Fix log Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2013
Ran by SYSTEM at 2013-04-08 17:29:35 Run:1
Running from G:\
==============================================
C:\Users\seyfettin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk moved successfully.
HKEY_USERS\seyfettin\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon.exe Value deleted successfully.
C:\ProgramData\Application Data\ah2b.js moved successfully.
C:\ProgramData\ah2b.js not found.
C:\ProgramData\Application Data\ah2b.pad moved successfully.
C:\ProgramData\ah2b.pad not found.
C:\ProgramData\b2ha.dat moved successfully.
C:\ProgramData\Application Data\b2ha.dat not found.
C:\ProgramData\rundll32.exe moved successfully.
C:\ProgramData\Application Data\rundll32.exe not found.
C:\Users\seyfettin\7871390.dll moved successfully.
==== End of Fixlog ==== Gmerlog Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-08 20:25:17
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM250JI rev.HS100-10 232,89GB
Running: 8bn16f9f.exe; Driver: C:\Users\SEYFET~1\AppData\Local\Temp\ugriauoc.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x9301D536]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x936F27BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x9301DF52]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x93028D7A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x93028DC6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x93028F48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x93028CE8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x936F2BAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x93028D30]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x9301E146]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x93028F02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x9301E8CA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x9301D584]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x936F289E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x9301D1EC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x9301D5D2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x930222A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x9301F292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x93028DA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x93028DE8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x93028F6C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x93028D0E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x93028E8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x93028D58]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x93028F26]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x936F2A1E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x9301F15E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0x9301ED08]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x9301D620]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x9301D66E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x9301E74A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x9301D276]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x9301D426]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x9301D3CC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x9301EA2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x9301EB88]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x9301D496]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x936F2AE8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x9301E5CA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x9301D6BC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x936F2954]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x9301E2CE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x9370A744]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 10D 82AB67D0 4 Bytes [36, D5, 01, 93] {AAD 0x1; XCHG EBX, EAX}
.text ntkrnlpa.exe!KeSetEvent + 131 82AB67F4 4 Bytes [BA, 27, 6F, 93]
.text ntkrnlpa.exe!KeSetEvent + 191 82AB6854 4 Bytes [52, DF, 01, 93] {PUSH EDX; FILD WORD [ECX]; XCHG EBX, EAX}
.text ntkrnlpa.exe!KeSetEvent + 1D1 82AB6894 8 Bytes [7A, 8D, 02, 93, C6, 8D, 02, ...] {JP 0xffffff8f; ADD DL, [EBX-0x6cfd723a]}
.text ntkrnlpa.exe!KeSetEvent + 1DD 82AB68A0 4 Bytes [48, 8F, 02, 93] {DEC EAX; POP DWORD [EDX]; XCHG EBX, EAX}
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82BE15EF 5 Bytes JMP 9370761C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 82C3A4D3 5 Bytes JMP 937090FE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82C43DEF 4 Bytes CALL 9301F959 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82C47A63 4 Bytes CALL 9301F96F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82C9BDBC 7 Bytes JMP 9370A748 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text win32k.sys!EngCreateRectRgn + 454E 9C1104AD 5 Bytes JMP 93022D72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + FDC 9C120665 5 Bytes JMP 93022E04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + C20 9C1296C9 5 Bytes JMP 93023A2A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 4A1 9C12A4B5 5 Bytes JMP 93023B90 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 8C53 9C132C67 5 Bytes JMP 930222DE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 616 9C133BBD 5 Bytes JMP 930237FA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 30F7 9C13F2F7 5 Bytes JMP 93022C2C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 4569 9C140769 5 Bytes JMP 93022538 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 46B8 9C1408B8 5 Bytes JMP 93022EDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 4C4D 9C140E4D 5 Bytes JMP 93022EF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 5235 9C141435 5 Bytes JMP 93022A52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 11A2A 9C15A305 5 Bytes JMP 93022992 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMapFontFileFD + 11A7E 9C15A359 5 Bytes JMP 93022C58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 377F 9C1814D3 5 Bytes JMP 930236C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 60DD 9C183E31 5 Bytes JMP 930223E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 4D4B 9C18A7BA 5 Bytes JMP 930225A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 2B49 9C194C4C 5 Bytes JMP 93023C32 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 5FF 9C197B3C 5 Bytes JMP 930223FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLpkInstalled + 1D73 9C1A1957 5 Bytes JMP 930237B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + B996 9C1B1F03 5 Bytes JMP 93022E1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 8C4 9C1B60F5 5 Bytes JMP 93023972 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 6F6A 9C1BC79B 5 Bytes JMP 9302376A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + B0F 9C1BFF0A 5 Bytes JMP 930238C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!STROBJ_vEnumStart + 4732 9C1C7833 5 Bytes JMP 930224D4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + E7F 9C1E5DE6 5 Bytes JMP 93022790 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + 24C 9C1EB6AE 5 Bytes JMP 93022664 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 26D9 9C1EF1E6 5 Bytes JMP 93023AE8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 3765 9C2075E6 5 Bytes JMP 93022E34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + A1B 9C20D73F 5 Bytes JMP 930226B8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + D2A3 9C219FC7 5 Bytes JMP 930228BC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLineTo + 10D1A 9C21DA3E 5 Bytes JMP 93022826 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[516] kernel32.dll!GetBinaryTypeW + 70 76972447 1 Byte [62]
.text C:\Windows\system32\csrss.exe[596] KERNEL32.dll!GetBinaryTypeW + 70 76972447 1 Byte [62]
.text C:\Windows\system32\wininit.exe[648] kernel32.dll!GetBinaryTypeW + 70 76972447 1 Byte [62]
.text C:\Windows\system32\csrss.exe[660] KERNEL32.dll!GetBinaryTypeW + 70 76972447 1 Byte [62]
.text C:\Windows\system32\services.exe[692] kernel32.dll!GetBinaryTypeW + 70 76972447 1 Byte [62]
.text ...
