Trojaner-Board - Mahnungsemail mit Rechnung im Anhang, das öffnen des Anhangs ist fehlgeschlagen, und durch scan habe ich 15 mit trojaner infizierte objekte.

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Mahnungsemail mit Rechnung im Anhang, das öffnen des Anhangs ist fehlgeschlagen, und durch scan habe ich 15 mit trojaner infizierte objekte. (https://www.trojaner-board.de/132161-mahnungsemail-rechnung-anhang-oeffnen-anhangs-fehlgeschlagen-scan-habe-15-trojaner-infizierte-objekte.html)

Mahnungsemail mit Rechnung im Anhang, das öffnen des Anhangs ist fehlgeschlagen, und durch scan habe ich 15 mit trojaner infizierte objekte.

Hallo habe am 12.03.13 eine mahnungs email bekommen mit der aufforderung einen hohen betrag an eine mir unbekannte person zu zahlen, es stand aber keine kontonummer oder bankleitzahl dabei, es stand nur man sollte den anhang öffnen da würde dann weiteres erläutert werden. Habe den Anhang gedownloadede und konnte ihn anschließend nicht öffnen, mein pc hat nur angefangen zu spinnen, firefox reagiert gar nicht mehr... bin dann zufällig bei googeln meines problems über die rechnung, auf diese seite gekommen und habe gleich einen scan mit dem empfohlenen malware bytes programm durgeführt. Herausgekommen dabei wurden 15 durch trojaner infizierte objekte auf meinem pc angezeigt, habe den bericht dazu wie empholen kopiert. HIer ist er :Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.12.10

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
majdi ameni elvira :: MAJDIAMENIELVIR [Administrator]

Schutz: Aktiviert

13.03.2013 00:29:51
mbam-log-2013-03-13 (00-29-51).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 205997
Laufzeit: 3 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|knzmwzkc (Trojan.Ransom.ED) -> Daten: C:\Users\majdi ameni elvira\Sbblisr\nnnsznswzkc.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|KB00430485.exe (Trojan.Agent.KBGen) -> Daten: "C:\Users\majdi ameni elvira\AppData\Roaming\KB00430485.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 13
C:\Users\majdi ameni elvira\Downloads\mplayer_Setup.exe (PUP.Bundle.Installer.OI) -> Keine Aktion durchgeführt.
C:\Users\majdi ameni elvira\Sbblisr\nnnsznswzkc.exe (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\majdi ameni elvira\AppData\Local\Temp\dootxjffdo.pre (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\majdi ameni elvira\AppData\Local\Temp\dtdqonxojf.pre (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\majdi ameni elvira\AppData\Local\Temp\eggupgapvu.pre (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\majdi ameni elvira\AppData\Local\Temp\njjjddntdj.pre (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\majdi ameni elvira\AppData\Local\Temp\qttqxfodtq.pre (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\majdi ameni elvira\AppData\Local\Temp\rsszhrsblr.pre (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\majdi ameni elvira\AppData\Local\Temp\rsszlrhzni.pre (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\majdi ameni elvira\AppData\Local\Temp\sirbznbsil.pre (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\majdi ameni elvira\AppData\Local\Temp\vgpeglvagp.pre (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\majdi ameni elvira\AppData\Local\Temp\Temp2_Mahnung vom 12.03.2013.zip\Mahnung vom 12.03.2013.com (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\majdi ameni elvira\Downloads\tuto_firefox.exe (Trojan.Eorezo) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Hoffe mir kann jemand beim bereinigen helfen, da ich kaum plan habe mit pc und system und so weiter, würde am liebsten eigentlich meinen pc ganz platt machen, er spinnt schon seit langem..Vielen dank im vorraus.

Hallo und :hallo:

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

http://www.trojaner-board.de/picture...&pictureid=307

hi, ok also das tut mir echt leid aber ich muss jetzt ein paar dumme fragen zuerst stellen...ich bin auch nur ne frau ohne jegliche technik kenntnisse...soo also logfile wääre dann was??! dieser bericht vom virusscan ?? und nein ich hab nur diesen scan vom malwarebytes anti-malware gemacht und bei meiner frage reinkopiert..
und warum verschicken die leute so viren..was bringt das denen?? haben die damit zugriff auf meine daten?? :headbang::headbang::headbang::pfui:

und soll ich dann jetzt im die logfiles in eine codebox reinpacken?? un was heißt klicke im EDITOR auf das # symbol. Es erscheinen zwei Klammerausdrücke . und was ist ein curser? und welche codetags? es tut mir echt leid ich hab echt kein plan grade... :(

Code:

 Malwarebytes Anti-Malware (Test) 1.70.0.1100

www.malwarebytes.org
 

Datenbank Version: v2013.03.12.10
 

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

majdi ameni elvira :: MAJDIAMENIELVIR [Administrator]
 

Schutz: Aktiviert
 

13.03.2013 00:29:51

mbam-log-2013-03-13 (00-29-51).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 205997

Laufzeit: 3 Minute(n), 12 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 2

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|knzmwzkc (Trojan.Ransom.ED) -> Daten: C:\Users\majdi ameni elvira\Sbblisr\nnnsznswzkc.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|KB00430485.exe (Trojan.Agent.KBGen) -> Daten: "C:\Users\majdi ameni elvira\AppData\Roaming\KB00430485.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 13

C:\Users\majdi ameni elvira\Downloads\mplayer_Setup.exe (PUP.Bundle.Installer.OI) -> Keine Aktion durchgeführt.

C:\Users\majdi ameni elvira\Sbblisr\nnnsznswzkc.exe (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\majdi ameni elvira\AppData\Local\Temp\dootxjffdo.pre (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\majdi ameni elvira\AppData\Local\Temp\dtdqonxojf.pre (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\majdi ameni elvira\AppData\Local\Temp\eggupgapvu.pre (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\majdi ameni elvira\AppData\Local\Temp\njjjddntdj.pre (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\majdi ameni elvira\AppData\Local\Temp\qttqxfodtq.pre (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\majdi ameni elvira\AppData\Local\Temp\rsszhrsblr.pre (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\majdi ameni elvira\AppData\Local\Temp\rsszlrhzni.pre (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\majdi ameni elvira\AppData\Local\Temp\sirbznbsil.pre (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\majdi ameni elvira\AppData\Local\Temp\vgpeglvagp.pre (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\majdi ameni elvira\AppData\Local\Temp\Temp2_Mahnung vom 12.03.2013.zip\Mahnung vom 12.03.2013.com (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\majdi ameni elvira\Downloads\tuto_firefox.exe (Trojan.Eorezo) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Code:

Malwarebytes Anti-Malware (Test) 1.70.0.1100

www.malwarebytes.org
 

Datenbank Version: v2013.03.13.07
 

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

majdi ameni elvira :: MAJDIAMENIELVIR [Administrator]
 

Schutz: Aktiviert
 

14.03.2013 01:26:43

mbam-log-2013-03-14 (01-26-43).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 205700

Laufzeit: 2 Minute(n), 36 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 1

C:\Users\majdi ameni elvira\Downloads\mplayer_Setup.exe (PUP.Bundle.Installer.OI) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Code:

2013/03/13 00:29:05 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        Starting protection

2013/03/13 00:29:05 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        Protection started successfully

2013/03/13 00:29:05 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        Starting IP protection

2013/03/13 00:29:07 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        IP Protection started successfully

2013/03/13 00:29:25 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        Starting database refresh

2013/03/13 00:29:25 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        Stopping IP protection

2013/03/13 00:29:25 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        IP Protection stopped successfully

2013/03/13 00:29:29 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        Database refreshed successfully

2013/03/13 00:29:30 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        Starting IP protection

2013/03/13 00:29:36 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        IP Protection started successfully

2013/03/13 00:29:38 +0100        MAJDIAMENIELVIR        majdi ameni elvira        DETECTION        C:\Users\majdi ameni elvira\AppData\Roaming\KB00430485.exe        Trojan.Agent.Gen        QUARANTINE

2013/03/13 00:29:43 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        Starting database refresh

2013/03/13 00:29:43 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        Stopping IP protection

2013/03/13 00:29:44 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        IP Protection stopped successfully

2013/03/13 00:29:46 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        Database refreshed successfully

2013/03/13 00:29:46 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        Starting IP protection

2013/03/13 00:29:53 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        IP Protection started successfully

2013/03/13 13:40:48 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        Starting protection

2013/03/13 13:40:48 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        Protection started successfully

2013/03/13 13:40:48 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        Starting IP protection

2013/03/13 13:40:58 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        IP Protection started successfully

2013/03/13 13:56:08 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        Executing scheduled update:  Daily

2013/03/13 13:56:17 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        Scheduled update executed successfully:  database updated from version v2013.03.12.10 to version v2013.03.13.07

2013/03/13 13:56:17 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        Starting database refresh

2013/03/13 13:56:17 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        Stopping IP protection

2013/03/13 13:56:19 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        IP Protection stopped successfully

2013/03/13 13:56:22 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        Database refreshed successfully

2013/03/13 13:56:22 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        Starting IP protection

2013/03/13 13:56:29 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        IP Protection started successfully

2013/03/13 16:14:08 +0100        MAJDIAMENIELVIR        (null)        MESSAGE        Starting protection

2013/03/13 16:14:08 +0100        MAJDIAMENIELVIR        (null)        MESSAGE        Protection started successfully

2013/03/13 16:14:08 +0100        MAJDIAMENIELVIR        (null)        MESSAGE        Starting IP protection

2013/03/13 16:14:20 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        IP Protection started successfully

2013/03/13 16:47:00 +0100        MAJDIAMENIELVIR        majdi ameni elvira        IP-BLOCK        79.142.74.150 (Type: outgoing, Port: 51082, Process: firefox.exe)

2013/03/13 16:47:00 +0100        MAJDIAMENIELVIR        majdi ameni elvira        IP-BLOCK        79.142.74.150 (Type: outgoing, Port: 51084, Process: firefox.exe)

2013/03/13 16:47:08 +0100        MAJDIAMENIELVIR        majdi ameni elvira        IP-BLOCK        93.174.93.66 (Type: outgoing, Port: 51130, Process: flashplayerplugin_11_6_602_180.exe)

2013/03/13 16:47:08 +0100        MAJDIAMENIELVIR        majdi ameni elvira        IP-BLOCK        93.174.93.66 (Type: outgoing, Port: 51130, Process: flashplayerplugin_11_6_602_180.exe)

2013/03/13 16:47:08 +0100        MAJDIAMENIELVIR        majdi ameni elvira        IP-BLOCK        93.174.93.66 (Type: outgoing, Port: 51131, Process: flashplayerplugin_11_6_602_180.exe)

2013/03/13 16:47:08 +0100        MAJDIAMENIELVIR        majdi ameni elvira        IP-BLOCK        93.174.93.66 (Type: outgoing, Port: 51131, Process: flashplayerplugin_11_6_602_180.exe)

2013/03/13 16:47:08 +0100        MAJDIAMENIELVIR        majdi ameni elvira        IP-BLOCK        93.174.93.66 (Type: outgoing, Port: 51132, Process: flashplayerplugin_11_6_602_180.exe)

2013/03/13 16:47:08 +0100        MAJDIAMENIELVIR        majdi ameni elvira        IP-BLOCK        93.174.93.66 (Type: outgoing, Port: 51132, Process: flashplayerplugin_11_6_602_180.exe)

2013/03/13 18:29:08 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        Starting protection

2013/03/13 18:29:08 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        Protection started successfully

2013/03/13 18:29:08 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        Starting IP protection

2013/03/13 18:29:19 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        IP Protection started successfully

Code:

2013/03/14 00:48:45 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        Starting protection

2013/03/14 00:48:45 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        Protection started successfully

2013/03/14 00:48:45 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        Starting IP protection

2013/03/14 00:48:55 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        IP Protection started successfully

2013/03/14 01:32:49 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        Starting protection

2013/03/14 01:32:49 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        Protection started successfully

2013/03/14 01:32:49 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        Starting IP protection

2013/03/14 01:33:01 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        IP Protection started successfully

2013/03/14 13:09:31 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        Executing scheduled update:  Daily

2013/03/14 13:09:38 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        Starting protection

2013/03/14 13:09:38 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        Protection started successfully

2013/03/14 13:09:38 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        Starting IP protection

2013/03/14 13:09:50 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        IP Protection started successfully

2013/03/14 13:09:57 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        Starting database refresh

2013/03/14 13:09:57 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        Scheduled update executed successfully:  database updated from version v2013.03.13.07 to version v2013.03.14.06

2013/03/14 13:09:57 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        Stopping IP protection

2013/03/14 13:09:58 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        IP Protection stopped successfully

2013/03/14 13:10:00 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        Database refreshed successfully

2013/03/14 13:10:00 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        Starting IP protection

2013/03/14 13:10:07 +0100        MAJDIAMENIELVIR        majdi ameni elvira        MESSAGE        IP Protection started successfully

hoffe hab es jetzt richtig gemacht..

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Erstmal eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in CODE-Tags in den Thread.

Code:

OTL logfile created on: 14.03.2013 20:40:05 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\majdi ameni elvira\Downloads

64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

 

3,98 Gb Total Physical Memory | 2,68 Gb Available Physical Memory | 67,26% Memory free

7,96 Gb Paging File | 6,66 Gb Available in Paging File | 83,60% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 97,56 Gb Total Space | 56,33 Gb Free Space | 57,73% Space Free | Partition Type: NTFS

Drive D: | 368,10 Gb Total Space | 368,00 Gb Free Space | 99,97% Space Free | Partition Type: NTFS

 

Computer Name: MAJDIAMENIELVIR | User Name: majdi ameni elvira | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\majdi ameni elvira\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Users\majdi ameni elvira\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Google Inc.)

PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)

PRC - C:\PROGRA~2\TELEVI~2\bar\1.bin\64barsvc.exe (COMPANYVERS_NAME)

PRC - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brmon.exe (VER_COMPANY_NAME)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)

PRC - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)

PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll ()

MOD - C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll ()

MOD - C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll ()

MOD - C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\25.0.1364.152\ffmpegsumo.dll ()

MOD - C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.3.0\libglesv2.dll ()

MOD - C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.3.0\libegl.dll ()

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)

SRV - (TelevisionFanaticService) -- C:\PROGRA~2\TELEVI~2\bar\1.bin\64barsvc.exe (COMPANYVERS_NAME)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?st=6&barid={258AC3B4-38E1-11E2-8D52-802D4622B6AB}

IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10007&barid={258AC3B4-38E1-11E2-8D52-802D4622B6AB}

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^XP^xdm284^YY^de&ptb=9793F69C-12AB-4040-8A21-21C370963563&si=CMWkj4Ce_LQCFUmN3godwloAZQ

IE - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

IE - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 BB A3 4F 92 BA CD 01  [binary data]

IE - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000\..\URLSearchHook: {0696f815-a3a9-490a-bb14-9ec3350b1276} - No CLSID value found

IE - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files (x86)\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)

IE - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}

IE - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110824&tt=4712_1&babsrc=SP_ss_cr&mntrId=1839a315000000000000062737ac3dfd

IE - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb201/?search={searchTerms}&loc=IB_DS&a=6PQQWpXjtr&i=26

IE - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={258AC3B4-38E1-11E2-8D52-802D4622B6AB}

IE - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "My Web Search"

FF - prefs.js..browser.search.defaulturl: ""

FF - prefs.js..browser.search.selectedEngine: "My Web Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://home.mywebsearch.com/index.jhtml?ptb=9793F69C-12AB-4040-8A21-21C370963563&n=77fc20f8&p2=^XP^xdm284^YY^de&si=CMWkj4Ce_LQCFUmN3godwloAZQ"

FF - prefs.js..extensions.enabledAddons: ffxtlbr%40incredibar.com:1.5.0

FF - prefs.js..extensions.enabledAddons: %7BEEE6C361-6118-11DC-9C72-001320C79847%7D:1.9.0.0

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2

FF - prefs.js..keyword.URL: "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=9793F69C-12AB-4040-8A21-21C370963563&n=77fc20f8&ind=2013012216&p2=^XP^xdm284^YY^de&si=CMWkj4Ce_LQCFUmN3godwloAZQ&searchfor="

FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Search the web (Babylon)"

FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Search the web (Babylon)"

FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=110824&tt=4712_1&babsrc=HP_ss_cr&mntrId=1839a315000000000000062737ac3dfd"

FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""

 

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@TelevisionFanatic.com/Plugin: C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll (MindSpark)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\majdi ameni elvira\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\majdi ameni elvira\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\majdi ameni elvira\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

 

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\64ffxtbr@TelevisionFanatic.com: C:\Program Files (x86)\TelevisionFanatic\bar\1.bin [2013.01.22 16:05:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 16:02:30 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 16:02:30 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2012.10.04 04:58:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\Extensions

[2013.01.22 17:52:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\Firefox\Profiles\bo9166oc.default\extensions

[2013.01.22 16:05:14 | 000,000,000 | ---D | M] (TelevisionFanatic) -- C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\Firefox\Profiles\bo9166oc.default\extensions\64ffxtbr@TelevisionFanatic.com

[2012.11.27 01:15:19 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\Firefox\Profiles\bo9166oc.default\extensions\ffxtlbr@incredibar.com

[2012.10.21 12:46:43 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\Firefox\Profiles\bo9166oc.default\extensions\mail@gutscheinrausch.de

[2013.01.22 17:52:13 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\firefox\profiles\bo9166oc.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi

[2012.11.23 22:02:00 | 000,002,536 | ---- | M] () -- C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\firefox\profiles\bo9166oc.default\searchplugins\mngr.xml

[2013.01.22 16:05:22 | 000,009,631 | ---- | M] () -- C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\firefox\profiles\bo9166oc.default\searchplugins\my-web-search.xml

[2012.11.27 01:14:58 | 000,002,203 | ---- | M] () -- C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\firefox\profiles\bo9166oc.default\searchplugins\MyStart Search.xml

[2012.11.30 16:02:12 | 000,003,983 | ---- | M] () -- C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\firefox\profiles\bo9166oc.default\searchplugins\sweetim.xml

[2013.03.08 16:02:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2013.03.08 16:02:30 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2013.01.22 17:52:09 | 000,001,609 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-france.xml

[2012.11.23 22:01:38 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

[2012.09.06 02:54:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.12.05 23:23:43 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml

[2013.02.19 21:24:29 | 000,001,472 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-france.xml

[2013.01.22 17:52:09 | 000,001,399 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fr.xml

[2012.12.05 23:23:43 | 000,001,169 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-france.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: SweetIM Search (Enabled)

CHR - default_search_provider: search_url = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={258AC3B4-38E1-11E2-8D52-802D4622B6AB}

CHR - default_search_provider: suggest_url = 

CHR - homepage: hxxp://home.sweetim.com/?st=6&barid={258AC3B4-38E1-11E2-8D52-802D4622B6AB}

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll

CHR - plugin: Google Update (Enabled) = C:\Users\majdi ameni elvira\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - Extension: YouTube = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\

CHR - Extension: Google-Suche = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\

CHR - Extension: SweetIM for Facebook = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\

CHR - Extension: New tab for Chrome = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\

CHR - Extension: IncrediBar for Chrome = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\niogeckbkdcabhnapjbkeiklablhjoca\1.0.5_0\

CHR - Extension: SweetPacks Chrome Extension = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\

CHR - Extension: Google Mail = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

CHR - Extension: YouTube = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\

CHR - Extension: Google-Suche = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\

CHR - Extension: SweetIM for Facebook = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\

CHR - Extension: New tab for Chrome = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\

CHR - Extension: IncrediBar for Chrome = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\niogeckbkdcabhnapjbkeiklablhjoca\1.0.5_0\

CHR - Extension: SweetPacks Chrome Extension = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\

CHR - Extension: Google Mail = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

 

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)

O2 - BHO: (Search Assistant BHO) - {5d79f641-c168-40df-a32f-bacea7509e75} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll (MindSpark)

O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files (x86)\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)

O2 - BHO: (Toolbar BHO) - {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - C:\PROGRA~2\TELEVI~2\bar\1.bin\64bar.dll (MindSpark)

O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files (x86)\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)

