09-23 18:17 - 00079872 _____ () C:\Program Files\Option\GlobeTrotter Connect\Custom.dll
2013-09-07 03:11 - 2013-09-07 03:11 - 00569856 _____ () C:\Users\pc\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll
2013-09-07 03:11 - 2013-09-07 03:11 - 01400846 _____ () C:\Users\pc\AppData\Local\Pokki\Engine\avcodec-54.dll
2013-09-07 03:11 - 2013-09-07 03:11 - 00151054 _____ () C:\Users\pc\AppData\Local\Pokki\Engine\avutil-51.dll
2013-09-07 03:11 - 2013-09-07 03:11 - 00222734 _____ () C:\Users\pc\AppData\Local\Pokki\Engine\avformat-54.dll
2014-02-07 17:14 - 2014-02-07 17:14 - 03614832 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-02-06 12:47 - 2014-02-06 12:47 - 16287624 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll
2013-07-01 11:53 - 2013-07-01 11:53 - 00118272 _____ () C:\Program Files\GreenTree Applications\YTD Video Downloader\libvlc.dll
2013-07-01 11:53 - 2013-07-01 11:53 - 02328576 _____ () C:\Program Files\GreenTree Applications\YTD Video Downloader\libvlccore.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\ProgramData\TEMP:C5831B98
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/09/2014 04:26:10 PM) (Source: SideBySide) (User: )
Description: فشل إنشاء سياق التنشيط لـ "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
تعذر العثور على التجميع rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" التابع.
الرجاء استخدام sxstrace.exe للحصول على تشخيص مفصل.
Error: (02/09/2014 04:22:12 PM) (Source: SideBySide) (User: )
Description: فشل إنشاء سياق التنشيط لـ "1". خطأ في ملف البيان أو ملف النهج "2" في السطر 3.
يجب أن يكون عنصر جذر ملف البيانات تجميعاً.
Error: (02/09/2014 01:10:28 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/08/2014 05:16:28 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/07/2014 04:04:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/07/2014 09:49:11 AM) (Source: SideBySide) (User: )
Description: فشل إنشاء سياق التنشيط لـ "1". خطأ في ملف البيان أو ملف النهج "2" في السطر 3.
يجب أن يكون عنصر جذر ملف البيانات تجميعاً.
Error: (02/07/2014 00:04:24 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/06/2014 03:27:38 PM) (Source: SideBySide) (User: )
Description: فشل إنشاء سياق التنشيط لـ "1". خطأ في ملف البيان أو ملف النهج "2" في السطر 3.
يجب أن يكون عنصر جذر ملف البيانات تجميعاً.
Error: (02/06/2014 02:22:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/05/2014 11:37:55 PM) (Source: Application Error) (User: )
Description: اسم التطبيق الذي يحتوي على أخطاء: Skype.exe، الإصدار: 6.11.60.102، الطابع الزمني: 0x5285fb7b
اسم الوحدة النمطية التي تحتوي على أخطاء: KERNELBASE.dll، الإصدار: 6.1.7601.17651، الطابع الزمني: 0x4e2111c0
رمز الاستثناء: 0xe0fafafa
إزاحة الخطأ: 0x0000d36f
معرّف العملية التي تحتوي على خطأ: 0xdcc
وقت بدء تشغيل التطبيق الذي يحتوي على خطأ: 0xSkype.exe0
مسار التطبيق الذي يحتوي على خطأ: Skype.exe1
مسار الوحدة النمطية التي تحتوي على خطأ: Skype.exe2
معرف التقرير: Skype.exe3
System errors:
=============
Error: (02/09/2014 06:58:47 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: تم استلام التنبيه الهام التالي: 48.
Error: (02/09/2014 00:58:47 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: تم استلام التنبيه الهام التالي: 48.
Error: (02/09/2014 01:11:37 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: تم استلام التنبيه الهام التالي: 48.
Error: (02/08/2014 05:21:24 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: تم استلام التنبيه الهام التالي: 48.