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1492] ntdll.dll!LdrLoadDll 76EB9378 5 Bytes JMP 001501F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1492] ntdll.dll!LdrUnloadDll 76ECB680 5 Bytes JMP 001503FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1492] kernel32.dll!GetBinaryTypeW + 70 76972447 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1492] USER32.dll!SetWindowsHookExA 76D46322 5 Bytes JMP 00170600
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1492] USER32.dll!SetWindowsHookExW 76D487AD 5 Bytes JMP 00170804
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1492] USER32.dll!UnhookWindowsHookEx 76D498DB 5 Bytes JMP 00170A08
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1492] USER32.dll!SetWinEventHook 76D49F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1492] USER32.dll!UnhookWinEvent 76D4C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1492] ADVAPI32.dll!CreateServiceW 75599EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1492] ADVAPI32.dll!DeleteService 7559A07E 5 Bytes JMP 00180600
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1492] ADVAPI32.dll!SetServiceObjectSecurity 755D6CD9 5 Bytes JMP 00181014
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1492] ADVAPI32.dll!ChangeServiceConfigA 755D6DD9 5 Bytes JMP 00180804
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1492] ADVAPI32.dll!ChangeServiceConfigW 755D6F81 5 Bytes JMP 00180A08
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1492] ADVAPI32.dll!ChangeServiceConfig2A 755D7099 5 Bytes JMP 00180C0C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1492] ADVAPI32.dll!ChangeServiceConfig2W 755D71E1 5 Bytes JMP 00180E10
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1492] ADVAPI32.dll!CreateServiceA 755D72A1 5 Bytes JMP 001801F8
.text C:\Windows\system32\nvvsvc.exe[1516] kernel32.dll!GetBinaryTypeW + 70 76972447 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1552] kernel32.dll!GetBinaryTypeW + 70 76972447 1 Byte [62]
.text C:\Windows\SMINST\BLService.exe[1720] kernel32.dll!GetBinaryTypeW + 70 76972447 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1748] kernel32.dll!SetUnhandledExceptionFilter 7694A8B5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1748] kernel32.dll!GetBinaryTypeW + 70 76972447 1 Byte [62]
.text C:\Windows\system32\WLANExt.exe[1768] kernel32.dll!GetBinaryTypeW + 70 76972447 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1864] kernel32.dll!GetBinaryTypeW + 70 76972447 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1944] kernel32.dll!GetBinaryTypeW + 70 76972447 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1972] kernel32.dll!GetBinaryTypeW + 70 76972447 1 Byte [62]
.text ...
.text C:\Windows\system32\svchost.exe[2264] ntdll.dll!LdrLoadDll 76EB9378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2264] ntdll.dll!LdrUnloadDll 76ECB680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2264] kernel32.dll!GetBinaryTypeW + 70 76972447 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2264] ADVAPI32.dll!CreateServiceW 75599EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2264] ADVAPI32.dll!DeleteService 7559A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2264] ADVAPI32.dll!SetServiceObjectSecurity 755D6CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2264] ADVAPI32.dll!ChangeServiceConfigA 755D6DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2264] ADVAPI32.dll!ChangeServiceConfigW 755D6F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2264] ADVAPI32.dll!ChangeServiceConfig2A 755D7099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2264] ADVAPI32.dll!ChangeServiceConfig2W 755D71E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2264] ADVAPI32.dll!CreateServiceA 755D72A1 5 Bytes JMP 000701F8
.text C:\Windows\Explorer.EXE[2340] kernel32.dll!GetBinaryTypeW + 70 76972447 1 Byte [62]
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2396] KERNEL32.dll!GetBinaryTypeW + 70 76972447 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2416] kernel32.dll!GetBinaryTypeW + 70 76972447 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[2552] kernel32.dll!GetBinaryTypeW + 70 76972447 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2600] kernel32.dll!GetBinaryTypeW + 70 76972447 1 Byte [62]
.text ...