O3 - HKLM\..\Toolbar: (TelevisionFanatic) - {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files (x86)\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)

O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)

O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)

O4 - HKLM..\Run: [TelevisionFanatic Browser Plugin Loader] C:\PROGRA~2\TELEVI~2\bar\1.bin\64brmon.exe (VER_COMPANY_NAME)

O4 - HKLM..\Run: [TelevisionFanatic Search Scope Monitor] "C:\PROGRA~2\TELEVI~2\bar\1.bin\64srchmn.exe" /m=2 /w /h File not found

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000..\Run: [Facebook Update] C:\Users\majdi ameni elvira\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E1F1FCF9-F9FF-4066-90F7-CD9D1F1AD570}: DhcpNameServer = 192.168.1.1

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{e34db5fb-0821-11e2-8f4c-988f091f419a}\Shell - "" = AutoRun

O33 - MountPoints2\{e34db5fb-0821-11e2-8f4c-988f091f419a}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\{e34db680-0821-11e2-8f4c-988f091f419a}\Shell - "" = AutoRun

O33 - MountPoints2\{e34db680-0821-11e2-8f4c-988f091f419a}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.03.13 15:35:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013.03.13 15:35:06 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2013.03.13 15:35:06 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2013.03.13 15:35:05 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2013.03.13 15:35:05 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2013.03.13 15:35:05 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013.03.13 15:35:05 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2013.03.13 15:35:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2013.03.13 15:35:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2013.03.13 15:35:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2013.03.13 15:35:04 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013.03.13 15:35:04 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013.03.13 15:35:02 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013.03.13 15:35:02 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013.03.13 15:35:02 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2013.03.13 00:28:56 | 000,000,000 | ---D | C] -- C:\Users\majdi ameni elvira\AppData\Roaming\Malwarebytes

[2013.03.13 00:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013.03.13 00:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013.03.13 00:28:33 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013.03.13 00:28:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013.03.13 00:28:12 | 000,000,000 | ---D | C] -- C:\Users\majdi ameni elvira\AppData\Local\Programs

[2013.03.12 23:51:33 | 000,000,000 | -H-D | C] -- C:\Users\majdi ameni elvira\AppData\Roaming\3EE0BCD6

[2013.03.12 23:50:02 | 000,000,000 | ---D | C] -- C:\Users\majdi ameni elvira\Sbblisr

[2013.03.12 12:35:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0

[2013.03.12 12:32:36 | 000,000,000 | ---D | C] -- C:\Users\majdi ameni elvira\AppData\Roaming\U3

[2013.03.12 11:51:26 | 000,000,000 | ---D | C] -- C:\Users\majdi ameni elvira\Desktop\musik neu

[2013.03.11 15:02:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AskTBar

[2013.03.08 16:02:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013.03.01 20:53:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

[2013.02.13 13:53:49 | 005,500,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2013.02.13 13:53:45 | 003,957,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2013.02.13 13:53:44 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2013.02.13 13:53:28 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll

[2013.02.13 13:53:28 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll

[2013.02.13 13:53:27 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll

[2013.02.13 13:53:27 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe

[2013.02.13 13:53:27 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll

[2013.02.13 13:53:27 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll

[2013.02.13 13:53:27 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2013.02.13 13:53:27 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll

[2013.02.13 13:53:27 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2013.02.13 13:53:27 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll

[2013.02.13 13:53:27 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2013.02.13 13:53:27 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2013.02.13 13:53:27 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll

[2013.02.13 13:53:27 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2013.02.13 13:53:27 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll

[2013.02.13 13:53:27 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2013.02.13 13:53:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2013.02.13 13:53:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll

[2013.02.13 13:53:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2013.02.13 13:53:27 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll

[2013.02.13 13:53:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2013.02.13 13:53:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll

[2013.02.13 13:53:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2013.02.13 13:53:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll

[2013.02.13 13:53:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2013.02.13 13:53:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2013.02.13 13:53:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll

[2013.02.13 13:53:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2013.02.13 13:53:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll

[2013.02.13 13:53:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2013.02.13 13:53:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll

[2013.02.13 13:53:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2013.02.13 13:53:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll

[2013.02.13 13:53:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2013.02.13 13:53:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll

[2013.02.13 13:53:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll

[2013.02.13 13:53:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2013.02.13 13:53:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll

[2013.02.13 13:53:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2013.02.13 13:53:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll

[2013.02.13 13:53:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2013.02.13 13:53:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2013.02.13 13:53:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll

[2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll

[2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll

[2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll

[2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll

[2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll

[2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll

[2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll

[2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll

[2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll

[2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll

[2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll

[2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll

[2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2013.02.13 13:53:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll

[2013.02.13 13:53:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2013.02.13 13:53:25 | 000,287,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.03.14 20:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013.03.14 20:01:49 | 000,002,395 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\Google Chrome.lnk

[2013.03.14 20:01:49 | 000,001,172 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3828282979-3244811858-1549132693-1000UA.job

[2013.03.14 19:56:01 | 000,000,980 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3828282979-3244811858-1549132693-1000UA.job

[2013.03.14 19:50:01 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013.03.14 19:23:15 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013.03.14 19:23:15 | 000,641,706 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2013.03.14 19:23:15 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013.03.14 19:23:15 | 000,126,062 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2013.03.14 19:23:15 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013.03.14 19:21:04 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013.03.14 19:21:04 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013.03.14 19:16:03 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013.03.14 19:15:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.03.14 19:15:50 | 3206,959,104 | -HS- | M] () -- C:\hiberfil.sys

[2013.03.14 01:00:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3828282979-3244811858-1549132693-1000Core.job

[2013.03.13 14:38:22 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013.03.13 14:38:22 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013.03.11 22:56:00 | 000,000,958 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3828282979-3244811858-1549132693-1000Core.job

[2013.03.11 22:32:35 | 000,095,176 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\602166_574832465874756_198468293_n.jpg

[2013.03.10 01:01:37 | 000,934,836 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\attachment.php.jpg

[2013.03.09 10:18:49 | 000,091,328 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\702889_571393502887170_527173581_n.jpg

[2013.03.09 10:18:31 | 000,139,126 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\702923_571393476220506_597571333_n.jpg

[2013.03.08 18:10:22 | 000,017,927 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\601592_570957746249165_1027927645_n.jpg

[2013.03.08 18:09:49 | 000,040,828 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\734632_571303722881234_1523163912_n.jpg

[2013.03.08 16:01:13 | 000,031,133 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\577996_10151559285256614_1219465472_n.jpg

[2013.03.07 16:29:46 | 000,057,079 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\65547_346293635492142_879126177_n.jpg

[2013.02.28 23:03:42 | 000,071,558 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\803380_608383912521462_350012141_n.jpg

[2013.02.28 23:02:57 | 000,067,753 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\730621_609338392426014_1849945632_n.jpg

[2013.02.28 23:02:46 | 000,024,753 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\730599_609328659093654_2139714039_n.jpg

[2013.02.28 13:11:10 | 000,306,636 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\859076_316425691793924_261292111_o.jpg

[2013.02.26 19:13:19 | 000,096,306 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\480151_610010319025863_232090152_n.jpg

[2013.02.26 19:12:50 | 000,074,640 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\524955_610019829024912_1986722450_n.jpg

[2013.02.26 19:10:46 | 000,034,721 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\485047_611786715514890_1200217643_n.jpg

[2013.02.26 15:28:23 | 000,037,588 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\285260_10151585540105209_864790281_n.jpg

[2013.02.26 15:09:38 | 000,011,837 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\430935_315873545195684_1097459838_n.jpg

[2013.02.25 19:59:10 | 000,017,239 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\317977_521838064503053_417561600_n.jpg

[2013.02.22 16:28:23 | 000,031,910 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\559878_339374372850735_142926935_n.jpg

[2013.02.16 16:55:38 | 000,045,322 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\21681_564067023617967_207603175_n.jpg

[2013.02.16 14:01:42 | 000,164,096 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\1-2-_-Milupa_Ernaehrungsplaene_Beikost.png

[2013.02.13 17:22:47 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

 
 ========== Files Created - No Company Name ==========

 

[2013.03.11 22:32:33 | 000,095,176 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\602166_574832465874756_198468293_n.jpg

[2013.03.10 01:01:34 | 000,934,836 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\attachment.php.jpg

[2013.03.09 10:18:48 | 000,091,328 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\702889_571393502887170_527173581_n.jpg

[2013.03.09 10:18:30 | 000,139,126 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\702923_571393476220506_597571333_n.jpg

[2013.03.08 18:10:21 | 000,017,927 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\601592_570957746249165_1027927645_n.jpg

[2013.03.08 18:09:47 | 000,040,828 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\734632_571303722881234_1523163912_n.jpg

[2013.03.08 15:59:57 | 000,031,133 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\577996_10151559285256614_1219465472_n.jpg

[2013.03.07 16:29:44 | 000,057,079 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\65547_346293635492142_879126177_n.jpg

[2013.02.28 23:03:41 | 000,071,558 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\803380_608383912521462_350012141_n.jpg

[2013.02.28 23:02:56 | 000,067,753 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\730621_609338392426014_1849945632_n.jpg

[2013.02.28 23:02:45 | 000,024,753 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\730599_609328659093654_2139714039_n.jpg

[2013.02.28 13:11:09 | 000,306,636 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\859076_316425691793924_261292111_o.jpg

[2013.02.26 19:13:17 | 000,096,306 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\480151_610010319025863_232090152_n.jpg

[2013.02.26 19:12:49 | 000,074,640 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\524955_610019829024912_1986722450_n.jpg

[2013.02.26 19:10:46 | 000,034,721 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\485047_611786715514890_1200217643_n.jpg

[2013.02.26 15:28:22 | 000,037,588 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\285260_10151585540105209_864790281_n.jpg

[2013.02.26 15:09:36 | 000,011,837 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\430935_315873545195684_1097459838_n.jpg

[2013.02.25 19:59:09 | 000,017,239 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\317977_521838064503053_417561600_n.jpg

[2013.02.22 16:28:22 | 000,031,910 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\559878_339374372850735_142926935_n.jpg

[2013.02.16 16:55:36 | 000,045,322 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\21681_564067023617967_207603175_n.jpg

[2013.02.16 14:01:41 | 000,164,096 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\1-2-_-Milupa_Ernaehrungsplaene_Beikost.png

[2012.10.29 18:23:43 | 000,003,584 | ---- | C] () -- C:\Users\majdi ameni elvira\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== LOP Check ==========

 

[2013.03.13 00:30:09 | 000,000,000 | -H-D | M] -- C:\Users\majdi ameni elvira\AppData\Roaming\3EE0BCD6

[2012.11.23 22:01:22 | 000,000,000 | ---D | M] -- C:\Users\majdi ameni elvira\AppData\Roaming\Babylon

[2012.12.18 21:11:58 | 000,000,000 | ---D | M] -- C:\Users\majdi ameni elvira\AppData\Roaming\GoforFiles

[2012.11.23 22:02:17 | 000,000,000 | ---D | M] -- C:\Users\majdi ameni elvira\AppData\Roaming\MediaPlayerPackages

[2012.10.21 12:46:38 | 000,000,000 | ---D | M] -- C:\Users\majdi ameni elvira\AppData\Roaming\OpenCandy

[2012.11.15 10:59:34 | 000,000,000 | ---D | M] -- C:\Users\majdi ameni elvira\AppData\Roaming\OpenOffice.org

 
 ========== Purity Check ==========

 

 
 

< End of report >

Code:

OTL Extras logfile created on: 14.03.2013 20:40:05 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\majdi ameni elvira\Downloads

64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

 

3,98 Gb Total Physical Memory | 2,68 Gb Available Physical Memory | 67,26% Memory free

7,96 Gb Paging File | 6,66 Gb Available in Paging File | 83,60% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 97,56 Gb Total Space | 56,33 Gb Free Space | 57,73% Space Free | Partition Type: NTFS

Drive D: | 368,10 Gb Total Space | 368,00 Gb Free Space | 99,97% Space Free | Partition Type: NTFS

 

Computer Name: MAJDIAMENIELVIR | User Name: majdi ameni elvira | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-3828282979-3244811858-1549132693-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1D6BD56B-541C-4D5D-9C61-14D0370DFB64}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe | 

"{28EB52E5-F894-40AE-9BCA-471099896575}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 

"{349FBD90-4322-4D18-963E-D4DF001EFA2C}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 

"{38A045C7-ADA3-4C12-9504-8F141A7026BF}" = dir=in | app=c:\users\majdi ameni elvira\appdata\local\facebook\video\skype\facebookvideocalling.exe | 

"{5BC526C7-B5DB-432B-A739-ABEDBCFF334E}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe | 

"{606A77EF-0CA3-4289-A55B-B788A6F25DC8}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 

"{76AEAD72-3658-446A-A037-30FD44B96620}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 

"{7A301976-C47F-46CF-B435-9B8CFC6D618D}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 

"{82A7328E-9E33-4F50-814E-53D66BB6BA0B}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 

"{96DD81E1-F78D-4D0E-86F7-BB011A5A5E3D}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe | 

"{9815E4D5-1CBF-4579-A788-6514EDC1717F}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 

"{CA7AF6D9-D4CE-4DE9-8F84-2CC704E7033C}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe | 

"{CAA89A70-CF66-45D7-A00A-42650BCD620E}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 

"{D8C28A7B-7284-411C-AEBB-DD48052AAAFF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{F18B3906-C0D2-4096-987D-C0D88A3177F4}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.2

"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7

"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Atheros WiFi Driver Installation

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1031-7B44-A70800000002}" = Adobe Reader 7.0.8 - Deutsch

"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287

"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"AskTBar Uninstall" = Ask Toolbar

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100

"McAfee Security Scan" = McAfee Security Scan Plus

"Mozilla Firefox 19.0.2 (x86 fr)" = Mozilla Firefox 19.0.2 (x86 fr)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"TelevisionFanaticbar Uninstall" = TelevisionFanatic Toolbar

"VLC media player" = VLC media player 2.0.2

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-3828282979-3244811858-1549132693-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 08.02.2013 17:52:06 | Computer Name = majdiamenielvir | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: FacebookVideoCalling.exe, Version:

 1.2.0.287, Zeitstempel: 0x50775885  Name des fehlerhaften Moduls: KERNELBASE.dll,

 Version: 6.1.7600.17135, Zeitstempel: 0x506dbfdc  Ausnahmecode: 0xe0fafafa  Fehleroffset:

 0x0000c41f  ID des fehlerhaften Prozesses: 0xb84  Startzeit der fehlerhaften Anwendung:

 0x01ce0645f17f90b4  Pfad der fehlerhaften Anwendung: C:\Users\majdi ameni elvira\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe

Pfad

 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: c75e5bbd-7239-11e2-8d2e-de7767612da7

 

Error - 08.02.2013 17:57:52 | Computer Name = majdiamenielvir | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: FacebookVideoCalling.exe, Version:

 1.2.0.287, Zeitstempel: 0x50775885  Name des fehlerhaften Moduls: KERNELBASE.dll,

 Version: 6.1.7600.17135, Zeitstempel: 0x506dbfdc  Ausnahmecode: 0xe0fafafa  Fehleroffset:

 0x0000c41f  ID des fehlerhaften Prozesses: 0xb98  Startzeit der fehlerhaften Anwendung:

 0x01ce0646901c26f0  Pfad der fehlerhaften Anwendung: C:\Users\majdi ameni elvira\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe

Pfad

 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 95906d96-723a-11e2-8d2e-de7767612da7

 

Error - 25.02.2013 16:52:13 | Computer Name = majdiamenielvir | Source = Application Hang | ID = 1002

Description = Programm DllHost.exe, Version 6.1.7600.16385 kann nicht mehr unter

 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 

in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem

 zu suchen.    Prozess-ID: 1920    Startzeit: 01ce1399ec75c49f    Endzeit: 10    Anwendungspfad:

 C:\Windows\system32\DllHost.exe    Berichts-ID: 388d1c94-7f8d-11e2-8caf-8b2fce9311a8
 

 

Error - 25.02.2013 16:52:26 | Computer Name = majdiamenielvir | Source = Application Hang | ID = 1002

Description = Programm Explorer.EXE, Version 6.1.7600.16450 kann nicht mehr unter

 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 

in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem

 zu suchen.    Prozess-ID: 668    Startzeit: 01ce139364636a9a    Endzeit: 20    Anwendungspfad: 

C:\Windows\Explorer.EXE    Berichts-ID: 41649a85-7f8d-11e2-8caf-8b2fce9311a8  

 

Error - 25.02.2013 16:52:57 | Computer Name = majdiamenielvir | Source = Application Hang | ID = 1002

Description = Programm explorer.exe, Version 6.1.7600.16450 kann nicht mehr unter

 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 

in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem

 zu suchen.    Prozess-ID: 1acc    Startzeit: 01ce139a04c5787d    Endzeit: 3020    Anwendungspfad:

 C:\Windows\explorer.exe    Berichts-ID: 4ef3fbaa-7f8d-11e2-8caf-8b2fce9311a8  

 

Error - 05.03.2013 18:01:29 | Computer Name = majdiamenielvir | Source = Chrome | ID = 1

Description = 

 

Error - 12.03.2013 08:43:39 | Computer Name = majdiamenielvir | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: FacebookVideoCalling.exe, Version:

 1.2.0.287, Zeitstempel: 0x50775885  Name des fehlerhaften Moduls: KERNELBASE.dll,

 Version: 6.1.7600.17206, Zeitstempel: 0x50e6605e  Ausnahmecode: 0xe0fafafa  Fehleroffset:

 0x0000c41f  ID des fehlerhaften Prozesses: 0x4d0  Startzeit der fehlerhaften Anwendung:

 0x01ce1f1f0e5021a7  Pfad der fehlerhaften Anwendung: C:\Users\majdi ameni elvira\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe

Pfad

 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 768cbe7b-8b12-11e2-b6b9-ab9e5c5430a9

 

Error - 12.03.2013 18:55:42 | Computer Name = majdiamenielvir | Source = Application Hang | ID = 1002

Description = Programm firefox.exe, Version 19.0.2.4814 kann nicht mehr unter Windows

 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,

 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: ad4    Startzeit: 

01ce1f7028ff035c    Endzeit: 31    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 

Berichts-ID:

 f5580a3d-8b67-11e2-a2cc-cb62ab0383ab  

 

Error - 12.03.2013 19:08:28 | Computer Name = majdiamenielvir | Source = Application Hang | ID = 1002

Description = Programm firefox.exe, Version 19.0.2.4814 kann nicht mehr unter Windows

 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,

 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: b70    Startzeit: 

01ce1f7535005901    Endzeit: 10    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 

Berichts-ID:

 bba91a84-8b69-11e2-a7dd-f67d08d425ab  

 

Error - 13.03.2013 11:42:51 | Computer Name = majdiamenielvir | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: FacebookVideoCalling.exe, Version:

 1.2.0.287, Zeitstempel: 0x50775885  Name des fehlerhaften Moduls: KERNELBASE.dll,

 Version: 6.1.7600.17206, Zeitstempel: 0x50e6605e  Ausnahmecode: 0xe0fafafa  Fehleroffset:

 0x0000c41f  ID des fehlerhaften Prozesses: 0x438  Startzeit der fehlerhaften Anwendung:

 0x01ce2000c9e8bb70  Pfad der fehlerhaften Anwendung: C:\Users\majdi ameni elvira\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe

Pfad

 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: a95494b6-8bf4-11e2-b58a-c39e10f6aab1

 

[ System Events ]

Error - 05.03.2013 12:51:41 | Computer Name = majdiamenielvir | Source = BTHUSB | ID = 327697

Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen

 und wird nicht verwendet. Der Treiber wurde entladen.

 

Error - 05.03.2013 15:35:05 | Computer Name = majdiamenielvir | Source = BTHUSB | ID = 327697

Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen

 und wird nicht verwendet. Der Treiber wurde entladen.

 

Error - 06.03.2013 10:03:53 | Computer Name = majdiamenielvir | Source = BTHUSB | ID = 327697

Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen

 und wird nicht verwendet. Der Treiber wurde entladen.