Error: (02/08/2014 05:20:38 PM) (Source: Service Control Manager) (User: )
Description: تم الوصول إلى نهاية المهلة (30000 مللي ثانية) أثناء انتظار اتصال الخدمة Windows-Fehlerberichterstattungsdienst.
Error: (02/08/2014 11:01:15 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: تم استلام التنبيه الهام التالي: 48.
Error: (02/08/2014 00:11:55 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: تم استلام التنبيه الهام التالي: 48.
Error: (02/07/2014 04:06:15 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: تم استلام التنبيه الهام التالي: 48.
Error: (02/07/2014 04:05:25 PM) (Source: Service Control Manager) (User: )
Description: تم الوصول إلى نهاية المهلة (30000 مللي ثانية) أثناء انتظار اتصال الخدمة Windows-Fehlerberichterstattungsdienst.
Error: (02/07/2014 09:31:09 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: تم استلام التنبيه الهام التالي: 48.
Microsoft Office Sessions:
=========================
Error: (02/09/2014 04:26:10 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe
Error: (02/09/2014 04:22:12 PM) (Source: SideBySide)(User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2
Error: (02/09/2014 01:10:28 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/08/2014 05:16:28 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/07/2014 04:04:35 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/07/2014 09:49:11 AM) (Source: SideBySide)(User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2
Error: (02/07/2014 00:04:24 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/06/2014 03:27:38 PM) (Source: SideBySide)(User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2
Error: (02/06/2014 02:22:25 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/05/2014 11:37:55 PM) (Source: Application Error)(User: )
Description: Skype.exe6.11.60.1025285fb7bKERNELBASE.dll6.1.7601.176514e2111c0e0fafafa0000d36fdcc01cf227c357526feC:\Program Files\Skype\Phone\Skype.exeC:\Windows\system32\KERNELBASE.dll273bc096-8eb6-11e3-9fe1-002454a3648c
==================== Memory info ===========================
Percentage of memory in use: 65%
Total physical RAM: 2008.61 MB
Available physical RAM: 697.96 MB
Total Pagefile: 4017.21 MB
Available Pagefile: 1757.86 MB
Total Virtual: 2047.88 MB
Available Virtual: 1877.3 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:107.32 GB) (Free:51.54 GB) NTFS
Drive d: (القرص المحلي) (Fixed) (Total:110.46 GB) (Free:36.82 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 02DBCD55)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=107 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=110 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-09 20:33:54
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM250HI rev.2AC101C4 232.89GB
Running: zemhc8n9.exe; Driver: C:\Users\pc\AppData\Local\Temp\pxldapoc.sys
---- System - GMER 2.1 ----
SSDT 8C718396 ZwCreateSection
SSDT 8C7183A0 ZwRequestWaitReplyPort
SSDT 8C71839B ZwSetContextThread
SSDT 8C7183A5 ZwSetSecurityObject
SSDT 8C7183AA ZwSystemDebugControl
SSDT 8C718337 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!KeIpiGenericCall + 158 83014131 7 Bytes JMP 895B292C \SystemRoot\system32\DRIVERS\oem-drv86.sys
.text ntoskrnl.exe!KeQueryMaximumGroupCount + 17 8302231E 7 Bytes JMP 895B28FA \SystemRoot\system32\DRIVERS\oem-drv86.sys
.text ntoskrnl.exe!ZwSaveKey + 13BD 83035979 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 830554F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 14BF 8305C87C 4 Bytes [96, 83, 71, 8C]
.text ntoskrnl.exe!KeRemoveQueueEx + 181B 8305CBD8 4 Bytes [A0, 83, 71, 8C]
.text ntoskrnl.exe!KeRemoveQueueEx + 185F 8305CC1C 4 Bytes [9B, 83, 71, 8C]
.text ntoskrnl.exe!KeRemoveQueueEx + 18DB 8305CC98 4 Bytes [A5, 83, 71, 8C]
.text ntoskrnl.exe!KeRemoveQueueEx + 192F 8305CCEC 4 Bytes [AA, 83, 71, 8C]
.text ...