.text C:\Program Files\Windows Defender\MSASCui.exe[2924] ntdll.dll!LdrLoadDll 76EB9378 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Defender\MSASCui.exe[2924] ntdll.dll!LdrUnloadDll 76ECB680 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Defender\MSASCui.exe[2924] kernel32.dll!GetBinaryTypeW + 70 76972447 1 Byte [62]
.text C:\Program Files\Windows Defender\MSASCui.exe[2924] ADVAPI32.dll!CreateServiceW 75599EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Defender\MSASCui.exe[2924] ADVAPI32.dll!DeleteService 7559A07E 5 Bytes JMP 00070600
.text C:\Program Files\Windows Defender\MSASCui.exe[2924] ADVAPI32.dll!SetServiceObjectSecurity 755D6CD9 5 Bytes JMP 00071014
.text C:\Program Files\Windows Defender\MSASCui.exe[2924] ADVAPI32.dll!ChangeServiceConfigA 755D6DD9 5 Bytes JMP 00070804
.text C:\Program Files\Windows Defender\MSASCui.exe[2924] ADVAPI32.dll!ChangeServiceConfigW 755D6F81 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Defender\MSASCui.exe[2924] ADVAPI32.dll!ChangeServiceConfig2A 755D7099 5 Bytes JMP 00070C0C
.text C:\Program Files\Windows Defender\MSASCui.exe[2924] ADVAPI32.dll!ChangeServiceConfig2W 755D71E1 5 Bytes JMP 00070E10
.text C:\Program Files\Windows Defender\MSASCui.exe[2924] ADVAPI32.dll!CreateServiceA 755D72A1 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Defender\MSASCui.exe[2924] USER32.dll!SetWindowsHookExA 76D46322 5 Bytes JMP 00080600
.text C:\Program Files\Windows Defender\MSASCui.exe[2924] USER32.dll!SetWindowsHookExW 76D487AD 5 Bytes JMP 00080804
.text C:\Program Files\Windows Defender\MSASCui.exe[2924] USER32.dll!UnhookWindowsHookEx 76D498DB 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Defender\MSASCui.exe[2924] USER32.dll!SetWinEventHook 76D49F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Defender\MSASCui.exe[2924] USER32.dll!UnhookWinEvent 76D4C06F 5 Bytes JMP 000803FC
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2944] ntdll.dll!LdrLoadDll 76EB9378 5 Bytes JMP 001501F8
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2944] ntdll.dll!LdrUnloadDll 76ECB680 5 Bytes JMP 001503FC
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2944] kernel32.dll!GetBinaryTypeW + 70 76972447 1 Byte [62]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2944] USER32.dll!SetWindowsHookExA 76D46322 5 Bytes JMP 00170600
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2944] USER32.dll!SetWindowsHookExW 76D487AD 5 Bytes JMP 00170804
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2944] USER32.dll!UnhookWindowsHookEx 76D498DB 5 Bytes JMP 00170A08
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2944] USER32.dll!SetWinEventHook 76D49F3A 5 Bytes JMP 001701F8
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2944] USER32.dll!UnhookWinEvent 76D4C06F 5 Bytes JMP 001703FC
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2944] ADVAPI32.dll!CreateServiceW 75599EB4 5 Bytes JMP 001803FC
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2944] ADVAPI32.dll!DeleteService 7559A07E 5 Bytes JMP 00180600
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2944] ADVAPI32.dll!SetServiceObjectSecurity 755D6CD9 5 Bytes JMP 00181014
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2944] ADVAPI32.dll!ChangeServiceConfigA 755D6DD9 5 Bytes JMP 00180804
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2944] ADVAPI32.dll!ChangeServiceConfigW 755D6F81 5 Bytes JMP 00180A08
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2944] ADVAPI32.dll!ChangeServiceConfig2A 755D7099 5 Bytes JMP 00180C0C
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2944] ADVAPI32.dll!ChangeServiceConfig2W 755D71E1 5 Bytes JMP 00180E10
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2944] ADVAPI32.dll!CreateServiceA 755D72A1 5 Bytes JMP 001801F8
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[2952] ntdll.dll!LdrLoadDll 76EB9378 5 Bytes JMP 001501F8
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[2952] ntdll.dll!LdrUnloadDll 76ECB680 5 Bytes JMP 001503FC
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[2952] kernel32.dll!GetBinaryTypeW + 70 76972447 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[2952] ADVAPI32.dll!CreateServiceW 75599EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[2952] ADVAPI32.dll!DeleteService 7559A07E 5 Bytes JMP 00170600
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[2952] ADVAPI32.dll!SetServiceObjectSecurity 755D6CD9 5 Bytes JMP 00171014
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[2952] ADVAPI32.dll!ChangeServiceConfigA 755D6DD9 5 Bytes JMP 00170804
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[2952] ADVAPI32.dll!ChangeServiceConfigW 755D6F81 5 Bytes JMP 00170A08
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[2952] ADVAPI32.dll!ChangeServiceConfig2A 755D7099 5 Bytes JMP 00170C0C
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[2952] ADVAPI32.dll!ChangeServiceConfig2W 755D71E1 5 Bytes JMP 00170E10