 

Error - 06.03.2013 12:46:16 | Computer Name = majdiamenielvir | Source = BTHUSB | ID = 327697

Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen

 und wird nicht verwendet. Der Treiber wurde entladen.

 

Error - 07.03.2013 08:35:13 | Computer Name = majdiamenielvir | Source = BTHUSB | ID = 327697

Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen

 und wird nicht verwendet. Der Treiber wurde entladen.

 

Error - 07.03.2013 13:30:15 | Computer Name = majdiamenielvir | Source = BTHUSB | ID = 327697

Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen

 und wird nicht verwendet. Der Treiber wurde entladen.

 

Error - 08.03.2013 08:31:15 | Computer Name = majdiamenielvir | Source = BTHUSB | ID = 327697

Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen

 und wird nicht verwendet. Der Treiber wurde entladen.

 

Error - 08.03.2013 10:50:14 | Computer Name = majdiamenielvir | Source = BTHUSB | ID = 327697

Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen

 und wird nicht verwendet. Der Treiber wurde entladen.

 

Error - 08.03.2013 12:52:33 | Computer Name = majdiamenielvir | Source = BTHUSB | ID = 327697

Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen

 und wird nicht verwendet. Der Treiber wurde entladen.

 

Error - 08.03.2013 19:50:25 | Computer Name = majdiamenielvir | Source = BTHUSB | ID = 327697

Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen

 und wird nicht verwendet. Der Treiber wurde entladen.

 

 

< End of report >

Code:

OTL Extras logfile created on: 14.03.2013 20:40:05 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\majdi ameni elvira\Downloads

64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

 

3,98 Gb Total Physical Memory | 2,68 Gb Available Physical Memory | 67,26% Memory free

7,96 Gb Paging File | 6,66 Gb Available in Paging File | 83,60% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 97,56 Gb Total Space | 56,33 Gb Free Space | 57,73% Space Free | Partition Type: NTFS

Drive D: | 368,10 Gb Total Space | 368,00 Gb Free Space | 99,97% Space Free | Partition Type: NTFS

 

Computer Name: MAJDIAMENIELVIR | User Name: majdi ameni elvira | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-3828282979-3244811858-1549132693-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1D6BD56B-541C-4D5D-9C61-14D0370DFB64}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe | 

"{28EB52E5-F894-40AE-9BCA-471099896575}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 

"{349FBD90-4322-4D18-963E-D4DF001EFA2C}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 

"{38A045C7-ADA3-4C12-9504-8F141A7026BF}" = dir=in | app=c:\users\majdi ameni elvira\appdata\local\facebook\video\skype\facebookvideocalling.exe | 

"{5BC526C7-B5DB-432B-A739-ABEDBCFF334E}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe | 

"{606A77EF-0CA3-4289-A55B-B788A6F25DC8}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 

"{76AEAD72-3658-446A-A037-30FD44B96620}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 

"{7A301976-C47F-46CF-B435-9B8CFC6D618D}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 

"{82A7328E-9E33-4F50-814E-53D66BB6BA0B}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 

"{96DD81E1-F78D-4D0E-86F7-BB011A5A5E3D}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe | 

"{9815E4D5-1CBF-4579-A788-6514EDC1717F}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 

"{CA7AF6D9-D4CE-4DE9-8F84-2CC704E7033C}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe | 

"{CAA89A70-CF66-45D7-A00A-42650BCD620E}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 

"{D8C28A7B-7284-411C-AEBB-DD48052AAAFF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{F18B3906-C0D2-4096-987D-C0D88A3177F4}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.2

"{7683B745-6060-41FD-AA75-0BBB383FEAD4}" = SweetIM for Messenger 3.7

"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Atheros WiFi Driver Installation

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1031-7B44-A70800000002}" = Adobe Reader 7.0.8 - Deutsch

"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287

"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"AskTBar Uninstall" = Ask Toolbar

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100

"McAfee Security Scan" = McAfee Security Scan Plus

"Mozilla Firefox 19.0.2 (x86 fr)" = Mozilla Firefox 19.0.2 (x86 fr)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"TelevisionFanaticbar Uninstall" = TelevisionFanatic Toolbar

"VLC media player" = VLC media player 2.0.2

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-3828282979-3244811858-1549132693-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 08.02.2013 17:52:06 | Computer Name = majdiamenielvir | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: FacebookVideoCalling.exe, Version:

 1.2.0.287, Zeitstempel: 0x50775885  Name des fehlerhaften Moduls: KERNELBASE.dll,

 Version: 6.1.7600.17135, Zeitstempel: 0x506dbfdc  Ausnahmecode: 0xe0fafafa  Fehleroffset:

 0x0000c41f  ID des fehlerhaften Prozesses: 0xb84  Startzeit der fehlerhaften Anwendung:

 0x01ce0645f17f90b4  Pfad der fehlerhaften Anwendung: C:\Users\majdi ameni elvira\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe

Pfad

 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: c75e5bbd-7239-11e2-8d2e-de7767612da7

 

Error - 08.02.2013 17:57:52 | Computer Name = majdiamenielvir | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: FacebookVideoCalling.exe, Version:

 1.2.0.287, Zeitstempel: 0x50775885  Name des fehlerhaften Moduls: KERNELBASE.dll,

 Version: 6.1.7600.17135, Zeitstempel: 0x506dbfdc  Ausnahmecode: 0xe0fafafa  Fehleroffset:

 0x0000c41f  ID des fehlerhaften Prozesses: 0xb98  Startzeit der fehlerhaften Anwendung:

 0x01ce0646901c26f0  Pfad der fehlerhaften Anwendung: C:\Users\majdi ameni elvira\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe

Pfad

 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 95906d96-723a-11e2-8d2e-de7767612da7

 

Error - 25.02.2013 16:52:13 | Computer Name = majdiamenielvir | Source = Application Hang | ID = 1002

Description = Programm DllHost.exe, Version 6.1.7600.16385 kann nicht mehr unter

 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 

in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem

 zu suchen.    Prozess-ID: 1920    Startzeit: 01ce1399ec75c49f    Endzeit: 10    Anwendungspfad:

 C:\Windows\system32\DllHost.exe    Berichts-ID: 388d1c94-7f8d-11e2-8caf-8b2fce9311a8
 

 

Error - 25.02.2013 16:52:26 | Computer Name = majdiamenielvir | Source = Application Hang | ID = 1002

Description = Programm Explorer.EXE, Version 6.1.7600.16450 kann nicht mehr unter

 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 

in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem

 zu suchen.    Prozess-ID: 668    Startzeit: 01ce139364636a9a    Endzeit: 20    Anwendungspfad: 

C:\Windows\Explorer.EXE    Berichts-ID: 41649a85-7f8d-11e2-8caf-8b2fce9311a8  

 

Error - 25.02.2013 16:52:57 | Computer Name = majdiamenielvir | Source = Application Hang | ID = 1002

Description = Programm explorer.exe, Version 6.1.7600.16450 kann nicht mehr unter

 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 

in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem

 zu suchen.    Prozess-ID: 1acc    Startzeit: 01ce139a04c5787d    Endzeit: 3020    Anwendungspfad:

 C:\Windows\explorer.exe    Berichts-ID: 4ef3fbaa-7f8d-11e2-8caf-8b2fce9311a8  

 

Error - 05.03.2013 18:01:29 | Computer Name = majdiamenielvir | Source = Chrome | ID = 1

Description = 

 

Error - 12.03.2013 08:43:39 | Computer Name = majdiamenielvir | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: FacebookVideoCalling.exe, Version:

 1.2.0.287, Zeitstempel: 0x50775885  Name des fehlerhaften Moduls: KERNELBASE.dll,

 Version: 6.1.7600.17206, Zeitstempel: 0x50e6605e  Ausnahmecode: 0xe0fafafa  Fehleroffset:

 0x0000c41f  ID des fehlerhaften Prozesses: 0x4d0  Startzeit der fehlerhaften Anwendung:

 0x01ce1f1f0e5021a7  Pfad der fehlerhaften Anwendung: C:\Users\majdi ameni elvira\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe

Pfad

 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 768cbe7b-8b12-11e2-b6b9-ab9e5c5430a9

 

Error - 12.03.2013 18:55:42 | Computer Name = majdiamenielvir | Source = Application Hang | ID = 1002

Description = Programm firefox.exe, Version 19.0.2.4814 kann nicht mehr unter Windows

 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,

 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: ad4    Startzeit: 

01ce1f7028ff035c    Endzeit: 31    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 

Berichts-ID:

 f5580a3d-8b67-11e2-a2cc-cb62ab0383ab  

 

Error - 12.03.2013 19:08:28 | Computer Name = majdiamenielvir | Source = Application Hang | ID = 1002

Description = Programm firefox.exe, Version 19.0.2.4814 kann nicht mehr unter Windows

 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,

 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: b70    Startzeit: 

01ce1f7535005901    Endzeit: 10    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 

Berichts-ID:

 bba91a84-8b69-11e2-a7dd-f67d08d425ab  

 

Error - 13.03.2013 11:42:51 | Computer Name = majdiamenielvir | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: FacebookVideoCalling.exe, Version:

 1.2.0.287, Zeitstempel: 0x50775885  Name des fehlerhaften Moduls: KERNELBASE.dll,

 Version: 6.1.7600.17206, Zeitstempel: 0x50e6605e  Ausnahmecode: 0xe0fafafa  Fehleroffset:

 0x0000c41f  ID des fehlerhaften Prozesses: 0x438  Startzeit der fehlerhaften Anwendung:

 0x01ce2000c9e8bb70  Pfad der fehlerhaften Anwendung: C:\Users\majdi ameni elvira\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe

Pfad

 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: a95494b6-8bf4-11e2-b58a-c39e10f6aab1

 

[ System Events ]

Error - 05.03.2013 12:51:41 | Computer Name = majdiamenielvir | Source = BTHUSB | ID = 327697

Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen

 und wird nicht verwendet. Der Treiber wurde entladen.

 

Error - 05.03.2013 15:35:05 | Computer Name = majdiamenielvir | Source = BTHUSB | ID = 327697

Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen

 und wird nicht verwendet. Der Treiber wurde entladen.

 

Error - 06.03.2013 10:03:53 | Computer Name = majdiamenielvir | Source = BTHUSB | ID = 327697

Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen

 und wird nicht verwendet. Der Treiber wurde entladen.

 

Error - 06.03.2013 12:46:16 | Computer Name = majdiamenielvir | Source = BTHUSB | ID = 327697

Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen

 und wird nicht verwendet. Der Treiber wurde entladen.

 

Error - 07.03.2013 08:35:13 | Computer Name = majdiamenielvir | Source = BTHUSB | ID = 327697

Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen

 und wird nicht verwendet. Der Treiber wurde entladen.

 

Error - 07.03.2013 13:30:15 | Computer Name = majdiamenielvir | Source = BTHUSB | ID = 327697

Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen

 und wird nicht verwendet. Der Treiber wurde entladen.

 

Error - 08.03.2013 08:31:15 | Computer Name = majdiamenielvir | Source = BTHUSB | ID = 327697

Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen

 und wird nicht verwendet. Der Treiber wurde entladen.

 

Error - 08.03.2013 10:50:14 | Computer Name = majdiamenielvir | Source = BTHUSB | ID = 327697

Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen

 und wird nicht verwendet. Der Treiber wurde entladen.

 

Error - 08.03.2013 12:52:33 | Computer Name = majdiamenielvir | Source = BTHUSB | ID = 327697

Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen

 und wird nicht verwendet. Der Treiber wurde entladen.

 

Error - 08.03.2013 19:50:25 | Computer Name = majdiamenielvir | Source = BTHUSB | ID = 327697

Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen

 und wird nicht verwendet. Der Treiber wurde entladen.

 

 

< End of report >

Zitat:

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Warum bitte eine Ultimate Edition für Windows?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?

Nein..ich hab keine ahnung was ich da für ne edition drauf habe.. ich hatte nur mal probleme mit dem pc weil die ganze zeit internetseiten mit werbeanzeigen aufgingen, so ziemlich jede 2 sekunden ne neue und dann hat der freund von meinem mann den pc zu sich genommen und das problem behoben..naj was er genau gemacht hat weiß ich nicht theoretisch wollte ich den pc plattmachen aber als ich ihn gekauft hab ( glaub ca vor 9 monaten) war keine windows cd dabei...und desshalb haben wir ihm unserem kollegen gegeben

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

GMER herunter: (Dateiname zufällig)

Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?

Unbedingt auf "No" klicken.
Entferne rechts den Haken bei: IAT/EAT und Show All
Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
Starte den Scan mit "Scan".
Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Tauchen Probleme auf?

Probiere alternativ den abgesicherten Modus.
Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.

Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Code:

GMER 2.1.19155 - hxxp://www.gmer.net

Rootkit scan 2013-03-16 17:14:20

Windows 6.1.7600  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS547550A9E384 rev.JE3OA50B 465,76GB

Running: gmer_2.1.19155.exe; Driver: C:\Users\MAJDIA~1\AppData\Local\Temp\ugwyapog.sys
 
 

---- User code sections - GMER 2.1 ----
 

.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                   0000000076081465 2 bytes [08, 76]

.text   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe[1592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  00000000760814bb 2 bytes [08, 76]

.text   ...                                                                                                                                               * 2

.text   C:\Program Files (x86)\Skype\Phone\Skype.exe[1320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                        0000000076081465 2 bytes [08, 76]

.text   C:\Program Files (x86)\Skype\Phone\Skype.exe[1320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                       00000000760814bb 2 bytes [08, 76]

.text   ...                                                                                                                                               * 2

.text   C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[2136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69             0000000076081465 2 bytes [08, 76]

.text   C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe[2136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155            00000000760814bb 2 bytes [08, 76]

.text   ...                                                                                                                                               * 2

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2628] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69      0000000076081465 2 bytes [08, 76]

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2628] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155     00000000760814bb 2 bytes [08, 76]

.text   ...                                                                                                                                               * 2

?       C:\Windows\system32\mssprxy.dll [2628] entry point in ".rdata" section                                                                            00000000746a71e6

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2072] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5     0000000077c0f941 7 bytes {MOV EDX, 0xea5e28; JMP RDX}

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2072] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5          0000000077c0fb85 7 bytes {MOV EDX, 0xea5e68; JMP RDX}

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2072] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5              0000000077c0fbb5 7 bytes {MOV EDX, 0xea5da8; JMP RDX}

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2072] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5       0000000077c0fbcd 7 bytes {MOV EDX, 0xea5d28; JMP RDX}

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2072] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5         0000000077c0fbe5 7 bytes {MOV EDX, 0xea5f28; JMP RDX}

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2072] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5       0000000077c0fc15 7 bytes {MOV EDX, 0xea5f68; JMP RDX}

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2072] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5        0000000077c0fc95 7 bytes {MOV EDX, 0xea5ee8; JMP RDX}

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2072] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5       0000000077c0fcad 7 bytes {MOV EDX, 0xea5ea8; JMP RDX}

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2072] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                 0000000077c0fcf9 7 bytes {MOV EDX, 0xea5c68; JMP RDX}

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2072] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5      0000000077c0fdf1 7 bytes {MOV EDX, 0xea5ca8; JMP RDX}

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2072] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5               0000000077c10049 7 bytes {MOV EDX, 0xea5c28; JMP RDX}

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2072] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5         0000000077c11055 7 bytes {MOV EDX, 0xea5de8; JMP RDX}

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2072] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5               0000000077c110cd 7 bytes {MOV EDX, 0xea5d68; JMP RDX}

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2072] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5  0000000077c112d1 7 bytes {MOV EDX, 0xea5ce8; JMP RDX}

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69      0000000076081465 2 bytes [08, 76]

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155     00000000760814bb 2 bytes [08, 76]

.text   ...                                                                                                                                               * 2

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69      0000000076081465 2 bytes [08, 76]

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155     00000000760814bb 2 bytes [08, 76]

.text   ...                                                                                                                                               * 2

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5     0000000077c0f941 7 bytes {MOV EDX, 0x99228; JMP RDX}

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5          0000000077c0fb85 7 bytes {MOV EDX, 0x99268; JMP RDX}

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5              0000000077c0fbb5 7 bytes {MOV EDX, 0x991a8; JMP RDX}

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5       0000000077c0fbcd 7 bytes {MOV EDX, 0x99128; JMP RDX}

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5         0000000077c0fbe5 7 bytes {MOV EDX, 0x99328; JMP RDX}

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5       0000000077c0fc15 7 bytes {MOV EDX, 0x99368; JMP RDX}

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5        0000000077c0fc95 7 bytes {MOV EDX, 0x992e8; JMP RDX}

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5       0000000077c0fcad 7 bytes {MOV EDX, 0x992a8; JMP RDX}

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                 0000000077c0fcf9 7 bytes {MOV EDX, 0x99068; JMP RDX}

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5      0000000077c0fdf1 7 bytes {MOV EDX, 0x990a8; JMP RDX}

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5               0000000077c10049 7 bytes {MOV EDX, 0x99028; JMP RDX}

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5         0000000077c11055 7 bytes {MOV EDX, 0x991e8; JMP RDX}

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5               0000000077c110cd 7 bytes {MOV EDX, 0x99168; JMP RDX}

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2908] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5  0000000077c112d1 7 bytes {MOV EDX, 0x990e8; JMP RDX}

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69      0000000076081465 2 bytes [08, 76]

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[2908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155     00000000760814bb 2 bytes [08, 76]

.text   ...                                                                                                                                               * 2

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5     0000000077c0f941 7 bytes {MOV EDX, 0x8b8628; JMP RDX}

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5          0000000077c0fb85 7 bytes {MOV EDX, 0x8b8668; JMP RDX}

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5              0000000077c0fbb5 7 bytes {MOV EDX, 0x8b85a8; JMP RDX}

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5       0000000077c0fbcd 7 bytes {MOV EDX, 0x8b8528; JMP RDX}

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5         0000000077c0fbe5 7 bytes {MOV EDX, 0x8b8728; JMP RDX}

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5       0000000077c0fc15 7 bytes {MOV EDX, 0x8b8768; JMP RDX}

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5        0000000077c0fc95 7 bytes {MOV EDX, 0x8b86e8; JMP RDX}

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5       0000000077c0fcad 7 bytes {MOV EDX, 0x8b86a8; JMP RDX}

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5                 0000000077c0fcf9 7 bytes {MOV EDX, 0x8b8468; JMP RDX}

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5      0000000077c0fdf1 7 bytes {MOV EDX, 0x8b84a8; JMP RDX}

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5               0000000077c10049 7 bytes {MOV EDX, 0x8b8428; JMP RDX}

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5         0000000077c11055 7 bytes {MOV EDX, 0x8b85e8; JMP RDX}

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5               0000000077c110cd 7 bytes {MOV EDX, 0x8b8568; JMP RDX}

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[3692] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5  0000000077c112d1 7 bytes {MOV EDX, 0x8b84e8; JMP RDX}

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69      0000000076081465 2 bytes [08, 76]

.text   C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\chrome.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155     00000000760814bb 2 bytes [08, 76]

.text   ...                                                                                                                                               * 2
 

---- Threads - GMER 2.1 ----
 

Thread  C:\Windows\System32\svchost.exe [876:1360]                                                                                                        000007fef5d69688
 

---- EOF - GMER 2.1 ----

Code:

Malwarebytes Anti-Rootkit BETA 1.01.0.1021

www.malwarebytes.org
 

Database version: v2013.03.16.08
 

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

majdi ameni elvira :: MAJDIAMENIELVIR [administrator]
 

16.03.2013 17:38:40

mbar-log-2013-03-16 (17-38-40).txt
 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled: 

Objects scanned: 28594

Time elapsed: 17 minute(s), 20 second(s)
 

Memory Processes Detected: 0

(No malicious items detected)
 

Memory Modules Detected: 0

(No malicious items detected)
 

Registry Keys Detected: 0

(No malicious items detected)
 

Registry Values Detected: 0

(No malicious items detected)
 

Registry Data Items Detected: 0

(No malicious items detected)
 

Folders Detected: 0

(No malicious items detected)
 

Files Detected: 0

(No malicious items detected)
 

(end)

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Code:

23:49:07.0177 1884  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

23:49:07.0384 1884  ============================================================

23:49:07.0384 1884  Current date / time: 2013/03/17 23:49:07.0384

23:49:07.0384 1884  SystemInfo:

23:49:07.0384 1884  

23:49:07.0385 1884  OS Version: 6.1.7600 ServicePack: 0.0

23:49:07.0385 1884  Product type: Workstation

23:49:07.0385 1884  ComputerName: MAJDIAMENIELVIR

23:49:07.0385 1884  UserName: majdi ameni elvira

23:49:07.0385 1884  Windows directory: C:\Windows

23:49:07.0385 1884  System windows directory: C:\Windows

23:49:07.0385 1884  Running under WOW64

23:49:07.0385 1884  Processor architecture: Intel x64

23:49:07.0385 1884  Number of processors: 2

23:49:07.0385 1884  Page size: 0x1000

23:49:07.0385 1884  Boot type: Normal boot

23:49:07.0385 1884  ============================================================

23:49:08.0755 1884  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

23:49:08.0763 1884  ============================================================

23:49:08.0763 1884  \Device\Harddisk0\DR0:

23:49:08.0765 1884  MBR partitions:

23:49:08.0765 1884  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

23:49:08.0765 1884  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31E000

23:49:08.0765 1884  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x2E035000

23:49:08.0765 1884  ============================================================

23:49:08.0797 1884  C: <-> \Device\Harddisk0\DR0\Partition2

23:49:08.0840 1884  D: <-> \Device\Harddisk0\DR0\Partition3

23:49:08.0840 1884  ============================================================

23:49:08.0840 1884  Initialize success

23:49:08.0840 1884  ============================================================

23:51:37.0896 2316  ============================================================

23:51:37.0896 2316  Scan started

23:51:37.0896 2316  Mode: Manual; SigCheck; TDLFS; 

23:51:37.0896 2316  ============================================================

23:51:38.0302 2316  ================ Scan system memory ========================

23:51:38.0302 2316  System memory - ok

23:51:38.0302 2316  ================ Scan services =============================

23:51:38.0505 2316  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys

23:51:38.0645 2316  1394ohci - ok

23:51:38.0661 2316  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys

23:51:38.0692 2316  ACPI - ok

23:51:38.0723 2316  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys

23:51:38.0801 2316  AcpiPmi - ok

23:51:38.0942 2316  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

23:51:38.0973 2316  AdobeFlashPlayerUpdateSvc - ok

23:51:39.0004 2316  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys

23:51:39.0035 2316  adp94xx - ok

23:51:39.0082 2316  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys

23:51:39.0113 2316  adpahci - ok

23:51:39.0144 2316  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys

23:51:39.0207 2316  adpu320 - ok

23:51:39.0238 2316  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll

23:51:39.0394 2316  AeLookupSvc - ok

23:51:39.0456 2316  [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD             C:\Windows\system32\drivers\afd.sys

23:51:39.0503 2316  AFD - ok

23:51:39.0534 2316  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys

23:51:39.0534 2316  agp440 - ok

23:51:39.0581 2316  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe

23:51:39.0659 2316  ALG - ok

23:51:39.0675 2316  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys

23:51:39.0690 2316  aliide - ok

23:51:39.0706 2316  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys

23:51:39.0722 2316  amdide - ok

23:51:39.0737 2316  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys

23:51:39.0784 2316  AmdK8 - ok

23:51:39.0815 2316  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys

23:51:39.0831 2316  AmdPPM - ok

23:51:39.0862 2316  [ 7A4B413614C055935567CF88A9734D38 ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys

23:51:39.0862 2316  amdsata - ok

23:51:39.0878 2316  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys

23:51:39.0893 2316  amdsbs - ok

23:51:39.0909 2316  [ B4AD0CACBAB298671DD6F6EF7E20679D ] amdxata         C:\Windows\system32\DRIVERS\amdxata.sys

23:51:39.0909 2316  amdxata - ok

23:51:39.0956 2316  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID           C:\Windows\system32\drivers\appid.sys

23:51:40.0049 2316  AppID - ok

23:51:40.0065 2316  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll

23:51:40.0127 2316  AppIDSvc - ok

23:51:40.0158 2316  [ D065BE66822847B7F127D1F90158376E ] Appinfo         C:\Windows\System32\appinfo.dll

23:51:40.0190 2316  Appinfo - ok

23:51:40.0221 2316  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll

23:51:40.0268 2316  AppMgmt - ok

23:51:40.0283 2316  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys

23:51:40.0299 2316  arc - ok

23:51:40.0346 2316  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys

23:51:40.0361 2316  arcsas - ok

23:51:40.0392 2316  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys

23:51:40.0455 2316  AsyncMac - ok

23:51:40.0470 2316  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\DRIVERS\atapi.sys

23:51:40.0470 2316  atapi - ok

23:51:40.0580 2316  [ A5E770426D18F8EF332A593F3289DA91 ] athr            C:\Windows\system32\DRIVERS\athrx.sys

23:51:40.0689 2316  athr - ok

23:51:40.0736 2316  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

23:51:40.0814 2316  AudioEndpointBuilder - ok

23:51:40.0845 2316  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll

23:51:40.0892 2316  AudioSrv - ok

23:51:40.0907 2316  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll

23:51:40.0970 2316  AxInstSV - ok

23:51:41.0016 2316  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys

23:51:41.0079 2316  b06bdrv - ok

23:51:41.0126 2316  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys

23:51:41.0204 2316  b57nd60a - ok

23:51:41.0250 2316  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll

23:51:41.0297 2316  BDESVC - ok

23:51:41.0328 2316  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys

23:51:41.0406 2316  Beep - ok

23:51:41.0469 2316  [ 4992C609A6315671463E30F6512BC022 ] BFE             C:\Windows\System32\bfe.dll

23:51:41.0547 2316  BFE - ok

23:51:41.0578 2316  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\System32\qmgr.dll

23:51:41.0672 2316  BITS - ok

23:51:41.0796 2316  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys

23:51:41.0890 2316  blbdrive - ok

23:51:42.0015 2316  [ 19D20159708E152267E53B66677A4995 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys

23:51:42.0077 2316  bowser - ok

23:51:42.0108 2316  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys

23:51:42.0155 2316  BrFiltLo - ok

23:51:42.0171 2316  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys

23:51:42.0186 2316  BrFiltUp - ok

23:51:42.0218 2316  [ 6B054C67AAA87843504E8E3C09102009 ] Browser         C:\Windows\System32\browser.dll

23:51:42.0280 2316  Browser - ok

23:51:42.0296 2316  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys

23:51:42.0374 2316  Brserid - ok

23:51:42.0389 2316  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys

23:51:42.0436 2316  BrSerWdm - ok

23:51:42.0452 2316  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys

23:51:42.0483 2316  BrUsbMdm - ok

23:51:42.0498 2316  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys

23:51:42.0514 2316  BrUsbSer - ok

23:51:42.0530 2316  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys

23:51:42.0561 2316  BTHMODEM - ok

23:51:42.0623 2316  [ 21084CEB85280468C9ACA3C805C0F8CF ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys

23:51:42.0686 2316  BTHPORT - ok

23:51:42.0732 2316  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll

23:51:42.0810 2316  bthserv - ok

23:51:42.0842 2316  [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys

23:51:42.0857 2316  BTHUSB - ok

23:51:42.0888 2316  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys

23:51:42.0966 2316  cdfs - ok

23:51:42.0998 2316  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys

23:51:43.0029 2316  cdrom - ok

23:51:43.0060 2316  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc     C:\Windows\System32\certprop.dll

23:51:43.0122 2316  CertPropSvc - ok

23:51:43.0154 2316  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys

23:51:43.0185 2316  circlass - ok

23:51:43.0232 2316  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys

23:51:43.0247 2316  CLFS - ok

23:51:43.0310 2316  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

23:51:43.0341 2316  clr_optimization_v2.0.50727_32 - ok

23:51:43.0388 2316  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

23:51:43.0403 2316  clr_optimization_v2.0.50727_64 - ok

23:51:43.0434 2316  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys

23:51:43.0450 2316  CmBatt - ok

23:51:43.0466 2316  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys

23:51:43.0481 2316  cmdide - ok

23:51:43.0544 2316  [ CA7720B73446FDDEC5C69519C1174C98 ] CNG             C:\Windows\system32\Drivers\cng.sys

23:51:43.0590 2316  CNG - ok

23:51:43.0622 2316  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys

23:51:43.0622 2316  Compbatt - ok

23:51:43.0653 2316  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys

23:51:43.0715 2316  CompositeBus - ok

23:51:43.0731 2316  COMSysApp - ok

23:51:43.0746 2316  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys

23:51:43.0762 2316  crcdisk - ok

23:51:43.0793 2316  [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc        C:\Windows\system32\cryptsvc.dll

23:51:43.0871 2316  CryptSvc - ok

23:51:43.0887 2316  [ 4A6173C2279B498CD8F57CAE504564CB ] CSC             C:\Windows\system32\drivers\csc.sys

23:51:43.0949 2316  CSC - ok

23:51:43.0980 2316  [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService      C:\Windows\System32\cscsvc.dll

23:51:44.0058 2316  CscService - ok

23:51:44.0121 2316  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll

23:51:44.0183 2316  DcomLaunch - ok

23:51:44.0214 2316  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll

23:51:44.0261 2316  defragsvc - ok

23:51:44.0308 2316  [ 9C253CE7311CA60FC11C774692A13208 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys

23:51:44.0355 2316  DfsC - ok

23:51:44.0417 2316  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll

23:51:44.0495 2316  Dhcp - ok

23:51:44.0511 2316  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys

23:51:44.0589 2316  discache - ok

23:51:44.0651 2316  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys

23:51:44.0667 2316  Disk - ok

23:51:44.0714 2316  [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache        C:\Windows\System32\dnsrslvr.dll

23:51:44.0745 2316  Dnscache - ok

23:51:44.0776 2316  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc         C:\Windows\System32\dot3svc.dll

23:51:44.0854 2316  dot3svc - ok

23:51:44.0870 2316  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS             C:\Windows\system32\dps.dll

23:51:44.0932 2316  DPS - ok

23:51:44.0979 2316  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys

23:51:44.0994 2316  drmkaud - ok

23:51:45.0041 2316  [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys

23:51:45.0057 2316  DXGKrnl - ok

23:51:45.0104 2316  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll

23:51:45.0166 2316  EapHost - ok

23:51:45.0260 2316  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys

23:51:45.0369 2316  ebdrv - ok

23:51:45.0431 2316  [ 156F6159457D0AA7E59B62681B56EB90 ] EFS             C:\Windows\System32\lsass.exe

23:51:45.0478 2316  EFS - ok

23:51:45.0556 2316  [ B91D81B3B54A54CCAFC03733DBC2E29E ] ehRecvr         C:\Windows\ehome\ehRecvr.exe

23:51:45.0634 2316  ehRecvr - ok

23:51:45.0650 2316  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe

23:51:45.0665 2316  ehSched - ok

23:51:45.0712 2316  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys

23:51:45.0743 2316  elxstor - ok

23:51:45.0759 2316  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys

23:51:45.0790 2316  ErrDev - ok

23:51:45.0837 2316  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll

23:51:45.0899 2316  EventSystem - ok

23:51:45.0930 2316  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys

23:51:45.0977 2316  exfat - ok

23:51:45.0977 2316  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys

23:51:46.0024 2316  fastfat - ok

23:51:46.0055 2316  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax             C:\Windows\system32\fxssvc.exe

23:51:46.0118 2316  Fax - ok

23:51:46.0153 2316  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys

23:51:46.0188 2316  fdc - ok

23:51:46.0228 2316  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll

23:51:46.0305 2316  fdPHost - ok

23:51:46.0324 2316  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll

23:51:46.0407 2316  FDResPub - ok

23:51:46.0439 2316  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys

23:51:46.0450 2316  FileInfo - ok

23:51:46.0472 2316  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys

23:51:46.0536 2316  Filetrace - ok

23:51:46.0546 2316  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys

23:51:46.0566 2316  flpydisk - ok

23:51:46.0602 2316  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys

23:51:46.0630 2316  FltMgr - ok

23:51:46.0742 2316  [ BC00505CFDA789ED3BE95D2FF38C4875 ] FontCache       C:\Windows\system32\FntCache.dll

23:51:46.0814 2316  FontCache - ok

23:51:46.0860 2316  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

23:51:46.0880 2316  FontCache3.0.0.0 - ok

23:51:46.0895 2316  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys

23:51:46.0914 2316  FsDepends - ok

23:51:46.0955 2316  [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys

23:51:46.0967 2316  Fs_Rec - ok

23:51:47.0013 2316  [ B8B2A6E1558F8F5DE5CE431C5B2C7B09 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys

23:51:47.0038 2316  fvevol - ok

23:51:47.0064 2316  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys

23:51:47.0080 2316  gagp30kx - ok

23:51:47.0124 2316  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

23:51:47.0143 2316  GEARAspiWDM - ok

23:51:47.0199 2316  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc           C:\Windows\System32\gpsvc.dll

23:51:47.0260 2316  gpsvc - ok

23:51:47.0358 2316  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

23:51:47.0373 2316  gupdate - ok

23:51:47.0389 2316  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

23:51:47.0389 2316  gupdatem - ok

23:51:47.0420 2316  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys

23:51:47.0467 2316  hcw85cir - ok

23:51:47.0498 2316  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

23:51:47.0545 2316  HdAudAddService - ok

23:51:47.0592 2316  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys

23:51:47.0623 2316  HDAudBus - ok

23:51:47.0639 2316  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys

23:51:47.0670 2316  HidBatt - ok

23:51:47.0685 2316  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys

23:51:47.0717 2316  HidBth - ok

23:51:47.0763 2316  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys

23:51:47.0795 2316  HidIr - ok

23:51:47.0826 2316  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll

23:51:47.0904 2316  hidserv - ok

23:51:47.0951 2316  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys

23:51:47.0982 2316  HidUsb - ok

23:51:48.0029 2316  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll

23:51:48.0107 2316  hkmsvc - ok

23:51:48.0138 2316  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

23:51:48.0200 2316  HomeGroupListener - ok

23:51:48.0231 2316  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll

23:51:48.0263 2316  HomeGroupProvider - ok

23:51:48.0309 2316  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys

23:51:48.0325 2316  HpSAMD - ok

23:51:48.0387 2316  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys

23:51:48.0481 2316  HTTP - ok

23:51:48.0497 2316  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys

23:51:48.0497 2316  hwpolicy - ok

23:51:48.0528 2316  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys

23:51:48.0559 2316  i8042prt - ok

23:51:48.0590 2316  [ D83EFB6FD45DF9D55E9A1AFC63640D50 ] iaStorV         C:\Windows\system32\DRIVERS\iaStorV.sys

23:51:48.0606 2316  iaStorV - ok

23:51:48.0684 2316  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

23:51:48.0715 2316  idsvc - ok

23:51:48.0777 2316  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys

23:51:48.0793 2316  iirsp - ok

23:51:48.0855 2316  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll

23:51:48.0918 2316  IKEEXT - ok

23:51:48.0933 2316  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys

23:51:48.0949 2316  intelide - ok

23:51:48.0980 2316  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys

23:51:48.0996 2316  intelppm - ok

23:51:49.0043 2316  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll

23:51:49.0105 2316  IPBusEnum - ok

23:51:49.0121 2316  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys

23:51:49.0167 2316  IpFilterDriver - ok

23:51:49.0214 2316  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll

23:51:49.0277 2316  iphlpsvc - ok

23:51:49.0292 2316  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys

23:51:49.0292 2316  IPMIDRV - ok

23:51:49.0308 2316  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys

23:51:49.0355 2316  IPNAT - ok

23:51:49.0433 2316  [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe

23:51:49.0464 2316  iPod Service - ok

23:51:49.0495 2316  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys

23:51:49.0511 2316  IRENUM - ok

23:51:49.0542 2316  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys

23:51:49.0557 2316  isapnp - ok

23:51:49.0573 2316  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys

23:51:49.0589 2316  iScsiPrt - ok

23:51:49.0620 2316  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys

23:51:49.0635 2316  kbdclass - ok

23:51:49.0651 2316  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys

23:51:49.0682 2316  kbdhid - ok

23:51:49.0698 2316  [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso          C:\Windows\system32\lsass.exe

23:51:49.0729 2316  KeyIso - ok

23:51:49.0745 2316  [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys

23:51:49.0760 2316  KSecDD - ok

23:51:49.0776 2316  [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys

23:51:49.0791 2316  KSecPkg - ok

23:51:49.0823 2316  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys

23:51:49.0854 2316  ksthunk - ok

23:51:49.0901 2316  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll

23:51:49.0947 2316  KtmRm - ok

23:51:49.0994 2316  [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer    C:\Windows\system32\srvsvc.dll

23:51:50.0010 2316  LanmanServer - ok

23:51:50.0025 2316  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

23:51:50.0072 2316  LanmanWorkstation - ok

23:51:50.0103 2316  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys

23:51:50.0181 2316  lltdio - ok

23:51:50.0213 2316  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll

23:51:50.0259 2316  lltdsvc - ok

23:51:50.0275 2316  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll

23:51:50.0306 2316  lmhosts - ok

23:51:50.0353 2316  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys

23:51:50.0369 2316  LSI_FC - ok

23:51:50.0384 2316  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys

23:51:50.0400 2316  LSI_SAS - ok

23:51:50.0415 2316  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys

23:51:50.0431 2316  LSI_SAS2 - ok

23:51:50.0447 2316  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys

23:51:50.0462 2316  LSI_SCSI - ok

23:51:50.0478 2316  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys

23:51:50.0556 2316  luafv - ok

23:51:50.0587 2316  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys

23:51:50.0634 2316  MBAMProtector - ok

23:51:50.0681 2316  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

23:51:50.0696 2316  MBAMScheduler - ok

23:51:50.0759 2316  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

23:51:50.0790 2316  MBAMService - ok

23:51:50.0868 2316  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe

23:51:50.0899 2316  McComponentHostService - ok

23:51:50.0915 2316  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll

23:51:50.0946 2316  Mcx2Svc - ok

23:51:50.0961 2316  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys

23:51:50.0977 2316  megasas - ok

23:51:50.0993 2316  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys

23:51:51.0008 2316  MegaSR - ok

23:51:51.0055 2316  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll

23:51:51.0133 2316  MMCSS - ok

23:51:51.0149 2316  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys

23:51:51.0195 2316  Modem - ok

23:51:51.0227 2316  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys

23:51:51.0258 2316  monitor - ok

23:51:51.0273 2316  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys

23:51:51.0289 2316  mouclass - ok

23:51:51.0336 2316  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys

23:51:51.0367 2316  mouhid - ok

23:51:51.0398 2316  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys

23:51:51.0429 2316  mountmgr - ok

23:51:51.0507 2316  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

23:51:51.0523 2316  MozillaMaintenance - ok

23:51:51.0554 2316  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\DRIVERS\mpio.sys

23:51:51.0570 2316  mpio - ok

23:51:51.0585 2316  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys

23:51:51.0648 2316  mpsdrv - ok

23:51:51.0679 2316  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\Windows\system32\mpssvc.dll

23:51:51.0741 2316  MpsSvc - ok

23:51:51.0757 2316  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys

23:51:51.0788 2316  MRxDAV - ok

23:51:51.0819 2316  [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys

23:51:51.0882 2316  mrxsmb - ok

23:51:51.0913 2316  [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys

23:51:51.0960 2316  mrxsmb10 - ok

23:51:51.0991 2316  [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys

23:51:52.0022 2316  mrxsmb20 - ok

23:51:52.0038 2316  [ 5C37497276E3B3A5488B23A326A754B7 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys

23:51:52.0053 2316  msahci - ok

23:51:52.0069 2316  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys

23:51:52.0100 2316  msdsm - ok

23:51:52.0116 2316  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe

23:51:52.0147 2316  MSDTC - ok

23:51:52.0178 2316  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys

23:51:52.0209 2316  Msfs - ok

23:51:52.0241 2316  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys

23:51:52.0303 2316  mshidkmdf - ok

23:51:52.0319 2316  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys

23:51:52.0334 2316  msisadrv - ok

23:51:52.0350 2316  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll

23:51:52.0397 2316  MSiSCSI - ok

23:51:52.0397 2316  msiserver - ok

23:51:52.0428 2316  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys

23:51:52.0506 2316  MSKSSRV - ok

23:51:52.0506 2316  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys

23:51:52.0568 2316  MSPCLOCK - ok

23:51:52.0599 2316  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys

23:51:52.0662 2316  MSPQM - ok

23:51:52.0677 2316  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys

23:51:52.0693 2316  MsRPC - ok

23:51:52.0709 2316  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys

23:51:52.0724 2316  mssmbios - ok

23:51:52.0724 2316  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys

23:51:52.0771 2316  MSTEE - ok

23:51:52.0787 2316  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys

23:51:52.0818 2316  MTConfig - ok

23:51:52.0833 2316  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys

23:51:52.0865 2316  Mup - ok

23:51:52.0896 2316  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll

23:51:52.0943 2316  napagent - ok

23:51:52.0989 2316  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys

23:51:53.0052 2316  NativeWifiP - ok

23:51:53.0114 2316  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys

23:51:53.0161 2316  NDIS - ok

23:51:53.0192 2316  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys

23:51:53.0223 2316  NdisCap - ok

23:51:53.0255 2316  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys

23:51:53.0317 2316  NdisTapi - ok

23:51:53.0348 2316  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys

23:51:53.0379 2316  Ndisuio - ok

23:51:53.0395 2316  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys

23:51:53.0426 2316  NdisWan - ok

23:51:53.0442 2316  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys

23:51:53.0489 2316  NDProxy - ok

23:51:53.0504 2316  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys

23:51:53.0551 2316  NetBIOS - ok

23:51:53.0582 2316  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys

23:51:53.0629 2316  NetBT - ok

23:51:53.0645 2316  [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon        C:\Windows\system32\lsass.exe

23:51:53.0660 2316  Netlogon - ok

23:51:53.0691 2316  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll

23:51:53.0754 2316  Netman - ok

23:51:53.0769 2316  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll

23:51:53.0832 2316  netprofm - ok

23:51:53.0863 2316  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

23:51:53.0863 2316  NetTcpPortSharing - ok

23:51:53.0910 2316  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys

23:51:53.0941 2316  nfrd960 - ok

23:51:53.0972 2316  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll

23:51:54.0035 2316  NlaSvc - ok

23:51:54.0050 2316  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys

23:51:54.0097 2316  Npfs - ok

23:51:54.0113 2316  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll

23:51:54.0191 2316  nsi - ok

23:51:54.0206 2316  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys

23:51:54.0269 2316  nsiproxy - ok

23:51:54.0315 2316  [ 356698A13C4630D5B31C37378D469196 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys

23:51:54.0362 2316  Ntfs - ok

23:51:54.0393 2316  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys

23:51:54.0456 2316  Null - ok

23:51:54.0503 2316  [ 3E38712941E9BB4DDBEE00AFFE3FED3D ] nvraid          C:\Windows\system32\DRIVERS\nvraid.sys

23:51:54.0518 2316  nvraid - ok

23:51:54.0534 2316  [ 477DC4D6DEB99BE37084C9AC6D013DA1 ] nvstor          C:\Windows\system32\DRIVERS\nvstor.sys

23:51:54.0549 2316  nvstor - ok

23:51:54.0565 2316  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys

23:51:54.0581 2316  nv_agp - ok

23:51:54.0596 2316  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys

23:51:54.0627 2316  ohci1394 - ok

23:51:54.0643 2316  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll

23:51:54.0690 2316  p2pimsvc - ok

23:51:54.0721 2316  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll

23:51:54.0737 2316  p2psvc - ok

23:51:54.0768 2316  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys

23:51:54.0799 2316  Parport - ok

23:51:54.0830 2316  [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr         C:\Windows\system32\drivers\partmgr.sys

23:51:54.0846 2316  partmgr - ok

23:51:54.0877 2316  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll

23:51:54.0908 2316  PcaSvc - ok

23:51:54.0939 2316  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci             C:\Windows\system32\DRIVERS\pci.sys

23:51:54.0955 2316  pci - ok

23:51:54.0971 2316  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys

23:51:54.0986 2316  pciide - ok

23:51:55.0002 2316  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys

23:51:55.0017 2316  pcmcia - ok

23:51:55.0049 2316  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys

23:51:55.0049 2316  pcw - ok

23:51:55.0080 2316  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys

23:51:55.0127 2316  PEAUTH - ok

23:51:55.0189 2316  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll

23:51:55.0267 2316  PeerDistSvc - ok

23:51:55.0345 2316  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe

23:51:55.0376 2316  PerfHost - ok

23:51:55.0439 2316  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla             C:\Windows\system32\pla.dll

23:51:55.0501 2316  pla - ok

23:51:55.0563 2316  [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll

23:51:55.0626 2316  PlugPlay - ok

23:51:55.0657 2316  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll

23:51:55.0673 2316  PNRPAutoReg - ok

23:51:55.0688 2316  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll

23:51:55.0719 2316  PNRPsvc - ok

23:51:55.0766 2316  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll

23:51:55.0844 2316  PolicyAgent - ok

23:51:55.0875 2316  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll

23:51:55.0922 2316  Power - ok

23:51:55.0953 2316  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys

23:51:56.0000 2316  PptpMiniport - ok

23:51:56.0016 2316  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys

23:51:56.0031 2316  Processor - ok

23:51:56.0063 2316  [ F381975E1F4346DE875CB07339CE8D3A ] ProfSvc         C:\Windows\system32\profsvc.dll

23:51:56.0109 2316  ProfSvc - ok

23:51:56.0141 2316  [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe

23:51:56.0141 2316  ProtectedStorage - ok

23:51:56.0172 2316  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys

23:51:56.0219 2316  Psched - ok

23:51:56.0265 2316  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys

23:51:56.0297 2316  ql2300 - ok

23:51:56.0359 2316  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys

23:51:56.0390 2316  ql40xx - ok

23:51:56.0421 2316  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll

23:51:56.0453 2316  QWAVE - ok

23:51:56.0468 2316  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys

23:51:56.0499 2316  QWAVEdrv - ok

23:51:56.0515 2316  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys

23:51:56.0577 2316  RasAcd - ok

23:51:56.0609 2316  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys

23:51:56.0640 2316  RasAgileVpn - ok

23:51:56.0671 2316  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll

23:51:56.0718 2316  RasAuto - ok

23:51:56.0749 2316  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys

23:51:56.0780 2316  Rasl2tp - ok

23:51:56.0811 2316  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll

23:51:56.0858 2316  RasMan - ok

23:51:56.0874 2316  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys

23:51:56.0921 2316  RasPppoe - ok

23:51:56.0936 2316  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys

23:51:56.0983 2316  RasSstp - ok

23:51:56.0999 2316  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys

23:51:57.0061 2316  rdbss - ok

23:51:57.0077 2316  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys

23:51:57.0108 2316  rdpbus - ok

23:51:57.0123 2316  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys

23:51:57.0155 2316  RDPCDD - ok

23:51:57.0186 2316  [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys

23:51:57.0233 2316  RDPDR - ok

23:51:57.0264 2316  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys

23:51:57.0357 2316  RDPENCDD - ok

23:51:57.0389 2316  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys

23:51:57.0420 2316  RDPREFMP - ok

23:51:57.0451 2316  [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys

23:51:57.0482 2316  RDPWD - ok

23:51:57.0529 2316  [ 634B9A2181D98F15941236886164EC8B ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys

23:51:57.0560 2316  rdyboost - ok

23:51:57.0591 2316  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll

23:51:57.0669 2316  RemoteAccess - ok

23:51:57.0685 2316  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll

23:51:57.0732 2316  RemoteRegistry - ok

23:51:57.0763 2316  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll

23:51:57.0810 2316  RpcEptMapper - ok

23:51:57.0825 2316  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe

23:51:57.0857 2316  RpcLocator - ok

23:51:57.0888 2316  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs           C:\Windows\system32\rpcss.dll

23:51:57.0935 2316  RpcSs - ok

23:51:57.0966 2316  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys

23:51:58.0059 2316  rspndr - ok

23:51:58.0091 2316  [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap           C:\Windows\system32\DRIVERS\vms3cap.sys

23:51:58.0122 2316  s3cap - ok

23:51:58.0137 2316  [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs           C:\Windows\system32\lsass.exe

23:51:58.0153 2316  SamSs - ok

23:51:58.0184 2316  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys

23:51:58.0200 2316  sbp2port - ok

23:51:58.0215 2316  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll

23:51:58.0262 2316  SCardSvr - ok

23:51:58.0278 2316  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys

23:51:58.0325 2316  scfilter - ok

23:51:58.0371 2316  [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule        C:\Windows\system32\schedsvc.dll

23:51:58.0434 2316  Schedule - ok

23:51:58.0465 2316  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc     C:\Windows\System32\certprop.dll

23:51:58.0496 2316  SCPolicySvc - ok

23:51:58.0527 2316  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll

23:51:58.0574 2316  SDRSVC - ok

23:51:58.0605 2316  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys

23:51:58.0668 2316  secdrv - ok

23:51:58.0699 2316  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll

23:51:58.0730 2316  seclogon - ok

23:51:58.0761 2316  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll

23:51:58.0808 2316  SENS - ok

23:51:58.0839 2316  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll

23:51:58.0886 2316  SensrSvc - ok

23:51:58.0917 2316  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys

23:51:58.0964 2316  Serenum - ok

23:51:58.0980 2316  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys

23:51:59.0027 2316  Serial - ok

23:51:59.0042 2316  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys

23:51:59.0073 2316  sermouse - ok

23:51:59.0105 2316  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll

23:51:59.0151 2316  SessionEnv - ok

23:51:59.0229 2316  [ 70F9C476B62DE4F2823E918A6C181ADE ] SFEP            C:\Windows\system32\DRIVERS\SFEP.sys

23:51:59.0276 2316  SFEP - ok

23:51:59.0292 2316  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys

23:51:59.0323 2316  sffdisk - ok

23:51:59.0339 2316  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys

23:51:59.0370 2316  sffp_mmc - ok

23:51:59.0370 2316  [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys

23:51:59.0385 2316  sffp_sd - ok

23:51:59.0385 2316  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys

23:51:59.0417 2316  sfloppy - ok

23:51:59.0463 2316  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll

23:51:59.0541 2316  SharedAccess - ok

23:51:59.0573 2316  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll

23:51:59.0619 2316  ShellHWDetection - ok

23:51:59.0651 2316  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys

23:51:59.0651 2316  SiSRaid2 - ok

23:51:59.0682 2316  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys

23:51:59.0682 2316  SiSRaid4 - ok

23:51:59.0713 2316  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys

23:51:59.0775 2316  Smb - ok

23:51:59.0807 2316  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe

23:51:59.0822 2316  SNMPTRAP - ok

23:51:59.0838 2316  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys

23:51:59.0838 2316  spldr - ok

23:51:59.0885 2316  [ F8E1FA03CB70D54A9892AC88B91D1E7B ] Spooler         C:\Windows\System32\spoolsv.exe

23:51:59.0916 2316  Spooler - ok

23:52:00.0025 2316  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe

23:52:00.0150 2316  sppsvc - ok

23:52:00.0165 2316  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll

23:52:00.0212 2316  sppuinotify - ok

23:52:00.0243 2316  [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv             C:\Windows\system32\DRIVERS\srv.sys

23:52:00.0321 2316  srv - ok

23:52:00.0368 2316  [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys

23:52:00.0399 2316  srv2 - ok

23:52:00.0446 2316  [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys

23:52:00.0493 2316  srvnet - ok

23:52:00.0524 2316  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll

23:52:00.0618 2316  SSDPSRV - ok

23:52:00.0633 2316  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll

23:52:00.0680 2316  SstpSvc - ok

23:52:00.0711 2316  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys

23:52:00.0711 2316  stexstor - ok

23:52:00.0743 2316  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll

23:52:00.0789 2316  stisvc - ok

23:52:00.0821 2316  [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys

23:52:00.0852 2316  storflt - ok

23:52:00.0883 2316  [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc         C:\Windows\system32\DRIVERS\storvsc.sys

23:52:00.0899 2316  storvsc - ok

23:52:00.0914 2316  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys

23:52:00.0930 2316  swenum - ok

23:52:00.0961 2316  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll

23:52:01.0008 2316  swprv - ok

23:52:01.0055 2316  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain         C:\Windows\system32\sysmain.dll

23:52:01.0101 2316  SysMain - ok

23:52:01.0133 2316  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll

23:52:01.0164 2316  TabletInputService - ok

23:52:01.0179 2316  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv         C:\Windows\System32\tapisrv.dll

23:52:01.0242 2316  TapiSrv - ok

23:52:01.0273 2316  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll

23:52:01.0304 2316  TBS - ok

23:52:01.0382 2316  [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys

23:52:01.0429 2316  Tcpip - ok

23:52:01.0507 2316  [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys

23:52:01.0554 2316  TCPIP6 - ok

23:52:01.0585 2316  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys

23:52:01.0616 2316  tcpipreg - ok

23:52:01.0632 2316  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys

23:52:01.0663 2316  TDPIPE - ok

23:52:01.0710 2316  [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys

23:52:01.0772 2316  TDTCP - ok

23:52:01.0803 2316  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys

23:52:01.0881 2316  tdx - ok

23:52:01.0959 2316  [ 622FCF264119F7DF127BE353F796B319 ] TelevisionFanaticService C:\PROGRA~2\TELEVI~2\bar\1.bin\64barsvc.exe

23:52:01.0991 2316  TelevisionFanaticService - ok

23:52:02.0006 2316  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys

23:52:02.0022 2316  TermDD - ok

23:52:02.0069 2316  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService     C:\Windows\System32\termsrv.dll

23:52:02.0131 2316  TermService - ok

23:52:02.0147 2316  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll

23:52:02.0178 2316  Themes - ok

23:52:02.0193 2316  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll

23:52:02.0240 2316  THREADORDER - ok

23:52:02.0271 2316  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll

23:52:02.0349 2316  TrkWks - ok

23:52:02.0396 2316  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

23:52:02.0427 2316  TrustedInstaller - ok

23:52:02.0443 2316  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys

23:52:02.0490 2316  tssecsrv - ok

23:52:02.0505 2316  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys

23:52:02.0552 2316  tunnel - ok

23:52:02.0568 2316  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys

23:52:02.0583 2316  uagp35 - ok

23:52:02.0599 2316  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs            C:\Windows\system32\DRIVERS\udfs.sys

23:52:02.0646 2316  udfs - ok

23:52:02.0661 2316  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe

23:52:02.0677 2316  UI0Detect - ok

23:52:02.0693 2316  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys

23:52:02.0708 2316  uliagpkx - ok

23:52:02.0724 2316  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys

23:52:02.0739 2316  umbus - ok

23:52:02.0739 2316  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys

23:52:02.0771 2316  UmPass - ok

23:52:02.0786 2316  [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService    C:\Windows\System32\umrdp.dll

23:52:02.0817 2316  UmRdpService - ok

23:52:02.0849 2316  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll

23:52:02.0880 2316  upnphost - ok

23:52:02.0911 2316  [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys

23:52:02.0942 2316  USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning

23:52:02.0942 2316  USBAAPL64 - detected UnsignedFile.Multi.Generic (1)

23:52:02.0973 2316  [ B26AFB54A534D634523C4FB66765B026 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys

23:52:02.0989 2316  usbccgp - ok

23:52:03.0020 2316  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys

23:52:03.0036 2316  usbcir - ok

23:52:03.0051 2316  [ 2EA4AFF7BE7EB4632E3AA8595B0803B5 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys

23:52:03.0083 2316  usbehci - ok

23:52:03.0129 2316  [ 4C9042B8DF86C1E8E6240C218B99B39B ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys

23:52:03.0161 2316  usbhub - ok

23:52:03.0176 2316  [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys

23:52:03.0176 2316  usbohci - ok

23:52:03.0192 2316  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys

23:52:03.0207 2316  usbprint - ok

23:52:03.0223 2316  [ 080D3820DA6C046BE82FC8B45A893E83 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS

23:52:03.0239 2316  USBSTOR - ok

23:52:03.0254 2316  [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys

23:52:03.0285 2316  usbuhci - ok

23:52:03.0317 2316  [ D501E12614B00A3252073101D6A1A74B ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys

23:52:03.0348 2316  usbvideo - ok

23:52:03.0363 2316  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll

23:52:03.0410 2316  UxSms - ok

23:52:03.0426 2316  [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc        C:\Windows\system32\lsass.exe

23:52:03.0441 2316  VaultSvc - ok

23:52:03.0457 2316  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys

23:52:03.0473 2316  vdrvroot - ok

23:52:03.0488 2316  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds             C:\Windows\System32\vds.exe

23:52:03.0519 2316  vds - ok

23:52:03.0551 2316  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys

23:52:03.0566 2316  vga - ok

23:52:03.0582 2316  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys

23:52:03.0613 2316  VgaSave - ok

23:52:03.0644 2316  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys

23:52:03.0660 2316  vhdmp - ok

23:52:03.0675 2316  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys

23:52:03.0691 2316  viaide - ok

23:52:03.0738 2316  [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus           C:\Windows\system32\DRIVERS\vmbus.sys

23:52:03.0769 2316  vmbus - ok

23:52:03.0769 2316  [ AE10C35761889E65A6F7176937C5592C ] VMBusHID        C:\Windows\system32\DRIVERS\VMBusHID.sys

23:52:03.0785 2316  VMBusHID - ok

23:52:03.0816 2316  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys

23:52:03.0816 2316  volmgr - ok

23:52:03.0831 2316  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys

23:52:03.0847 2316  volmgrx - ok

23:52:03.0894 2316  [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap         C:\Windows\system32\drivers\volsnap.sys

23:52:03.0925 2316  volsnap - ok

23:52:03.0972 2316  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys

23:52:03.0987 2316  vsmraid - ok

23:52:04.0050 2316  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS             C:\Windows\system32\vssvc.exe

23:52:04.0097 2316  VSS - ok

23:52:04.0112 2316  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys

23:52:04.0190 2316  vwifibus - ok

23:52:04.0221 2316  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys

23:52:04.0237 2316  vwififlt - ok

23:52:04.0253 2316  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys

23:52:04.0284 2316  vwifimp - ok

23:52:04.0315 2316  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll

23:52:04.0362 2316  W32Time - ok

23:52:04.0377 2316  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys

23:52:04.0409 2316  WacomPen - ok

23:52:04.0440 2316  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys

23:52:04.0502 2316  WANARP - ok

23:52:04.0518 2316  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys

23:52:04.0549 2316  Wanarpv6 - ok

23:52:04.0611 2316  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe

23:52:04.0658 2316  wbengine - ok

23:52:04.0689 2316  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll

23:52:04.0705 2316  WbioSrvc - ok

23:52:04.0721 2316  [ 8321C2CA3B62B61B293CDA3451984468 ] wcncsvc         C:\Windows\System32\wcncsvc.dll

23:52:04.0752 2316  wcncsvc - ok

23:52:04.0752 2316  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

23:52:04.0799 2316  WcsPlugInService - ok

23:52:04.0814 2316  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys

23:52:04.0830 2316  Wd - ok

23:52:04.0845 2316  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys

23:52:04.0877 2316  Wdf01000 - ok

23:52:04.0892 2316  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll

23:52:04.0908 2316  WdiServiceHost - ok

23:52:04.0923 2316  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll

23:52:04.0939 2316  WdiSystemHost - ok

23:52:04.0955 2316  [ 8A438CBB8C032A0C798B0C642FFBE572 ] WebClient       C:\Windows\System32\webclnt.dll