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3820] kernel32.dll!SetUnhandledExceptionFilter 7581F4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Users\pc\AppData\Local\Pokki\Engine\pokki.exe[4468] ntdll.dll!NtCreateFile + 6 76F955EE 4 Bytes [28, 50, 9D, 00]
.text C:\Users\pc\AppData\Local\Pokki\Engine\pokki.exe[4468] ntdll.dll!NtCreateFile + B 76F955F3 1 Byte [E2]
.text C:\Users\pc\AppData\Local\Pokki\Engine\pokki.exe[4468] ntdll.dll!NtMapViewOfSection + 6 76F95C4E 4 Bytes [28, 53, 9D, 00]
.text C:\Users\pc\AppData\Local\Pokki\Engine\pokki.exe[4468] ntdll.dll!NtMapViewOfSection + B 76F95C53 1 Byte [E2]
.text C:\Users\pc\AppData\Local\Pokki\Engine\pokki.exe[4468] ntdll.dll!NtOpenFile + 6 76F95CFE 4 Bytes [68, 50, 9D, 00]
.text C:\Users\pc\AppData\Local\Pokki\Engine\pokki.exe[4468] ntdll.dll!NtOpenFile + B 76F95D03 1 Byte [E2]
.text C:\Users\pc\AppData\Local\Pokki\Engine\pokki.exe[4468] ntdll.dll!NtOpenProcess + 6 76F95DAE 4 Bytes [A8, 51, 9D, 00]
.text C:\Users\pc\AppData\Local\Pokki\Engine\pokki.exe[4468] ntdll.dll!NtOpenProcess + B 76F95DB3 1 Byte [E2]
.text C:\Users\pc\AppData\Local\Pokki\Engine\pokki.exe[4468] ntdll.dll!NtOpenProcessToken + 6 76F95DBE 4 Bytes CALL 75F9FB14 C:\Windows\system32\SHELL32.dll
.text C:\Users\pc\AppData\Local\Pokki\Engine\pokki.exe[4468] ntdll.dll!NtOpenProcessToken + B 76F95DC3 1 Byte [E2]
.text C:\Users\pc\AppData\Local\Pokki\Engine\pokki.exe[4468] ntdll.dll!NtOpenProcessTokenEx + 6 76F95DCE 4 Bytes [A8, 52, 9D, 00]
.text C:\Users\pc\AppData\Local\Pokki\Engine\pokki.exe[4468] ntdll.dll!NtOpenProcessTokenEx + B 76F95DD3 1 Byte [E2]
.text C:\Users\pc\AppData\Local\Pokki\Engine\pokki.exe[4468] ntdll.dll!NtOpenThread + 6 76F95E2E 4 Bytes [68, 51, 9D, 00]
.text C:\Users\pc\AppData\Local\Pokki\Engine\pokki.exe[4468] ntdll.dll!NtOpenThread + B 76F95E33 1 Byte [E2]
.text C:\Users\pc\AppData\Local\Pokki\Engine\pokki.exe[4468] ntdll.dll!NtOpenThreadToken + 6 76F95E3E 4 Bytes [68, 52, 9D, 00]
.text C:\Users\pc\AppData\Local\Pokki\Engine\pokki.exe[4468] ntdll.dll!NtOpenThreadToken + B 76F95E43 1 Byte [E2]
.text C:\Users\pc\AppData\Local\Pokki\Engine\pokki.exe[4468] ntdll.dll!NtOpenThreadTokenEx + 6 76F95E4E 4 Bytes CALL 75F9FBA5 C:\Windows\system32\SHELL32.dll
.text C:\Users\pc\AppData\Local\Pokki\Engine\pokki.exe[4468] ntdll.dll!NtOpenThreadTokenEx + B 76F95E53 1 Byte [E2]
.text C:\Users\pc\AppData\Local\Pokki\Engine\pokki.exe[4468] ntdll.dll!NtQueryAttributesFile + 6 76F95F5E 4 Bytes [A8, 50, 9D, 00]
.text C:\Users\pc\AppData\Local\Pokki\Engine\pokki.exe[4468] ntdll.dll!NtQueryAttributesFile + B 76F95F63 1 Byte [E2]
.text C:\Users\pc\AppData\Local\Pokki\Engine\pokki.exe[4468] ntdll.dll!NtQueryFullAttributesFile + 6 76F9600E 4 Bytes CALL 75F9FD63 C:\Windows\system32\SHELL32.dll