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[2952] ADVAPI32.dll!CreateServiceA 755D72A1 5 Bytes JMP 001701F8
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[2952] USER32.dll!SetWindowsHookExA 76D46322 5 Bytes JMP 00180600
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[2952] USER32.dll!SetWindowsHookExW 76D487AD 5 Bytes JMP 00180804
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[2952] USER32.dll!UnhookWindowsHookEx 76D498DB 5 Bytes JMP 00180A08
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[2952] USER32.dll!SetWinEventHook 76D49F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[2952] USER32.dll!UnhookWinEvent 76D4C06F 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] ntdll.dll!LdrLoadDll 76EB9378 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] ntdll.dll!LdrUnloadDll 76ECB680 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] kernel32.dll!GetBinaryTypeW + 70 76972447 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] ADVAPI32.dll!CreateServiceW 75599EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] ADVAPI32.dll!DeleteService 7559A07E 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] ADVAPI32.dll!SetServiceObjectSecurity 755D6CD9 5 Bytes JMP 00171014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] ADVAPI32.dll!ChangeServiceConfigA 755D6DD9 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] ADVAPI32.dll!ChangeServiceConfigW 755D6F81 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] ADVAPI32.dll!ChangeServiceConfig2A 755D7099 5 Bytes JMP 00170C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] ADVAPI32.dll!ChangeServiceConfig2W 755D71E1 5 Bytes JMP 00170E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] ADVAPI32.dll!CreateServiceA 755D72A1 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] USER32.dll!SetWindowsHookExA 76D46322 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] USER32.dll!SetWindowsHookExW 76D487AD 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] USER32.dll!UnhookWindowsHookEx 76D498DB 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] USER32.dll!SetWinEventHook 76D49F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] USER32.dll!UnhookWinEvent 76D4C06F 5 Bytes JMP 001803FC
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3020] kernel32.dll!GetBinaryTypeW + 70 76972447 1 Byte [62]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3224] ntdll.dll!LdrLoadDll 76EB9378 5 Bytes JMP 001501F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3224] ntdll.dll!LdrUnloadDll 76ECB680 5 Bytes JMP 001503FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3224] kernel32.dll!GetBinaryTypeW + 70 76972447 1 Byte [62]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3224] ADVAPI32.dll!CreateServiceW 75599EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3224] ADVAPI32.dll!DeleteService 7559A07E 5 Bytes JMP 00170600
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3224] ADVAPI32.dll!SetServiceObjectSecurity 755D6CD9 5 Bytes JMP 00171014
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3224] ADVAPI32.dll!ChangeServiceConfigA 755D6DD9 5 Bytes JMP 00170804
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3224] ADVAPI32.dll!ChangeServiceConfigW 755D6F81 5 Bytes JMP 00170A08
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3224] ADVAPI32.dll!ChangeServiceConfig2A 755D7099 5 Bytes JMP 00170C0C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3224] ADVAPI32.dll!ChangeServiceConfig2W 755D71E1 5 Bytes JMP 00170E10
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3224] ADVAPI32.dll!CreateServiceA 755D72A1 5 Bytes JMP 001701F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3224] USER32.dll!SetWindowsHookExA 76D46322 5 Bytes JMP 00390600
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3224] USER32.dll!SetWindowsHookExW 76D487AD 5 Bytes JMP 00390804
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3224] USER32.dll!UnhookWindowsHookEx 76D498DB 5 Bytes JMP 00390A08
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3224] USER32.dll!SetWinEventHook 76D49F3A 5 Bytes JMP 003901F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3224] USER32.dll!UnhookWinEvent 76D4C06F 5 Bytes JMP 003903FC
.text C:\Program Files\Skype\Phone\Skype.exe[3232] ntdll.dll!LdrLoadDll 76EB9378 5 Bytes JMP 000501F8
.text C:\Program Files\Skype\Phone\Skype.exe[3232] ntdll.dll!LdrUnloadDll 76ECB680 5 Bytes JMP 000503FC
.text C:\Program Files\Skype\Phone\Skype.exe[3232] kernel32.dll!GetBinaryTypeW + 70 76972447 1 Byte [62]
.text C:\Program Files\Skype\Phone\Skype.exe[3232] USER32.dll!SetWindowsHookExA 76D46322 5 Bytes JMP 009A0600
.text C:\Program Files\Skype\Phone\Skype.exe[3232] USER32.dll!SetWindowsHookExW 76D487AD 5 Bytes JMP 009A0804
.text C:\Program Files\Skype\Phone\Skype.exe[3232] USER32.dll!UnhookWindowsHookEx 76D498DB 5 Bytes JMP 009A0A08
.text C:\Program Files\Skype\Phone\Skype.exe[3232] USER32.dll!SetWinEventHook 76D49F3A 5 Bytes JMP 009A01F8