23:52:04.0986 2316  WebClient - ok

23:52:05.0017 2316  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll

23:52:05.0064 2316  Wecsvc - ok

23:52:05.0095 2316  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll

23:52:05.0126 2316  wercplsupport - ok

23:52:05.0157 2316  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll

23:52:05.0189 2316  WerSvc - ok

23:52:05.0204 2316  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys

23:52:05.0235 2316  WfpLwf - ok

23:52:05.0251 2316  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys

23:52:05.0251 2316  WIMMount - ok

23:52:05.0267 2316  WinDefend - ok

23:52:05.0282 2316  WinHttpAutoProxySvc - ok

23:52:05.0313 2316  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll

23:52:05.0391 2316  Winmgmt - ok

23:52:05.0469 2316  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM           C:\Windows\system32\WsmSvc.dll

23:52:05.0547 2316  WinRM - ok

23:52:05.0610 2316  [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys

23:52:05.0641 2316  WinUsb - ok

23:52:05.0688 2316  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll

23:52:05.0735 2316  Wlansvc - ok

23:52:05.0766 2316  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys

23:52:05.0766 2316  WmiAcpi - ok

23:52:05.0797 2316  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe

23:52:05.0813 2316  wmiApSrv - ok

23:52:05.0828 2316  WMPNetworkSvc - ok

23:52:05.0859 2316  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll

23:52:05.0906 2316  WPCSvc - ok

23:52:05.0922 2316  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll

23:52:05.0984 2316  WPDBusEnum - ok

23:52:06.0015 2316  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys

23:52:06.0078 2316  ws2ifsl - ok

23:52:06.0093 2316  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll

23:52:06.0109 2316  wscsvc - ok

23:52:06.0125 2316  WSearch - ok

23:52:06.0203 2316  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll

23:52:06.0265 2316  wuauserv - ok

23:52:06.0281 2316  [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys

23:52:06.0327 2316  WudfPf - ok

23:52:06.0359 2316  [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys

23:52:06.0405 2316  WUDFRd - ok

23:52:06.0421 2316  [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc         C:\Windows\System32\WUDFSvc.dll

23:52:06.0468 2316  wudfsvc - ok

23:52:06.0483 2316  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll

23:52:06.0499 2316  WwanSvc - ok

23:52:06.0515 2316  ================ Scan global ===============================

23:52:06.0530 2316  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

23:52:06.0577 2316  [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll

23:52:06.0593 2316  [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll

23:52:06.0624 2316  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

23:52:06.0655 2316  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

23:52:06.0655 2316  [Global] - ok

23:52:06.0655 2316  ================ Scan MBR ==================================

23:52:06.0686 2316  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

23:52:07.0045 2316  \Device\Harddisk0\DR0 - ok

23:52:07.0061 2316  ================ Scan VBR ==================================

23:52:07.0061 2316  [ E688E1B8AC39C92465B3F828E9A0E2B3 ] \Device\Harddisk0\DR0\Partition1

23:52:07.0061 2316  \Device\Harddisk0\DR0\Partition1 - ok

23:52:07.0092 2316  [ B0FB463E456DFA57B200EB0909FECE80 ] \Device\Harddisk0\DR0\Partition2

23:52:07.0092 2316  \Device\Harddisk0\DR0\Partition2 - ok

23:52:07.0107 2316  [ 7BAEA7E2C8E2985B4C1F12763A37625E ] \Device\Harddisk0\DR0\Partition3

23:52:07.0123 2316  \Device\Harddisk0\DR0\Partition3 - ok

23:52:07.0123 2316  ============================================================

23:52:07.0123 2316  Scan finished

23:52:07.0123 2316  ============================================================

23:52:07.0139 1360  Detected object count: 1

23:52:07.0139 1360  Actual detected object count: 1

23:52:40.0084 1360  USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user

23:52:40.0084 1360  USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:52:46.0841 1180  Deinitialize success

Code:

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software

Run date: 2013-03-17 23:33:24

-----------------------------

23:33:24.435    OS Version: Windows x64 6.1.7600 

23:33:24.435    Number of processors: 2 586 0x2A07

23:33:24.435    ComputerName: MAJDIAMENIELVIR  UserName: 

23:33:24.903    Initialize success

23:36:11.445    AVAST engine defs: 13031701

23:42:36.246    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

23:42:36.253    Disk 0 Vendor: Hitachi_HTS547550A9E384 JE3OA50B Size: 476940MB BusType: 11

23:42:36.272    Disk 0 MBR read successfully

23:42:36.278    Disk 0 MBR scan

23:42:36.297    Disk 0 Windows 7 default MBR code

23:42:36.314    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048

23:42:36.339    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        99900 MB offset 206848

23:42:36.374    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       376938 MB offset 204802048

23:42:36.424    Disk 0 scanning C:\Windows\system32\drivers

23:42:46.493    Service scanning

23:43:12.450    Modules scanning

23:43:12.452    Disk 0 trace - called modules:

23:43:12.472    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 

23:43:12.477    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800483d6d0]

23:43:12.478    3 CLASSPNP.SYS[fffff8800190a43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80046d9060]

23:43:13.125    AVAST engine scan C:\Windows

23:43:14.662    AVAST engine scan C:\Windows\system32

23:45:43.458    AVAST engine scan C:\Windows\system32\drivers

23:45:56.123    AVAST engine scan C:\Users\majdi ameni elvira

23:48:31.300    Disk 0 MBR has been saved successfully to "C:\Users\majdi ameni elvira\Desktop\MBR.dat"

23:48:31.309    The log file has been saved successfully to "C:\Users\majdi ameni elvira\Desktop\aswMBR.txt"

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

...

Code:

ComboFix 13-03-17.01 - majdi ameni elvira 18.03.2013  19:18:52.1.2 - x64

Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1033.18.4078.2915 [GMT 1:00]

ausgeführt von:: c:\users\majdi ameni elvira\Downloads\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\TelevisionFanatic

c:\program files (x86)\TelevisionFanatic\bar\1.bin\64auxstb.dll

c:\program files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll

c:\program files (x86)\TelevisionFanatic\bar\1.bin\64barsvc.exe

c:\program files (x86)\TelevisionFanatic\bar\1.bin\64brmon.exe

c:\program files (x86)\TelevisionFanatic\bar\1.bin\64brstub.dll

c:\program files (x86)\TelevisionFanatic\bar\1.bin\64datact.dll

c:\program files (x86)\TelevisionFanatic\bar\1.bin\64dlghk.dll

c:\program files (x86)\TelevisionFanatic\bar\1.bin\64dyn.dll

c:\program files (x86)\TelevisionFanatic\bar\1.bin\64feedmg.dll

c:\program files (x86)\TelevisionFanatic\bar\1.bin\64highin.exe

c:\program files (x86)\TelevisionFanatic\bar\1.bin\64hkstub.dll

c:\program files (x86)\TelevisionFanatic\bar\1.bin\64htmlmu.dll

c:\program files (x86)\TelevisionFanatic\bar\1.bin\64httpct.dll

c:\program files (x86)\TelevisionFanatic\bar\1.bin\64idle.dll

c:\program files (x86)\TelevisionFanatic\bar\1.bin\64ieovr.dll

c:\program files (x86)\TelevisionFanatic\bar\1.bin\64impipe.exe

c:\program files (x86)\TelevisionFanatic\bar\1.bin\64medint.exe

c:\program files (x86)\TelevisionFanatic\bar\1.bin\64mlbtn.dll

c:\program files (x86)\TelevisionFanatic\bar\1.bin\64msg.dll

c:\program files (x86)\TelevisionFanatic\bar\1.bin\64Plugin.dll

c:\program files (x86)\TelevisionFanatic\bar\1.bin\64radio.dll

c:\program files (x86)\TelevisionFanatic\bar\1.bin\64regfft.dll

c:\program files (x86)\TelevisionFanatic\bar\1.bin\64reghk.dll

c:\program files (x86)\TelevisionFanatic\bar\1.bin\64regiet.dll

c:\program files (x86)\TelevisionFanatic\bar\1.bin\64script.dll

c:\program files (x86)\TelevisionFanatic\bar\1.bin\64skin.dll

c:\program files (x86)\TelevisionFanatic\bar\1.bin\64sknlcr.dll

c:\program files (x86)\TelevisionFanatic\bar\1.bin\64skplay.exe

c:\program files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll

c:\program files (x86)\TelevisionFanatic\bar\1.bin\64SrchMn.exe

c:\program files (x86)\TelevisionFanatic\bar\1.bin\64tpinst.dll

c:\program files (x86)\TelevisionFanatic\bar\1.bin\64uabtn.dll

c:\program files (x86)\TelevisionFanatic\bar\1.bin\BOOTSTRAP.JS

c:\program files (x86)\TelevisionFanatic\bar\1.bin\CHROME.MANIFEST

c:\program files (x86)\TelevisionFanatic\bar\1.bin\chrome\64ffxtbr.jar

c:\program files (x86)\TelevisionFanatic\bar\1.bin\CREXT.DLL

c:\program files (x86)\TelevisionFanatic\bar\1.bin\CrExtP64.exe

c:\program files (x86)\TelevisionFanatic\bar\1.bin\INSTALL.RDF

c:\program files (x86)\TelevisionFanatic\bar\1.bin\installKeys.js

c:\program files (x86)\TelevisionFanatic\bar\1.bin\LOGO.BMP

c:\program files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll

c:\program files (x86)\TelevisionFanatic\bar\1.bin\T8EXTEX.DLL

c:\program files (x86)\TelevisionFanatic\bar\1.bin\T8EXTPEX.DLL

c:\program files (x86)\TelevisionFanatic\bar\1.bin\T8HTML.DLL

c:\program files (x86)\TelevisionFanatic\bar\1.bin\T8RES.DLL

c:\program files (x86)\TelevisionFanatic\bar\1.bin\T8TICKER.DLL

c:\program files (x86)\TelevisionFanatic\bar\gen1\COMMON.T8S

c:\program files (x86)\TelevisionFanatic\bar\IE9Mesg\COMMON.T8S

c:\program files (x86)\TelevisionFanatic\bar\Message\COMMON.T8S

c:\program files (x86)\TelevisionFanatic\bar\Settings\s_pid.dat

c:\users\majdi ameni elvira\AppData\Roaming\Mozilla\Firefox\Profiles\bo9166oc.default\extensions\64ffxtbr@TelevisionFanatic.com

c:\users\majdi ameni elvira\AppData\Roaming\Mozilla\Firefox\Profiles\bo9166oc.default\extensions\64ffxtbr@TelevisionFanatic.com\bootstrap.js

c:\users\majdi ameni elvira\AppData\Roaming\Mozilla\Firefox\Profiles\bo9166oc.default\extensions\64ffxtbr@TelevisionFanatic.com\chrome.manifest

c:\users\majdi ameni elvira\AppData\Roaming\Mozilla\Firefox\Profiles\bo9166oc.default\extensions\64ffxtbr@TelevisionFanatic.com\chrome\64ffxtbr.jar

c:\users\majdi ameni elvira\AppData\Roaming\Mozilla\Firefox\Profiles\bo9166oc.default\extensions\64ffxtbr@TelevisionFanatic.com\install.rdf

c:\users\majdi ameni elvira\AppData\Roaming\Mozilla\Firefox\Profiles\bo9166oc.default\extensions\64ffxtbr@TelevisionFanatic.com\META-INF\manifest.mf

c:\users\majdi ameni elvira\AppData\Roaming\Mozilla\Firefox\Profiles\bo9166oc.default\extensions\64ffxtbr@TelevisionFanatic.com\META-INF\zigbert.rsa

c:\users\majdi ameni elvira\AppData\Roaming\Mozilla\Firefox\Profiles\bo9166oc.default\extensions\64ffxtbr@TelevisionFanatic.com\META-INF\zigbert.sf

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_TelevisionFanaticService

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-02-18 bis 2013-03-18  ))))))))))))))))))))))))))))))

.

.

2013-03-18 12:37 . 2013-02-08 00:28        9162192        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{1D121B92-1E23-4179-9CF9-EA7FE4CDF6FD}\mpengine.dll

2013-03-13 14:34 . 2013-02-02 07:31        17815040        ----a-w-        c:\windows\system32\mshtml.dll

2013-03-13 14:34 . 2013-02-02 06:58        10925568        ----a-w-        c:\windows\system32\ieframe.dll

2013-03-12 23:28 . 2013-03-12 23:28        --------        d-----w-        c:\users\majdi ameni elvira\AppData\Roaming\Malwarebytes

2013-03-12 23:28 . 2013-03-12 23:28        --------        d-----w-        c:\programdata\Malwarebytes

2013-03-12 23:28 . 2013-03-12 23:28        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2013-03-12 23:28 . 2012-12-14 15:49        24176        ----a-w-        c:\windows\system32\drivers\mbam.sys

2013-03-12 23:28 . 2013-03-12 23:28        --------        d-----w-        c:\users\majdi ameni elvira\AppData\Local\Programs

2013-03-12 22:51 . 2013-03-12 23:30        --------        d--h--w-        c:\users\majdi ameni elvira\AppData\Roaming\3EE0BCD6

2013-03-12 22:50 . 2013-03-12 23:34        --------        d-----w-        c:\users\majdi ameni elvira\Sbblisr

2013-03-12 11:35 . 2013-03-12 11:35        --------        d-----w-        c:\program files (x86)\MSXML 4.0

2013-03-12 11:32 . 2013-03-12 11:32        --------        d-----w-        c:\users\majdi ameni elvira\AppData\Roaming\U3

2013-03-11 14:02 . 2013-03-11 14:02        --------        d-----w-        c:\program files (x86)\AskTBar

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-03-13 14:36 . 2012-09-30 09:34        72013344        ----a-w-        c:\windows\system32\MRT.exe

2013-03-13 13:38 . 2012-10-04 04:24        73432        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-13 13:38 . 2012-10-04 04:24        693976        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2013-01-17 00:28 . 2012-09-28 06:06        273840        ------w-        c:\windows\system32\MpSigStub.exe

2013-01-05 05:57 . 2013-02-13 12:53        5500776        ----a-w-        c:\windows\system32\ntoskrnl.exe

2013-01-05 05:02 . 2013-02-13 12:53        3957608        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe

2013-01-05 05:02 . 2013-02-13 12:53        3902312        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe

2013-01-04 05:41 . 2013-02-13 12:53        1893224        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2013-01-04 05:40 . 2013-02-13 12:53        287576        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS

2013-01-04 05:37 . 2013-02-13 12:53        362496        ----a-w-        c:\windows\system32\wow64win.dll

2013-01-04 05:37 . 2013-02-13 12:53        243200        ----a-w-        c:\windows\system32\wow64.dll

2013-01-04 05:37 . 2013-02-13 12:53        13312        ----a-w-        c:\windows\system32\wow64cpu.dll

2013-01-04 05:36 . 2013-02-13 12:53        215040        ----a-w-        c:\windows\system32\winsrv.dll

2013-01-04 05:33 . 2013-02-13 12:53        16384        ----a-w-        c:\windows\system32\ntvdm64.dll

2013-01-04 05:30 . 2013-02-13 12:53        424960        ----a-w-        c:\windows\system32\KernelBase.dll

2013-01-04 05:30 . 2013-02-13 12:53        1161216        ----a-w-        c:\windows\system32\kernel32.dll

2013-01-04 05:27 . 2013-02-13 12:53        6144        ---ha-w-        c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2013-01-04 05:27 . 2013-02-13 12:53        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2013-01-04 05:27 . 2013-02-13 12:53        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2013-01-04 05:27 . 2013-02-13 12:53        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2013-01-04 05:27 . 2013-02-13 12:53        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-01-04 05:27 . 2013-02-13 12:53        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2013-01-04 05:27 . 2013-02-13 12:53        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-01-04 05:27 . 2013-02-13 12:53        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2013-01-04 05:27 . 2013-02-13 12:53        4608        ---ha-w-        c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2013-01-04 05:27 . 2013-02-13 12:53        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-01-04 05:27 . 2013-02-13 12:53        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2013-01-04 05:26 . 2013-02-13 12:53        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2013-01-04 05:26 . 2013-02-13 12:53        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2013-01-04 05:26 . 2013-02-13 12:53        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2013-01-04 05:26 . 2013-02-13 12:53        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2013-01-04 05:26 . 2013-02-13 12:53        5120        ---ha-w-        c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2013-01-04 05:26 . 2013-02-13 12:53        4096        ---ha-w-        c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2013-01-04 05:26 . 2013-02-13 12:53        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-01-04 05:26 . 2013-02-13 12:53        3584        ---ha-w-        c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2013-01-04 05:26 . 2013-02-13 12:53        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2013-01-04 05:26 . 2013-02-13 12:53        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2013-01-04 05:26 . 2013-02-13 12:53        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2013-01-04 05:26 . 2013-02-13 12:53        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2013-01-04 05:26 . 2013-02-13 12:53        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2013-01-04 05:26 . 2013-02-13 12:53        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2013-01-04 05:26 . 2013-02-13 12:53        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2013-01-04 05:26 . 2013-02-13 12:53        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2013-01-04 05:26 . 2013-02-13 12:53        3072        ---ha-w-        c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2013-01-04 04:51 . 2013-02-13 12:53        5120        ----a-w-        c:\windows\SysWow64\wow32.dll

2013-01-04 04:51 . 2013-02-13 12:53        274944        ----a-w-        c:\windows\SysWow64\KernelBase.dll

2013-01-04 04:43 . 2013-02-13 12:53        4608        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2013-01-04 04:43 . 2013-02-13 12:53        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2013-01-04 04:43 . 2013-02-13 12:53        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2013-01-04 04:43 . 2013-02-13 12:53        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2013-01-04 04:43 . 2013-02-13 12:53        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

2013-01-04 04:43 . 2013-02-13 12:53        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

2013-01-04 04:43 . 2013-02-13 12:53        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-01-04 04:43 . 2013-02-13 12:53        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

2013-01-04 04:43 . 2013-02-13 12:53        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2013-01-04 04:43 . 2013-02-13 12:53        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2013-01-04 04:43 . 2013-02-13 12:53        4096        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

2013-01-04 04:43 . 2013-02-13 12:53        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

2013-01-04 04:43 . 2013-02-13 12:53        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

2013-01-04 04:43 . 2013-02-13 12:53        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

2013-01-04 04:43 . 2013-02-13 12:53        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

2013-01-04 04:43 . 2013-02-13 12:53        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

2013-01-04 04:43 . 2013-02-13 12:53        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

2013-01-04 04:43 . 2013-02-13 12:53        5120        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

2013-01-04 04:43 . 2013-02-13 12:53        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

2013-01-04 04:43 . 2013-02-13 12:53        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

2013-01-04 04:43 . 2013-02-13 12:53        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

2013-01-04 04:43 . 2013-02-13 12:53        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

2013-01-04 04:43 . 2013-02-13 12:53        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

2013-01-04 04:43 . 2013-02-13 12:53        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

2013-01-04 04:43 . 2013-02-13 12:53        44032        ----a-w-        c:\windows\apppatch\acwow64.dll

2013-01-04 03:22 . 2013-02-13 12:53        3150848        ----a-w-        c:\windows\system32\win32k.sys

2013-01-04 03:19 . 2013-02-13 12:53        338432        ----a-w-        c:\windows\system32\conhost.exe

2013-01-04 02:48 . 2013-02-13 12:53        25600        ----a-w-        c:\windows\SysWow64\setup16.exe

2013-01-04 02:48 . 2013-02-13 12:53        7680        ----a-w-        c:\windows\SysWow64\instnm.exe

2013-01-04 02:48 . 2013-02-13 12:53        14336        ----a-w-        c:\windows\SysWow64\ntvdm64.dll

2013-01-04 02:48 . 2013-02-13 12:53        2048        ----a-w-        c:\windows\SysWow64\user.exe

2013-01-04 02:43 . 2013-02-13 12:53        3584        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2013-01-04 02:43 . 2013-02-13 12:53        6144        ---ha-w-        c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2013-01-04 02:43 . 2013-02-13 12:53        4608        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2013-01-04 02:43 . 2013-02-13 12:53        3072        ---ha-w-        c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files (x86)\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2013-03-11 57344]

.