.text C:\Users\pc\AppData\Local\Pokki\Engine\pokki.exe[4468] ntdll.dll!NtQueryFullAttributesFile + B 76F96013 1 Byte [E2]
.text C:\Users\pc\AppData\Local\Pokki\Engine\pokki.exe[4468] ntdll.dll!NtSetInformationFile + 6 76F9665E 4 Bytes [28, 51, 9D, 00]
.text C:\Users\pc\AppData\Local\Pokki\Engine\pokki.exe[4468] ntdll.dll!NtSetInformationFile + B 76F96663 1 Byte [E2]
.text C:\Users\pc\AppData\Local\Pokki\Engine\pokki.exe[4468] ntdll.dll!NtSetInformationThread + 6 76F966BE 4 Bytes [28, 52, 9D, 00]
.text C:\Users\pc\AppData\Local\Pokki\Engine\pokki.exe[4468] ntdll.dll!NtSetInformationThread + B 76F966C3 1 Byte [E2]
.text C:\Users\pc\AppData\Local\Pokki\Engine\pokki.exe[4468] ntdll.dll!NtUnmapViewOfSection + 6 76F969DE 4 Bytes [68, 53, 9D, 00]
.text C:\Users\pc\AppData\Local\Pokki\Engine\pokki.exe[4468] ntdll.dll!NtUnmapViewOfSection + B 76F969E3 1 Byte [E2]
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\10x15 cm (Abreiكstreifen)
Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\10x15 cm (Abreiكstreifen)@FormKeyword 0x31 0x30 0x5F 0x58 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\10x15 cm (Abreiكstreifen)@ResourceNameID @hpzstw71.dll,4436
Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\4x6 Zoll (Abreiكstreifen)
Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\4x6 Zoll (Abreiكstreifen)@FormKeyword 0x34 0x5F 0x58 0x5F ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\4x6 Zoll (Abreiكstreifen)@ResourceNameID @hpzstw71.dll,4432
Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\Fotokarte 10x20 cm (Abreiكstr.)
Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\Fotokarte 10x20 cm (Abreiكstr.)@FormKeyword 0x48 0x50 0x5F 0x31 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\Fotokarte 10x20 cm (Abreiكstr.)@ResourceNameID @hpzstw71.dll,4758
Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\Fotokarte 4x8 Zoll (Abreiكstr.)
Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\Fotokarte 4x8 Zoll (Abreiكstr.)@FormKeyword 0x34 0x5F 0x58 0x5F ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\Fotokarte 4x8 Zoll (Abreiكstr.)@ResourceNameID @hpzstw71.dll,4753
Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\Randl.Karte 10x20cm(Abreiكstr.)
Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\Randl.Karte 10x20cm(Abreiكstr.)@FormKeyword 0x48 0x50 0x5F 0x42 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\Randl.Karte 10x20cm(Abreiكstr.)@ResourceNameID @hpzstw71.dll,4785
Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\Randl.Karte 4x8Zoll(Abreiكstr.)
Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\Randl.Karte 4x8Zoll(Abreiكstr.)@FormKeyword 0x48 0x50 0x5F 0x42 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\Randl.Karte 4x8Zoll(Abreiكstr.)@ResourceNameID @hpzstw71.dll,4784
Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\Randloses 10x15 cm (Abreiكstr.)
Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\Randloses 10x15 cm (Abreiكstr.)@FormKeyword 0x48 0x50 0x5F 0x42 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\Randloses 10x15 cm (Abreiكstr.)@ResourceNameID @hpzstw71.dll,4757
Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\Randloses 4x6 Zoll (Abreiكstr.)
Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\Randloses 4x6 Zoll (Abreiكstr.)@FormKeyword 0x48 0x50 0x5F 0x42 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms\Randloses 4x6 Zoll (Abreiكstr.)@ResourceNameID @hpzstw71.dll,3390
Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\10x15 cm (Abreiكstreifen) (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\10x15 cm (Abreiكstreifen)@FormKeyword 0x31 0x30 0x5F 0x58 ...
Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\10x15 cm (Abreiكstreifen)@ResourceNameID @hpzstw71.dll,4436
Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\4x6 Zoll (Abreiكstreifen) (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\4x6 Zoll (Abreiكstreifen)@FormKeyword 0x34 0x5F 0x58 0x5F ...
Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\4x6 Zoll (Abreiكstreifen)@ResourceNameID @hpzstw71.dll,4432
Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\Fotokarte 10x20 cm (Abreiكstr.) (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\Fotokarte 10x20 cm (Abreiكstr.)@FormKeyword 0x48 0x50 0x5F 0x31 ...
Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\Fotokarte 10x20 cm (Abreiكstr.)@ResourceNameID @hpzstw71.dll,4758
Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\Fotokarte 4x8 Zoll (Abreiكstr.) (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\Fotokarte 4x8 Zoll (Abreiكstr.)@FormKeyword 0x34 0x5F 0x58 0x5F ...
Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\Fotokarte 4x8 Zoll (Abreiكstr.)@ResourceNameID @hpzstw71.dll,4753
Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\Randl.Karte 10x20cm(Abreiكstr.) (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\Randl.Karte 10x20cm(Abreiكstr.)@FormKeyword 0x48 0x50 0x5F 0x42 ...
Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\Randl.Karte 10x20cm(Abreiكstr.)@ResourceNameID @hpzstw71.dll,4785
Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\Randl.Karte 4x8Zoll(Abreiكstr.) (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\Randl.Karte 4x8Zoll(Abreiكstr.)@FormKeyword 0x48 0x50 0x5F 0x42 ...
Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\Randl.Karte 4x8Zoll(Abreiكstr.)@ResourceNameID @hpzstw71.dll,4784
Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\Randloses 10x15 cm (Abreiكstr.) (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\Randloses 10x15 cm (Abreiكstr.)@FormKeyword 0x48 0x50 0x5F 0x42 ...
Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\Randloses 10x15 cm (Abreiكstr.)@ResourceNameID @hpzstw71.dll,4757
Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\Randloses 4x6 Zoll (Abreiكstr.) (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\Randloses 4x6 Zoll (Abreiكstr.)@FormKeyword 0x48 0x50 0x5F 0x42 ...
Reg HKLM\SYSTEM\ControlSet002\Control\Print\Forms\Randloses 4x6 Zoll (Abreiكstr.)@ResourceNameID @hpzstw71.dll,3390
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\ـbersetzen
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\ـbersetzen\microsofttranslator.com
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\ـbersetzen\microsofttranslator.com@Enabled 1
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\pc\Desktop\مجلد جديد \x202b(3)\x202c\OJ4500vG510a-f_corporate_13\Setup.exe 1
---- EOF - GMER 2.1 ----
|
|
09.02.2014, 22:49
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7: Prozessorauslastung 100% bei google chrome hi,
__________________Scan mit Combofix
__________________ |
|
| Themen zu Windows 7: Prozessorauslastung 100% bei google chrome |
| 100%, amonetize, antivir, antivirus, avira, error, firefox, firefox 28.0, google, helper, iexplore.exe, installation, lightning, lightning speeddial, lightning speeddial entfernen, mipony, mobogenie, mobogenie entfernen, mp3, nationzoom, nationzoom entfernen, newtab, nextlive, ntdll.dll, pokki, problem, registry, rockettab, rundll, security, services.exe, smartbar, symantec, system, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