.text C:\Program Files\Skype\Phone\Skype.exe[3232] USER32.dll!UnhookWinEvent 76D4C06F 5 Bytes JMP 009A03FC
.text C:\Program Files\Skype\Phone\Skype.exe[3232] ADVAPI32.dll!CreateServiceW 75599EB4 5 Bytes JMP 009903FC
.text C:\Program Files\Skype\Phone\Skype.exe[3232] ADVAPI32.dll!DeleteService 7559A07E 5 Bytes JMP 00990600
.text C:\Program Files\Skype\Phone\Skype.exe[3232] ADVAPI32.dll!SetServiceObjectSecurity 755D6CD9 5 Bytes JMP 00991014
.text C:\Program Files\Skype\Phone\Skype.exe[3232] ADVAPI32.dll!ChangeServiceConfigA 755D6DD9 5 Bytes JMP 00990804
.text C:\Program Files\Skype\Phone\Skype.exe[3232] ADVAPI32.dll!ChangeServiceConfigW 755D6F81 5 Bytes JMP 00990A08
.text C:\Program Files\Skype\Phone\Skype.exe[3232] ADVAPI32.dll!ChangeServiceConfig2A 755D7099 5 Bytes JMP 00990C0C
.text C:\Program Files\Skype\Phone\Skype.exe[3232] ADVAPI32.dll!ChangeServiceConfig2W 755D71E1 5 Bytes JMP 00990E10
.text C:\Program Files\Skype\Phone\Skype.exe[3232] ADVAPI32.dll!CreateServiceA 755D72A1 5 Bytes JMP 009901F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[3316] ntdll.dll!LdrLoadDll 76EB9378 5 Bytes JMP 001401F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[3316] ntdll.dll!LdrUnloadDll 76ECB680 5 Bytes JMP 001403FC
.text C:\Windows\system32\DRIVERS\xaudio.exe[3316] kernel32.dll!GetBinaryTypeW + 70 76972447 1 Byte [62]
.text C:\Windows\system32\DRIVERS\xaudio.exe[3316] ADVAPI32.dll!CreateServiceW 75599EB4 5 Bytes JMP 001603FC
.text C:\Windows\system32\DRIVERS\xaudio.exe[3316] ADVAPI32.dll!DeleteService 7559A07E 5 Bytes JMP 00160600
.text C:\Windows\system32\DRIVERS\xaudio.exe[3316] ADVAPI32.dll!SetServiceObjectSecurity 755D6CD9 3 Bytes JMP 00161014
.text C:\Windows\system32\DRIVERS\xaudio.exe[3316] ADVAPI32.dll!SetServiceObjectSecurity + 4 755D6CDD 1 Byte [8A]
.text C:\Windows\system32\DRIVERS\xaudio.exe[3316] ADVAPI32.dll!ChangeServiceConfigA 755D6DD9 5 Bytes JMP 00160804
.text C:\Windows\system32\DRIVERS\xaudio.exe[3316] ADVAPI32.dll!ChangeServiceConfigW 755D6F81 5 Bytes JMP 00160A08
.text C:\Windows\system32\DRIVERS\xaudio.exe[3316] ADVAPI32.dll!ChangeServiceConfig2A 755D7099 5 Bytes JMP 00160C0C
.text C:\Windows\system32\DRIVERS\xaudio.exe[3316] ADVAPI32.dll!ChangeServiceConfig2W 755D71E1 5 Bytes JMP 00160E10
.text C:\Windows\system32\DRIVERS\xaudio.exe[3316] ADVAPI32.dll!CreateServiceA 755D72A1 5 Bytes JMP 001601F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[3316] USER32.dll!SetWindowsHookExA 76D46322 5 Bytes JMP 00170600
.text C:\Windows\system32\DRIVERS\xaudio.exe[3316] USER32.dll!SetWindowsHookExW 76D487AD 5 Bytes JMP 00170804
.text C:\Windows\system32\DRIVERS\xaudio.exe[3316] USER32.dll!UnhookWindowsHookEx 76D498DB 5 Bytes JMP 00170A08
.text C:\Windows\system32\DRIVERS\xaudio.exe[3316] USER32.dll!SetWinEventHook 76D49F3A 5 Bytes JMP 001701F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[3316] USER32.dll!UnhookWinEvent 76D4C06F 5 Bytes JMP 001703FC
---- Devices - GMER 2.1 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ---- OTL log Code:
OTL logfile created on: 08.04.2013 20:38:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\seyfettin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,63 Gb Available Physical Memory | 54,41% Memory free
6,21 Gb Paging File | 4,90 Gb Available in Paging File | 78,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,90 Gb Total Space | 145,50 Gb Free Space | 64,98% Space Free | Partition Type: NTFS
Drive D: | 8,98 Gb Total Space | 1,60 Gb Free Space | 17,83% Space Free | Partition Type: NTFS
Computer Name: SEYFETTIN-PC | User Name: seyfettin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.04.08 20:35:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\seyfettin\Desktop\OTL.exe
PRC - [2012.07.03 18:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2011.12.28 00:21:18 | 000,021,392 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011.11.21 06:21:43 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.04.26 01:15:26 | 000,361,808 | ---- | M] () -- C:\WINDOWS\SMINST\BLService.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
========== Modules (No Company Name) ==========
MOD - [2013.02.17 17:27:17 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll
MOD - [2013.01.21 22:53:23 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ac9e3eca6c148504588e7c6d09fe83e3\System.Management.ni.dll
MOD - [2013.01.13 19:26:16 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ba58d64562391191a22ad0133512ed6f\System.Runtime.Remoting.ni.dll
MOD - [2013.01.13 19:26:06 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll
MOD - [2013.01.09 17:07:07 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll
MOD - [2013.01.09 17:06:48 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll
MOD - [2013.01.09 17:06:39 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll
MOD - [2013.01.09 17:06:32 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll
MOD - [2013.01.09 17:06:19 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013.01.09 17:06:10 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll
MOD - [2013.01.09 17:06:06 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013.01.09 17:05:58 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013.01.09 17:05:47 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2012.02.03 01:07:25 | 000,115,137 | ---- | M] () -- C:\Users\seyfettin\AppData\Local\Temp\bad4021e-8b96-4726-a482-7caebf5bc001\CliSecureRT.dll
MOD - [2011.12.28 00:21:18 | 000,021,392 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011.11.21 06:21:43 | 001,989,592 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\PROGRA~2\b2ha.dat -- (Winmgmt)
SRV - [2013.03.13 18:40:32 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.01 13:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008.04.26 01:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\WINDOWS\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Auto | Stopped] -- -- (ASPI32)
DRV - [2012.07.03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.07.03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.07.03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.07.03 18:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.07.03 18:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012.07.03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.12.23 21:58:18 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2011.12.08 06:22:26 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.12.08 06:22:26 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011.12.08 06:22:26 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2011.12.08 06:22:26 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011.07.23 16:51:19 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2009.10.03 07:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.09.05 17:55:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)
DRV - [2008.10.03 04:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008.06.10 20:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.06.10 00:23:00 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2007.10.18 01:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.06.18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006.11.02 09:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvm60x32.sys -- (NVENETFD)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{2AD9BACB-2264-4A41-A318-6F1BDE25A2A7}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{D87FDBEE-E7CB-48AE-8CBD-78AC61B2F615}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2235001654-3630167865-3023915631-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Presario&pf=cnnb
IE - HKU\S-1-5-21-2235001654-3630167865-3023915631-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/webhp?sourceid=navclient&hl=de&ie=UTF-8
IE - HKU\S-1-5-21-2235001654-3630167865-3023915631-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2235001654-3630167865-3023915631-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2235001654-3630167865-3023915631-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKU\S-1-5-21-2235001654-3630167865-3023915631-1000\..\SearchScopes\{2AD9BACB-2264-4A41-A318-6F1BDE25A2A7}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKU\S-1-5-21-2235001654-3630167865-3023915631-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_deDE424
IE - HKU\S-1-5-21-2235001654-3630167865-3023915631-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-2235001654-3630167865-3023915631-1000\..\SearchScopes\{D87FDBEE-E7CB-48AE-8CBD-78AC61B2F615}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKU\S-1-5-21-2235001654-3630167865-3023915631-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1456
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.03.27 01:52:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.07.12 16:34:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.09 22:29:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2011.12.09 22:33:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\seyfettin\AppData\Roaming\mozilla\Extensions
[2012.02.03 01:14:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.03 01:14:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2012.07.12 16:34:29 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011.11.21 06:21:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.21 03:17:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.21 03:09:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.21 03:17:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.07.21 02:58:26 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.11.21 03:17:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.21 03:17:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.21 03:17:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2235001654-3630167865-3023915631-1000..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-2235001654-3630167865-3023915631-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DFB0715-2A48-4213-8456-42F2604C5C6A}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACEA6A4B-1CBF-4FEC-ACFC-EFD3B99A0FA7}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Dots.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Dots.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.04.08 20:35:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\seyfettin\Desktop\OTL.exe