[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-02-22 26104104]

"Facebook Update"="c:\users\majdi ameni elvira\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-30 138096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]

"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-05-29 115032]

"Sweetpacks Communicator"="c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Reader - Schnellstart.lnk - c:\program files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 11392]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

Inhalt des "geplante Tasks" Ordners

.

2013-03-18 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-04 13:38]

.

2013-03-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3828282979-3244811858-1549132693-1000Core.job

- c:\users\majdi ameni elvira\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-30 05:51]

.

2013-03-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3828282979-3244811858-1549132693-1000UA.job

- c:\users\majdi ameni elvira\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-30 05:51]

.

2013-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-13 22:40]

.

2013-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-13 22:40]

.

2013-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3828282979-3244811858-1549132693-1000Core.job

- c:\users\majdi ameni elvira\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-30 05:45]

.

2013-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3828282979-3244811858-1549132693-1000UA.job

- c:\users\majdi ameni elvira\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-30 05:45]

.

.

--------- X64 Entries -----------

.

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^XP^xdm284^YY^de&ptb=9793F69C-12AB-4040-8A21-21C370963563&si=CMWkj4Ce_LQCFUmN3godwloAZQ

mStart Page = hxxp://home.sweetim.com/?st=6&barid={258AC3B4-38E1-11E2-8D52-802D4622B6AB}

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\majdi ameni elvira\AppData\Roaming\Mozilla\Firefox\Profiles\bo9166oc.default\

FF - prefs.js: browser.search.defaulturl - 

FF - prefs.js: browser.search.selectedEngine - My Web Search

FF - prefs.js: browser.startup.homepage - hxxp://home.mywebsearch.com/index.jhtml?ptb=9793F69C-12AB-4040-8A21-21C370963563&n=77fc20f8&p2=^XP^xdm284^YY^de&si=CMWkj4Ce_LQCFUmN3godwloAZQ

FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=9793F69C-12AB-4040-8A21-21C370963563&n=77fc20f8&ind=2013012216&p2=^XP^xdm284^YY^de&si=CMWkj4Ce_LQCFUmN3godwloAZQ&searchfor=

FF - ExtSQL: 2013-01-22 16:05; 64ffxtbr@TelevisionFanatic.com; c:\users\majdi ameni elvira\AppData\Roaming\Mozilla\Firefox\Profiles\bo9166oc.default\extensions\64ffxtbr@TelevisionFanatic.com

FF - ExtSQL: !HIDDEN! 2013-01-22 16:05; 64ffxtbr@TelevisionFanatic.com; c:\program files (x86)\TelevisionFanatic\bar\1.bin

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=1839a315000000000000062737ac3dfd&q=

FF - user.js: extensions.BabylonToolbar.id - 1839a315000000000000062737ac3dfd

FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}

FF - user.js: extensions.BabylonToolbar.instlDay - 15667

FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8

FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.822:01

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - irhnew

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQQWpXjtr&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - 1839a315000000000000062737ac3dfd

FF - user.js: extensions.incredibar_i.instlDay - 15671

FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.141:15

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef - 

FF - user.js: extensions.incredibar_i.dfltLng - 

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id - 

FF - user.js: extensions.incredibar_i.upn2 - 6PQQWpXjtr

FF - user.js: extensions.incredibar_i.upn2n - 92543995753433061

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10643

FF - user.js: extensions.incredibar_i.ppd - 6666660837

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

BHO-{5d79f641-c168-40df-a32f-bacea7509e75} - c:\program files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll

BHO-{cb41fc95-f1b3-4797-8bb6-1012ff62abba} - c:\progra~2\TELEVI~2\bar\1.bin\64bar.dll

Toolbar-{c98d5b61-b0ea-4d48-9839-1079d352d880} - c:\program files (x86)\TelevisionFanatic\bar\1.bin\64bar.dll

Wow6432Node-HKLM-Run-TelevisionFanatic Search Scope Monitor - c:\progra~2\TELEVI~2\bar\1.bin\64srchmn.exe

Wow6432Node-HKLM-Run-TelevisionFanatic Browser Plugin Loader - c:\progra~2\TELEVI~2\bar\1.bin\64brmon.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2013-03-18  19:29:49 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2013-03-18 18:29

.

Vor Suchlauf: 6 Verzeichnis(se), 60.571.811.840 Bytes frei

Nach Suchlauf: 9 Verzeichnis(se), 61.995.118.592 Bytes frei

.

- - End Of File - - 32D4FDAFFDCFE9993069CC27B29BF320

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.7.2 (03.15.2013:1)

OS: Windows 7 Ultimate x64

Ran by majdi ameni elvira on 19.03.2013 at 23:21:52,82

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\sweetim

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\sweetpacks communicator

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{c98d5b61-b0ea-4d48-9839-1079d352d880} 

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_users\S-1-5-21-3828282979-3244811858-1549132693-1000\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\S-1-5-21-3828282979-3244811858-1549132693-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope
 
 
 

~~~ Registry Keys
 

Successfully deleted: [Registry Key] hkey_local_machine\software\babylon

Failed to delete: [Registry Key] hkey_local_machine\software\datamngr

Failed to delete: [Registry Key] hkey_current_user\software\datamngr_toolbar

Successfully deleted: [Registry Key] hkey_local_machine\software\ib updater

Successfully deleted: [Registry Key] hkey_current_user\software\im

Successfully deleted: [Registry Key] hkey_current_user\software\iminstaller

Successfully deleted: [Registry Key] hkey_current_user\software\sweetim

Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim

Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mediaplayer.graphicsutils

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mediaplayer.graphicsutils.1

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mgmediaplayer.gifanimator

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mgmediaplayer.gifanimator.1

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\sim-packages

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\bundlesweetimsetup_rasapi32

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\bundlesweetimsetup_rasmancs

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\giant savings-internalinstaller_rasapi32

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\giant savings-internalinstaller_rasmancs

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\giant savings_rasapi32

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\giant savings_rasmancs

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibar_installer_rasapi32

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibar_installer_rasmancs

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibartoolbar_rasapi32

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibartoolbar_rasmancs

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetim_rasapi32

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetim_rasmancs

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetpacksupdatemanager_rasapi32

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetpacksupdatemanager_rasmancs

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\app paths\sweetim.exe

Failed to delete: [Registry Key] hkey_local_machine\software\wow6432node\datamngr

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{0696f815-a3a9-490a-bb14-9ec3350b1276}

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{147a976f-eee1-4377-8ea7-4716e4cdd239}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{5d79f641-c168-40df-a32f-bacea7509e75}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{5d79f641-c168-40df-a32f-bacea7509e75}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{9afb8248-617f-460d-9366-d71cdeda3179}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{c98d5b61-b0ea-4d48-9839-1079d352d880}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{cb41fc95-f1b3-4797-8bb6-1012ff62abba}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{cb41fc95-f1b3-4797-8bb6-1012ff62abba}

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{cff4db9b-135f-47c0-9269-b4c6572fd61a}

Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{eee6c360-6118-11dc-9c72-001320c79847}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{eee6c360-6118-11dc-9c72-001320c79847}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{fe063db1-4ec0-403e-8dd8-394c54984b2c} 

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{fe063db1-4ec0-403e-8dd8-394c54984b2c} 
 
 
 

~~~ Files
 
 
 

~~~ Folders
 

Successfully deleted: [Folder] "C:\ProgramData\babylon"

Successfully deleted: [Folder] "C:\ProgramData\sweetim"

Successfully deleted: [Folder] "C:\ProgramData\tarma installer"

Successfully deleted: [Folder] "C:\Users\majdi ameni elvira\AppData\Roaming\babylon"

Successfully deleted: [Folder] "C:\Users\majdi ameni elvira\AppData\Roaming\goforfiles"

Successfully deleted: [Folder] "C:\Users\majdi ameni elvira\AppData\Roaming\opencandy"

Successfully deleted: [Folder] "C:\Users\majdi ameni elvira\appdata\local\televisionfanatic"

Successfully deleted: [Folder] "C:\Users\majdi ameni elvira\appdata\locallow\babylontoolbar"

Successfully deleted: [Folder] "C:\Users\majdi ameni elvira\appdata\locallow\televisionfanatic"

Successfully deleted: [Folder] "C:\Program Files (x86)\goforfiles"

Successfully deleted: [Folder] "C:\Program Files (x86)\optimizer pro"

Successfully deleted: [Folder] "C:\Program Files (x86)\perion"

Successfully deleted: [Folder] "C:\Program Files (x86)\sweetim"
 
 
 

~~~ FireFox
 

Successfully deleted: [File] C:\user.js

Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"

Successfully deleted: [File] C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\firefox\profiles\bo9166oc.default\user.js

Successfully deleted: [File] C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\firefox\profiles\bo9166oc.default\extensions\{eee6c361-6118-11dc-9c72-001320c79847}.xpi

Successfully deleted: [File] C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\firefox\profiles\bo9166oc.default\searchplugins\mngr.xml

Successfully deleted: [File] C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\firefox\profiles\bo9166oc.default\searchplugins\my-web-search.xml

Successfully deleted: [File] C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\firefox\profiles\bo9166oc.default\searchplugins\mystart search.xml

Successfully deleted: [File] C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\firefox\profiles\bo9166oc.default\searchplugins\sweetim.xml

Successfully deleted: [Folder] C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\firefox\profiles\bo9166oc.default\extensions\ffxtlbr@incredibar.com

Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\64ffxtbr@televisionfanatic.com

Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\{336d0c35-8a85-403a-b9d2-65c292c39087}

Successfully deleted the following from C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\firefox\profiles\bo9166oc.default\prefs.js
 

user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=110824&tt=4712_1&babsrc=HP_ss_cr&mntrId=1839a315000000000000062737ac3dfd");

user_pref("avg.install.userSPSettings", "Search the web (Babylon)");

user_pref("browser.newtab.url", "hxxp://home.sweetim.com/?src=97&barid={258AC3B4-38E1-11E2-8D52-802D4622B6AB}");

user_pref("browser.search.defaultenginename", "My Web Search");

user_pref("browser.search.selectedEngine", "My Web Search");

user_pref("browser.startup.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=9793F69C-12AB-4040-8A21-21C370963563&n=77fc20f8&p2=^XP^xdm284^YY^de&si=CMWkj4Ce_LQCFUmN3godw

user_pref("extensions.BabylonToolbar.admin", false);

user_pref("extensions.BabylonToolbar.aflt", "babsst");

user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");

user_pref("extensions.BabylonToolbar.dfltLng", "en");

user_pref("extensions.BabylonToolbar.excTlbr", false);

user_pref("extensions.BabylonToolbar.id", "1839a315000000000000062737ac3dfd");

user_pref("extensions.BabylonToolbar.instlDay", "15667");

user_pref("extensions.BabylonToolbar.instlRef", "sst");

user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

user_pref("extensions.BabylonToolbar.tlbrId", "irhnew");

user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=1839a315000000000000062737ac3dfd&q=");

user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");

user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");

user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.822:01:50");

user_pref("extensions.crossrider.bic", "13b2f136ebd157307c2c9e06c780d584");

user_pref("extensions.incredibar.actvtyRptTime", "1363178958927");

user_pref("extensions.incredibar.admin", false);

user_pref("extensions.incredibar.aflt", "orgnl");

user_pref("extensions.incredibar.afterInstallRpt", "sent");

user_pref("extensions.incredibar.cntry", "DE");

user_pref("extensions.incredibar.dfltLng", "EN");

user_pref("extensions.incredibar.dfltSrch", false);

user_pref("extensions.incredibar.dfltlng", "en");

user_pref("extensions.incredibar.dfltsrch", "false");

user_pref("extensions.incredibar.did", "10643");

user_pref("extensions.incredibar.envrmnt", "production");

user_pref("extensions.incredibar.excTlbr", false);

user_pref("extensions.incredibar.hdrMd5", "D25AD09ED0BB33979A04FA38701C4EB0");

user_pref("extensions.incredibar.hmpg", false);

user_pref("extensions.incredibar.hrdid", "1839a315000000000000062737ac3dfd");

user_pref("extensions.incredibar.id", "1839a315000000000000062737ac3dfd");

user_pref("extensions.incredibar.installerproductid", "26");

user_pref("extensions.incredibar.instlDay", "15671");

user_pref("extensions.incredibar.instlRef", "");

user_pref("extensions.incredibar.instlday", "15671");

user_pref("extensions.incredibar.instlref", "");

user_pref("extensions.incredibar.isDcmntCmplt", false);

user_pref("extensions.incredibar.isdcmntcmplt", "false");

user_pref("extensions.incredibar.keywordurl", "");

user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.141:15:19");

user_pref("extensions.incredibar.mntrvrsn", "1.2.0");

user_pref("extensions.incredibar.newTab", false);

user_pref("extensions.incredibar.newtab", "false");

user_pref("extensions.incredibar.newtaburl", "");

user_pref("extensions.incredibar.noFFXTlbr", false);

user_pref("extensions.incredibar.ppd", "6666660837");

user_pref("extensions.incredibar.prdct", "incredibar");

user_pref("extensions.incredibar.productid", "26");

user_pref("extensions.incredibar.prtnrId", "Incredibar");

user_pref("extensions.incredibar.prtnrid", "Incredibar");

user_pref("extensions.incredibar.sg", "none");

user_pref("extensions.incredibar.smplGrp", "none");

user_pref("extensions.incredibar.smplgrp", "none");

user_pref("extensions.incredibar.srch", "");

user_pref("extensions.incredibar.srchprvdr", "");

user_pref("extensions.incredibar.tlbrId", "base");

user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQQWpXjtr&loc=IB_TB&i=26&search=");

user_pref("extensions.incredibar.tlbrid", "base");

user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6PQQWpXjtr&loc=IB_TB&i=26&search=");

user_pref("extensions.incredibar.upn2", "6PQQWpXjtr");

user_pref("extensions.incredibar.upn2n", "92543995753433061");

user_pref("extensions.incredibar.vrsn", "1.5.11.14");

user_pref("extensions.incredibar.vrsnTs", "1.5.11.141:15:19");

user_pref("extensions.incredibar.vrsni", "1.5.11.14");

user_pref("extensions.incredibar.vrsnts", "1.5.11.141:15:19");

user_pref("extensions.incredibar_i.aflt", "orgnl");

user_pref("extensions.incredibar_i.dfltLng", "");

user_pref("extensions.incredibar_i.did", "10643");

user_pref("extensions.incredibar_i.excTlbr", false);

user_pref("extensions.incredibar_i.id", "1839a315000000000000062737ac3dfd");

user_pref("extensions.incredibar_i.installerproductid", "26");

user_pref("extensions.incredibar_i.instlDay", "15671");

user_pref("extensions.incredibar_i.instlRef", "");

user_pref("extensions.incredibar_i.ms_url_id", "");

user_pref("extensions.incredibar_i.newTab", false);

user_pref("extensions.incredibar_i.ppd", "6666660837");

user_pref("extensions.incredibar_i.prdct", "incredibar");

user_pref("extensions.incredibar_i.productid", "26");

user_pref("extensions.incredibar_i.prtnrId", "Incredibar");

user_pref("extensions.incredibar_i.smplGrp", "none");

user_pref("extensions.incredibar_i.tlbrId", "base");

user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQQWpXjtr&loc=IB_TB&i=26&search=");

user_pref("extensions.incredibar_i.upn2", "6PQQWpXjtr");

user_pref("extensions.incredibar_i.upn2n", "92543995753433061");

user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");

user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.141:15:19");

user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");

user_pref("extensions.kango.storage.minibar.config", "{\"name\":\"Layouts Express\",\"description\":\"Change facebook to look just the way you want it, with hundreds of unique

user_pref("extensions.mywebsearch.prevDefaultEngine", "Search the web (Babylon)");

user_pref("extensions.mywebsearch.prevKwdEnabled", true);

user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.sweetim.com/search.asp?barid={258AC3B4-38E1-11E2-8D52-802D4622B6AB}&src=2&crg=3.1010000.10007&q=");

user_pref("extensions.mywebsearch.prevSelectedEngine", "Search the web (Babylon)");

user_pref("extensions.toolbar.mindspark._64Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=9793F69C-12AB-4040-8A21-21C370963563&n=77fc20f8&p2=^XP^xdm284^YY^de

user_pref("extensions.toolbar.mindspark._64Members_.hp.enabled", true);

user_pref("extensions.toolbar.mindspark._64Members_.initialized", true);

user_pref("extensions.toolbar.mindspark._64Members_.installation.contextKey", "");

user_pref("extensions.toolbar.mindspark._64Members_.installation.installDate", "2013012216");

user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerId", "^XP^xdm284^YY^de");

user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerSubId", "CMWkj4Ce_LQCFUmN3godwloAZQ");

user_pref("extensions.toolbar.mindspark._64Members_.installation.success", true);

user_pref("extensions.toolbar.mindspark._64Members_.installation.toolbarId", "9793F69C-12AB-4040-8A21-21C370963563");

user_pref("extensions.toolbar.mindspark._64Members_.lastActivePing", "1363610046353");

user_pref("extensions.toolbar.mindspark._64Members_.options.defaultSearch", true);

user_pref("extensions.toolbar.mindspark._64Members_.options.homePageEnabled", true);

user_pref("extensions.toolbar.mindspark._64Members_.options.keywordEnabled", true);

user_pref("extensions.toolbar.mindspark._64Members_.options.tabEnabled", true);

user_pref("extensions.toolbar.mindspark._64Members_.searchHistory", "facebook.com");

user_pref("extensions.toolbar.mindspark._64Members_.weather.location", "10001");

user_pref("extensions.toolbar.mindspark.hp.enabled", true);

user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "televisionfanatic@mindspark.com");

user_pref("extensions.toolbar.mindspark.lastInstalled", "televisionfanatic@mindspark.com");

user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=9793F69C-12AB-4040-8A21-21C370963563&n=77fc20f8&ind=2013012216&p2=^XP^xdm284^YY^de&

user_pref("sweetim.toolbar.RevertDialog.enable", "false");

user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");

user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");

user_pref("sweetim.toolbar.Visibility.enable", "true");

user_pref("sweetim.toolbar.Visibility.intervaldays", "7");

user_pref("sweetim.toolbar.cargo", "3.1010000.10007");

user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");

user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");

user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");

user_pref("sweetim.toolbar.cda.returnValue", "none");

user_pref("sweetim.toolbar.dialogs.0.enable", "true");

user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");

user_pref("sweetim.toolbar.dialogs.0.height", "335");

user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");

user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");

user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;");

user_pref("sweetim.toolbar.dialogs.0.width", "761");

user_pref("sweetim.toolbar.dialogs.1.enable", "true");

user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");

user_pref("sweetim.toolbar.dialogs.1.height", "300");

user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");

user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");

user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");

user_pref("sweetim.toolbar.dialogs.1.width", "500");

user_pref("sweetim.toolbar.dialogs.2.enable", "true");

user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");

user_pref("sweetim.toolbar.dialogs.2.height", "150");

user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");

user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");

user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");

user_pref("sweetim.toolbar.dialogs.2.width", "530");

user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube

user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");

user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");

user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");

user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");

user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");

user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");

user_pref("sweetim.toolbar.mode.debug", "false");

user_pref("sweetim.toolbar.newtab.created", "true");

user_pref("sweetim.toolbar.newtab.enable", "true");

user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Search the web (Babylon)");

user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Search the web (Babylon)");

user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://search.babylon.com/?affID=110824&tt=4712_1&babsrc=HP_ss_cr&mntrId=1839a315000000000000062737ac3dfd");

user_pref("sweetim.toolbar.previous.keyword.URL", "");

user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;");

user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");

user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");

user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");

user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");

user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");

user_pref("sweetim.toolbar.scripts.0.enable", "false");

user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");

user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");

user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");

user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");

user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");

user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");

user_pref("sweetim.toolbar.scripts.1.enable", "false");

user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");

user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");

user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");

user_pref("sweetim.toolbar.scripts.2.callback", "");

user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");

user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");

user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");

user_pref("sweetim.toolbar.scripts.2.enable", "false");

user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");

user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");

user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://sear

user_pref("sweetim.toolbar.search.history.capacity", "10");

user_pref("sweetim.toolbar.searchguard.enable", "false");

user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");

user_pref("sweetim.toolbar.simapp_id", "{258AC3B4-38E1-11E2-8D52-802D4622B6AB}");

user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?st=6&barid={258AC3B4-38E1-11E2-8D52-802D4622B6AB}");

user_pref("sweetim.toolbar.version", "1.9.0.0");

user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocatio

user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer", "hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=hxxp://nonexistent.yontoo.com/|

user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer", "hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=hxxp://nonexistent.yontoo.c

user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.sweetim.com\":\"q\",\"search.imesh.net\":\"q\",\"www.searc