[2013.04.08 18:04:08 | 000,000,000 | ---D | C] -- C:\FRST
[2013.03.23 18:16:50 | 000,000,000 | ---D | C] -- C:\Users\seyfettin\AppData\Roaming\Skype
[2013.03.23 18:16:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.03.23 18:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.03.23 18:16:30 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013.03.23 18:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013.03.22 17:11:40 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013.03.14 14:33:53 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.03.14 14:33:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.03.14 14:33:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.03.14 14:33:51 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.03.14 14:33:50 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.03.14 14:33:49 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.03.14 14:33:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.03.14 14:33:46 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
========== Files - Modified Within 30 Days ==========
[2013.04.08 20:40:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.08 20:35:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\seyfettin\Desktop\OTL.exe
[2013.04.08 20:29:33 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.08 20:27:31 | 000,094,967 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013.04.08 20:27:30 | 000,094,967 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.04.08 20:27:29 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.08 20:26:59 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.08 20:26:58 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.08 20:26:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.08 20:26:48 | 3216,228,352 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.08 17:35:45 | 000,377,856 | ---- | M] () -- C:\Users\seyfettin\Desktop\8bn16f9f.exe
[2013.04.08 00:35:54 | 000,628,914 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.08 00:35:54 | 000,596,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.08 00:35:54 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.08 00:35:54 | 000,104,242 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.26 17:16:18 | 000,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.03.18 18:30:51 | 000,024,064 | ---- | M] () -- C:\Users\seyfettin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.03.13 18:40:31 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.13 18:40:31 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.03.12 01:10:56 | 000,237,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
========== Files Created - No Company Name ==========
[2013.04.08 17:35:42 | 000,377,856 | ---- | C] () -- C:\Users\seyfettin\Desktop\8bn16f9f.exe
[2013.04.08 01:52:07 | 3216,228,352 | -HS- | C] () -- C:\hiberfil.sys
[2013.03.23 18:16:31 | 000,002,379 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.01.07 22:43:01 | 000,000,035 | ---- | C] () -- C:\Windows\Ulead32.INI
[2012.01.07 22:39:41 | 000,285,216 | ---- | C] () -- C:\Windows\System32\drivers\Onsio.sys
[2012.01.07 22:39:41 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\Onsreged.sys
[2011.12.23 21:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.12.23 21:58:24 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.12.23 21:58:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.12.23 21:58:24 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.12.23 21:58:24 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.04.05 23:06:38 | 000,024,064 | ---- | C] () -- C:\Users\seyfettin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.27 14:28:04 | 000,001,589 | ---- | C] () -- C:\Users\seyfettin\Browserwahl.lnk
[2011.03.27 14:28:04 | 000,000,104 | ---- | C] () -- C:\Users\seyfettin\Systemsteuerung - Verknüpfung.lnk
[2011.03.26 16:41:45 | 000,001,847 | ---- | C] () -- C:\Users\seyfettin\Avira AntiVir Control Center.lnk
[2011.03.26 16:09:01 | 000,094,967 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011.03.26 16:08:31 | 000,094,967 | ---- | C] () -- C:\ProgramData\nvModes.dat
========== ZeroAccess Check ==========
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report > OTL Extra log Code:
OTL Extras logfile created on: 08.04.2013 20:38:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\seyfettin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,63 Gb Available Physical Memory | 54,41% Memory free
6,21 Gb Paging File | 4,90 Gb Available in Paging File | 78,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223,90 Gb Total Space | 145,50 Gb Free Space | 64,98% Space Free | Partition Type: NTFS
Drive D: | 8,98 Gb Total Space | 1,60 Gb Free Space | 17,83% Space Free | Partition Type: NTFS
Computer Name: SEYFETTIN-PC | User Name: seyfettin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F410E06-3DC1-42A2-8D1F-F3FE93B56693}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BB8BECC2-06C7-4FFF-AD7E-0FA241CFF2FF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A73A88E-19FC-4CC9-8BD0-D0CD1441AFE1}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{363F48E6-3B04-44A0-BC38-38F24A92FD99}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{37FF0276-33F4-4DA7-8D3D-593845201B31}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{5E22BA42-273A-4FF4-8622-3B51554B27D1}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{6A385B83-6154-4361-8880-807267DF7EE5}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{AB51BA87-9EC8-400B-8E89-28ACB7EEF4B3}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{CCB94405-8663-447A-922E-3E991D25AD7C}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{EDF38899-B3B7-4260-AB2F-DC556F6FD97C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{EF54D3AD-AF8D-43A6-8F1B-07E64B11D05F}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{F3DF3ABE-BC2E-4D14-9D59-B18D7D4202B3}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"TCP Query User{38915AD3-E4E9-4984-B2FA-3864D65CEF9D}C:\program files\java\jre1.6.0_05\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_05\bin\javaw.exe |
"TCP Query User{7EB6FA59-FEAC-4844-BF3C-1EE0629E3511}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{5782D0DE-25E4-4E4A-8D64-861ADDA4F1D1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{B60B5663-5B23-4D13-A10C-3C0A518EA74B}C:\program files\java\jre1.6.0_05\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_05\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 F1
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements
"{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"1489-3350-5074-6281" = JDownloader 0.9
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AIM_6" = AIM
"avast" = avast! Free Antivirus
"Avidemux 2.5" = Avidemux 2.5
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DtsFilter" = DTS+AC3 ÇÊÅÍ
"GOM Player" = GOM Player
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MKVtoolnix" = MKVtoolnix 4.9.0
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"PS3 Media Server" = PS3 Media Server
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.9
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2235001654-3630167865-3023915631-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Tropico 4" = Tropico 4 1.00
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.03.2013 11:15:31 | Computer Name = seyfettin-PC | Source = WinMgmt | ID = 10
Description =
Error - 28.03.2013 10:37:33 | Computer Name = seyfettin-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.03.2013 09:18:20 | Computer Name = seyfettin-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.04.2013 10:33:25 | Computer Name = seyfettin-PC | Source = WinMgmt | ID = 10
Description =
Error - 06.04.2013 08:43:02 | Computer Name = seyfettin-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.04.2013 12:33:20 | Computer Name = seyfettin-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.04.2013 14:23:31 | Computer Name = seyfettin-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.04.2013 18:31:56 | Computer Name = seyfettin-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.04.2013 19:00:22 | Computer Name = seyfettin-PC | Source = EventSystem | ID = 4609
Description =
Error - 07.04.2013 19:04:10 | Computer Name = seyfettin-PC | Source = EventSystem | ID = 4609
Description =
[ System Events ]
Error - 07.04.2013 23:55:43 | Computer Name = seyfettin-PC | Source = DCOM | ID = 10005
Description =
Error - 07.04.2013 23:56:13 | Computer Name = seyfettin-PC | Source = DCOM | ID = 10010
Description =
Error - 08.04.2013 10:15:45 | Computer Name = seyfettin-PC | Source = DCOM | ID = 10005
Description =
Error - 08.04.2013 10:16:15 | Computer Name = seyfettin-PC | Source = DCOM | ID = 10010
Description =
Error - 08.04.2013 11:32:16 | Computer Name = seyfettin-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 08.04.2013 um 16:16:42 unerwartet heruntergefahren.
Error - 08.04.2013 11:33:19 | Computer Name = seyfettin-PC | Source = DCOM | ID = 10005
Description =
Error - 08.04.2013 11:33:49 | Computer Name = seyfettin-PC | Source = DCOM | ID = 10010
Description =
Error - 08.04.2013 14:28:01 | Computer Name = seyfettin-PC | Source = DCOM | ID = 10005
Description =
Error - 08.04.2013 14:28:31 | Computer Name = seyfettin-PC | Source = DCOM | ID = 10010
Description =
Error - 08.04.2013 14:40:30 | Computer Name = seyfettin-PC | Source = DCOM | ID = 10010
Description =
< End of report > |