Emptied folder: C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\firefox\profiles\bo9166oc.default\minidumps [168 files]
 
 
 

~~~ Chrome
 

Successfully deleted: [Folder] C:\Users\majdi ameni elvira\appdata\local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn

Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\jcdgjdiieiljkfkdcloehkohchhpekkn

Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\pgafcinpmmpklohkojmllohdhomoefph
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 19.03.2013 at 23:30:36,29

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code:

# AdwCleaner v2.115 - Logfile created 03/20/2013 at 00:14:17

# Updated 17/03/2013 by Xplode

# Operating system : Windows 7 Ultimate  (64 bits)

# User : majdi ameni elvira - MAJDIAMENIELVIR

# Boot Mode : Normal

# Running from : C:\Users\majdi ameni elvira\Downloads\adwcleaner.exe

# Option [Delete]
 
 

***** [Services] *****
 
 

***** [Files / Folders] *****
 

Folder Deleted : C:\Program Files (x86)\AskTBar

Folder Deleted : C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg

Folder Deleted : C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj

Folder Deleted : C:\Users\majdi ameni elvira\AppData\Roaming\Mozilla\Firefox\Profiles\bo9166oc.default\SweetPacksToolbarData

Folder Deleted : C:\Windows\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
 

***** [Registry] *****
 

Key Deleted : HKCU\Software\DataMngr_Toolbar

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}

Key Deleted : HKCU\Software\5aeddd0e53fed44

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\Software\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D

Key Deleted : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B

Key Deleted : HKLM\Software\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D

Key Deleted : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{04D2B915-19FF-41E9-994D-95DC898BEA43}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F02C0832-C85C-4B93-8C6F-9DF20121A10D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\5aeddd0e53fed44

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{04D2B915-19FF-41E9-994D-95DC898BEA43}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{13119113-0854-469D-807A-171568457991}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33119133-0854-469D-807A-171568457991}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9CB65206-89C4-402C-BA80-02D8C59F9B1D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F02C0832-C85C-4B93-8C6F-9DF20121A10D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23119123-0854-469D-807A-171568457991}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{9CB65206-89C4-402C-BA80-02D8C59F9B1D}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{FE063DB9-4EC0-403E-8DD8-394C54984B2C}]
 

***** [Internet Browsers] *****
 

-\\ Internet Explorer v9.0.8112.16470
 

[OK] Registry is clean.
 

-\\ Mozilla Firefox v19.0.2 (fr)
 

File : C:\Users\majdi ameni elvira\AppData\Roaming\Mozilla\Firefox\Profiles\bo9166oc.default\prefs.js
 

Deleted : user_pref("extensions.kango.storage.minibar.config", "{\"name\":\"Layouts Express\",\"description\":[...]

Deleted : user_pref("extensions.kango.storage.ui.button.iconCache", "\"data:image/png;base64,iVBORw0KGgoAAAANS[...]

Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");

Deleted : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");

Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]

Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]
 

-\\ Google Chrome v25.0.1364.172
 

File : C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Preferences
 

Deleted [l.38] : keyword = "search.sweetim.com",

Deleted [l.41] : search_url = "hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&st=6&barid={258AC3B4[...]

Deleted [l.1920] : homepage = "hxxp://home.sweetim.com/?st=6&barid={258AC3B4-38E1-11E2-8D52-802D4622B6AB}",

Deleted [l.2240] : urls_to_restore_on_startup = [ "hxxp://home.sweetim.com/?st=6&barid={258AC3B4-38E1-11E2-8D52-[...]
 

*************************
 

AdwCleaner[S1].txt - [6782 octets] - [20/03/2013 00:14:17]
 

########## EOF - C:\AdwCleaner[S1].txt - [6842 octets] ##########

Code:

OTL logfile created on: 20.03.2013 00:20:12 - Run 3

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\majdi ameni elvira\Downloads

64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

 

3,98 Gb Total Physical Memory | 2,81 Gb Available Physical Memory | 70,68% Memory free

7,96 Gb Paging File | 6,88 Gb Available in Paging File | 86,35% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 97,56 Gb Total Space | 56,89 Gb Free Space | 58,32% Space Free | Partition Type: NTFS

Drive D: | 368,10 Gb Total Space | 368,00 Gb Free Space | 99,97% Space Free | Partition Type: NTFS

 

Computer Name: MAJDIAMENIELVIR | User Name: majdi ameni elvira | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\majdi ameni elvira\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKU\.DEFAULT\..\SearchScopes,defaultscope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKU\S-1-5-18\..\SearchScopes,defaultscope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKU\S-1-5-19\..\SearchScopes,defaultscope = 

 

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKU\S-1-5-20\..\SearchScopes,defaultscope = 

 

IE - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

IE - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 BB A3 4F 92 BA CD 01  [binary data]

IE - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaulturl: ""

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@TelevisionFanatic.com/Plugin: C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\majdi ameni elvira\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\majdi ameni elvira\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\majdi ameni elvira\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

 

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 16:02:30 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 16:02:30 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2012.10.04 04:58:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\Extensions

[2013.03.19 23:30:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\Firefox\Profiles\bo9166oc.default\extensions

[2012.10.21 12:46:43 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Users\majdi ameni elvira\AppData\Roaming\mozilla\Firefox\Profiles\bo9166oc.default\extensions\mail@gutscheinrausch.de

[2013.03.08 16:02:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2013.03.08 16:02:30 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2013.01.22 17:52:09 | 000,001,609 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-france.xml

[2012.09.06 02:54:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.12.05 23:23:43 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml

[2013.02.19 21:24:29 | 000,001,472 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-france.xml

[2013.01.22 17:52:09 | 000,001,399 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fr.xml

[2012.12.05 23:23:43 | 000,001,169 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-france.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: SweetIM Search (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = 

CHR - homepage: hxxp://www.google.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll

CHR - plugin: Google Update (Enabled) = C:\Users\majdi ameni elvira\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - Extension: YouTube = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\

CHR - Extension: Google-Suche = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\

CHR - Extension: IncrediBar for Chrome = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\niogeckbkdcabhnapjbkeiklablhjoca\1.0.5_0\

CHR - Extension: Google Mail = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

CHR - Extension: YouTube = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\

CHR - Extension: Google-Suche = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\

CHR - Extension: IncrediBar for Chrome = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\niogeckbkdcabhnapjbkeiklablhjoca\1.0.5_0\

CHR - Extension: Google Mail = C:\Users\majdi ameni elvira\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

 

O1 HOSTS File: ([2013.03.18 19:25:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)

O4 - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000..\Run: [Facebook Update] C:\Users\majdi ameni elvira\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-3828282979-3244811858-1549132693-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E1F1FCF9-F9FF-4066-90F7-CD9D1F1AD570}: DhcpNameServer = 192.168.1.1

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.03.19 23:21:50 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013.03.19 23:21:42 | 000,000,000 | ---D | C] -- C:\JRT

[2013.03.18 19:29:51 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013.03.18 19:25:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013.03.18 19:17:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013.03.18 19:17:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013.03.18 19:17:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013.03.18 19:17:33 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013.03.18 19:17:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013.03.16 17:18:28 | 000,000,000 | ---D | C] -- C:\Users\majdi ameni elvira\Desktop\mbar

[2013.03.13 15:35:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013.03.13 15:35:06 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2013.03.13 15:35:06 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2013.03.13 15:35:05 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2013.03.13 15:35:05 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2013.03.13 15:35:05 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013.03.13 15:35:05 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2013.03.13 15:35:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2013.03.13 15:35:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2013.03.13 15:35:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2013.03.13 15:35:04 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013.03.13 15:35:04 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013.03.13 15:35:02 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013.03.13 15:35:02 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013.03.13 15:35:02 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2013.03.13 00:28:56 | 000,000,000 | ---D | C] -- C:\Users\majdi ameni elvira\AppData\Roaming\Malwarebytes

[2013.03.13 00:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013.03.13 00:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013.03.13 00:28:33 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013.03.13 00:28:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013.03.13 00:28:12 | 000,000,000 | ---D | C] -- C:\Users\majdi ameni elvira\AppData\Local\Programs

[2013.03.12 23:51:33 | 000,000,000 | -H-D | C] -- C:\Users\majdi ameni elvira\AppData\Roaming\3EE0BCD6

[2013.03.12 23:50:02 | 000,000,000 | ---D | C] -- C:\Users\majdi ameni elvira\Sbblisr

[2013.03.12 12:35:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0

[2013.03.12 12:32:36 | 000,000,000 | ---D | C] -- C:\Users\majdi ameni elvira\AppData\Roaming\U3

[2013.03.12 11:51:26 | 000,000,000 | ---D | C] -- C:\Users\majdi ameni elvira\Desktop\musik neu

[2013.03.08 16:02:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013.03.01 20:53:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.03.20 00:20:11 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013.03.20 00:20:11 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013.03.20 00:19:26 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013.03.20 00:19:26 | 000,641,706 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2013.03.20 00:19:26 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013.03.20 00:19:26 | 000,126,062 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2013.03.20 00:19:26 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013.03.20 00:15:09 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013.03.20 00:15:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.03.20 00:14:56 | 3206,959,104 | -HS- | M] () -- C:\hiberfil.sys

[2013.03.20 00:00:00 | 000,001,172 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3828282979-3244811858-1549132693-1000UA.job

[2013.03.19 23:50:01 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013.03.19 23:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013.03.19 22:56:01 | 000,000,980 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3828282979-3244811858-1549132693-1000UA.job

[2013.03.19 22:56:00 | 000,000,958 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3828282979-3244811858-1549132693-1000Core.job

[2013.03.18 19:25:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2013.03.17 23:48:31 | 000,000,512 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\MBR.dat

[2013.03.17 01:00:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3828282979-3244811858-1549132693-1000Core.job

[2013.03.16 22:33:30 | 000,214,374 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\888951_617600784933108_956178932_o.jpg

[2013.03.16 22:32:13 | 000,137,609 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\862389_617088378317682_1757131080_n.jpg

[2013.03.16 22:32:03 | 000,055,333 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\804300_617195524973634_123515814_n.jpg

[2013.03.16 22:31:51 | 000,064,652 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\862185_617195691640284_854219262_n.jpg

[2013.03.16 22:31:38 | 000,173,307 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\888810_617600941599759_392689594_o.jpg

[2013.03.14 20:01:49 | 000,002,395 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\Google Chrome.lnk

[2013.03.13 14:38:22 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013.03.13 14:38:22 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013.03.11 22:32:35 | 000,095,176 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\602166_574832465874756_198468293_n.jpg

[2013.03.10 01:01:37 | 000,934,836 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\attachment.php.jpg

[2013.03.09 10:18:49 | 000,091,328 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\702889_571393502887170_527173581_n.jpg

[2013.03.09 10:18:31 | 000,139,126 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\702923_571393476220506_597571333_n.jpg

[2013.03.08 18:10:22 | 000,017,927 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\601592_570957746249165_1027927645_n.jpg

[2013.03.08 18:09:49 | 000,040,828 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\734632_571303722881234_1523163912_n.jpg

[2013.03.08 16:01:13 | 000,031,133 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\577996_10151559285256614_1219465472_n.jpg

[2013.03.07 16:29:46 | 000,057,079 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\65547_346293635492142_879126177_n.jpg

[2013.02.28 23:03:42 | 000,071,558 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\803380_608383912521462_350012141_n.jpg

[2013.02.28 23:02:57 | 000,067,753 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\730621_609338392426014_1849945632_n.jpg

[2013.02.28 23:02:46 | 000,024,753 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\730599_609328659093654_2139714039_n.jpg

[2013.02.28 13:11:10 | 000,306,636 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\859076_316425691793924_261292111_o.jpg

[2013.02.26 19:13:19 | 000,096,306 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\480151_610010319025863_232090152_n.jpg

[2013.02.26 19:12:50 | 000,074,640 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\524955_610019829024912_1986722450_n.jpg

[2013.02.26 19:10:46 | 000,034,721 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\485047_611786715514890_1200217643_n.jpg

[2013.02.26 15:28:23 | 000,037,588 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\285260_10151585540105209_864790281_n.jpg

[2013.02.26 15:09:38 | 000,011,837 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\430935_315873545195684_1097459838_n.jpg

[2013.02.25 19:59:10 | 000,017,239 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\317977_521838064503053_417561600_n.jpg

[2013.02.22 16:28:23 | 000,031,910 | ---- | M] () -- C:\Users\majdi ameni elvira\Desktop\559878_339374372850735_142926935_n.jpg

 
 ========== Files Created - No Company Name ==========

 

[2013.03.18 19:17:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013.03.18 19:17:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013.03.18 19:17:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013.03.18 19:17:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013.03.18 19:17:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013.03.17 23:48:31 | 000,000,512 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\MBR.dat

[2013.03.16 22:33:29 | 000,214,374 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\888951_617600784933108_956178932_o.jpg

[2013.03.16 22:32:13 | 000,137,609 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\862389_617088378317682_1757131080_n.jpg

[2013.03.16 22:32:03 | 000,055,333 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\804300_617195524973634_123515814_n.jpg

[2013.03.16 22:31:50 | 000,064,652 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\862185_617195691640284_854219262_n.jpg

[2013.03.16 22:31:37 | 000,173,307 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\888810_617600941599759_392689594_o.jpg

[2013.03.11 22:32:33 | 000,095,176 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\602166_574832465874756_198468293_n.jpg

[2013.03.10 01:01:34 | 000,934,836 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\attachment.php.jpg

[2013.03.09 10:18:48 | 000,091,328 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\702889_571393502887170_527173581_n.jpg

[2013.03.09 10:18:30 | 000,139,126 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\702923_571393476220506_597571333_n.jpg

[2013.03.08 18:10:21 | 000,017,927 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\601592_570957746249165_1027927645_n.jpg

[2013.03.08 18:09:47 | 000,040,828 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\734632_571303722881234_1523163912_n.jpg

[2013.03.08 15:59:57 | 000,031,133 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\577996_10151559285256614_1219465472_n.jpg

[2013.03.07 16:29:44 | 000,057,079 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\65547_346293635492142_879126177_n.jpg

[2013.02.28 23:03:41 | 000,071,558 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\803380_608383912521462_350012141_n.jpg

[2013.02.28 23:02:56 | 000,067,753 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\730621_609338392426014_1849945632_n.jpg

[2013.02.28 23:02:45 | 000,024,753 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\730599_609328659093654_2139714039_n.jpg

[2013.02.28 13:11:09 | 000,306,636 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\859076_316425691793924_261292111_o.jpg

[2013.02.26 19:13:17 | 000,096,306 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\480151_610010319025863_232090152_n.jpg

[2013.02.26 19:12:49 | 000,074,640 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\524955_610019829024912_1986722450_n.jpg

[2013.02.26 19:10:46 | 000,034,721 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\485047_611786715514890_1200217643_n.jpg

[2013.02.26 15:28:22 | 000,037,588 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\285260_10151585540105209_864790281_n.jpg

[2013.02.26 15:09:36 | 000,011,837 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\430935_315873545195684_1097459838_n.jpg

[2013.02.25 19:59:09 | 000,017,239 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\317977_521838064503053_417561600_n.jpg

[2013.02.22 16:28:22 | 000,031,910 | ---- | C] () -- C:\Users\majdi ameni elvira\Desktop\559878_339374372850735_142926935_n.jpg

[2012.10.29 18:23:43 | 000,003,584 | ---- | C] () -- C:\Users\majdi ameni elvira\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== Files - Unicode (All) ==========

[2013.03.16 19:45:01 | 019,652,117 | ---- | M] ()(C:\Users\majdi ameni elvira\Desktop\???? ??????? ?????? hadhra jaret achwaki - YouTube.FLV) -- C:\Users\majdi ameni elvira\Desktop\جارت الاشواق الحضرة hadhra jaret achwaki - YouTube.FLV

[2013.03.16 19:31:45 | 019,652,117 | ---- | C] ()(C:\Users\majdi ameni elvira\Desktop\???? ??????? ?????? hadhra jaret achwaki - YouTube.FLV) -- C:\Users\majdi ameni elvira\Desktop\جارت الاشواق الحضرة hadhra jaret achwaki - YouTube.FLV
 

< End of report >

bei OTL war es nur eine logfile..hab ichs falsch gemacht??

tut mir leid hab die 2te logfile doch noch gefunden

Code:

OTL Extras logfile created on: 20.03.2013 00:20:12 - Run 3

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\majdi ameni elvira\Downloads

64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

 

3,98 Gb Total Physical Memory | 2,81 Gb Available Physical Memory | 70,68% Memory free

7,96 Gb Paging File | 6,88 Gb Available in Paging File | 86,35% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 97,56 Gb Total Space | 56,89 Gb Free Space | 58,32% Space Free | Partition Type: NTFS

Drive D: | 368,10 Gb Total Space | 368,00 Gb Free Space | 99,97% Space Free | Partition Type: NTFS

 

Computer Name: MAJDIAMENIELVIR | User Name: majdi ameni elvira | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-3828282979-3244811858-1549132693-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 
 ========== Firewall Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1D6BD56B-541C-4D5D-9C61-14D0370DFB64}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe | 

"{28EB52E5-F894-40AE-9BCA-471099896575}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 

"{349FBD90-4322-4D18-963E-D4DF001EFA2C}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 

"{38A045C7-ADA3-4C12-9504-8F141A7026BF}" = dir=in | app=c:\users\majdi ameni elvira\appdata\local\facebook\video\skype\facebookvideocalling.exe | 

"{5BC526C7-B5DB-432B-A739-ABEDBCFF334E}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe | 

"{606A77EF-0CA3-4289-A55B-B788A6F25DC8}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 

"{76AEAD72-3658-446A-A037-30FD44B96620}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 

"{7A301976-C47F-46CF-B435-9B8CFC6D618D}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 

"{82A7328E-9E33-4F50-814E-53D66BB6BA0B}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 

"{96DD81E1-F78D-4D0E-86F7-BB011A5A5E3D}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe | 

"{9815E4D5-1CBF-4579-A788-6514EDC1717F}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 

"{CA7AF6D9-D4CE-4DE9-8F84-2CC704E7033C}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe | 

"{CAA89A70-CF66-45D7-A00A-42650BCD620E}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 

"{D8C28A7B-7284-411C-AEBB-DD48052AAAFF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{F18B3906-C0D2-4096-987D-C0D88A3177F4}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5C474A83-A45F-470C-9AC8-2BD1C251BF9A}" = Skype™ 4.2

"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Atheros WiFi Driver Installation

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1031-7B44-A70800000002}" = Adobe Reader 7.0.8 - Deutsch

"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"AskTBar Uninstall" = Ask Toolbar

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100

"McAfee Security Scan" = McAfee Security Scan Plus

"Mozilla Firefox 19.0.2 (x86 fr)" = Mozilla Firefox 19.0.2 (x86 fr)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"TelevisionFanaticbar Uninstall" = TelevisionFanatic Toolbar

"VLC media player" = VLC media player 2.0.2

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-3828282979-3244811858-1549132693-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

 
 ========== Last 20 Event Log Errors ==========

 

[ System Events ]

Error - 19.03.2013 19:15:07 | Computer Name = majdiamenielvir | Source = BTHUSB | ID = 327697

Description = Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen

 und wird nicht verwendet. Der Treiber wurde entladen.

 

 

< End of report >