| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Lizenz-Daten konnten nicht korrekt geschrieben werden.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.04.2013, 10:07
| #1 |
 |  Lizenz-Daten konnten nicht korrekt geschrieben werden. Hallo. Ich habe auf meinem Netbook mit Windows 7 die Cd von "Oxford Advanced Learner's Dictionary 8th Edition" installiert. Nach dem Neustart konnte ich aber the dictionary doch nicht öffnen. Wenn ich auf das Symbol im Desktop klicke, erhalte ich diese Fehlermeldung:"Lizenz-Daten konnten nicht korrekt geschrieben werden. Bitte wenden Sie sich an den Support!" Vor einigen Monaten habe ich mein System formatiert, ich weiss nicht ob das Problem damit zusammenhängt. Ich kenne mich leider mit Rechner nicht so gut aus. Ich würde mich freuen, wenn jemand mir dabei helfen könnte. Vielen Dank im Voraus. LG, Derya |
|
11.04.2013, 08:58
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Lizenz-Daten konnten nicht korrekt geschrieben werden. Hallo,
__________________Zitat:
Nichtsdestotrotz können wir deinen Rechner natürlich abklopfen wenn du willst
__________________ |
|
11.04.2013, 15:46
| #3 |
| | Lizenz-Daten konnten nicht korrekt geschrieben werden. Hallo. Ja ich habe den Support angewendet: aber die haben mir leider nicht weitergeholfen. Ich habe aus Securom AppDaten gelöscht und mein virenprogramm deinstalliert dann wörterbuch neu installiert aber immer wieder dieselbe Fehlermeldung. Ich schicke Ihnen die genauere Antwort vom Support
__________________ Leider ist uns dieser Fehler im Zusammenhang mit dem OALD nicht bekannt. Nach eigenen Recherchen scheint es hier ein Problem des Kopierschutzes SecuROM mit Ihrem PC vorzuliegen. „Dieser Fehler tritt normalerweise auf, wenn der Kopierschutz SecuROM nicht wie gewünscht Daten in dem vorgesehenem Unterverzeichnis des Benutzerverzeichnisses des Benutzers unter dem man bei Windows angemeldet ist, schreiben kann. Dies kann mehrere Gründe haben: Der Benutzer mit dem man angemeldet ist, hat nur eingeschränkte Rechte, die keinen vollen Schreibzugriff auf das gewünschte Unterverzeichnis des Benutzers erlauben. Das vorgesehene Unterverzeichnis existiert schon, ist aber schreibgeschützt. Der Benutzername enthält ungewöhnliche Zeichen wie Sonderzeichen oder Umlaute oder er ist sehr lang Ein Programm verhindert den Zugriff auf das gewünschte Unterverzeichnis. Es gibt Antiviren- & Antispyware Programme, die den Zugriff auf das Benutzerverzeichnis überwachen und wenn sie einen fragwürdigen Zugriff registrieren, diesen verhindern. Manchmal kommt es da zu Fehlinterpretationen dieser Programme.“ Bitte deinstallieren Sie den OALD deshalb noch einmal über Start -> Systemsteuerung -> Programme – nach der Deinstallation starten Sie bitte Ihren PC komplett einmal neu - deaktivieren Sie den Virenscanner und versuchen Sie bitte unter Beachtung der oben genannten Hinweise (Administratorrechte und Benutzernamen ohne Sonderzeichen) den OALD noch einmal neu zu installieren – bitte unbedingt eine Vollinstallation des Programms vornehmen. |
|
12.04.2013, 10:36
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Lizenz-Daten konnten nicht korrekt geschrieben werden. Hm mal sehen ob da was dran sein kann. Ich kann dir aber nicht garantieren, dass wir diese Software auf deinen Rechner zum Laufen kriegen Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
13.04.2013, 17:02
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Lizenz-Daten konnten nicht korrekt geschrieben werden. OTL neu runterladen und nochmal probieren Außerdem musst du abwarten, das Log ist nicht in Nullkommanix fertig  Du siehst ganz unten im OTL-Fenster wie OTL die verschiedenen Verzeichnisse scannt
__________________ --> Lizenz-Daten konnten nicht korrekt geschrieben werden. |
|
13.04.2013, 17:03
| #7 |
| | Lizenz-Daten konnten nicht korrekt geschrieben werden. sorry. es hat geklappt. hat vielleicht zu lange gedauert. auf desktop habe ich 2logfiles gefunden.OTL Logfile: Code:
ATTFilter OTL logfile created on: 13.04.2013 17:39:47 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\derya\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013,30 Mb Total Physical Memory | 144,89 Mb Available Physical Memory | 14,30% Memory free 1,99 Gb Paging File | 1,10 Gb Available in Paging File | 55,44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,79 Gb Total Space | 187,21 Gb Free Space | 80,42% Space Free | Partition Type: NTFS Computer Name: DERYA-PC | User Name: derya | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\derya\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\derya\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) PRC - C:\Users\derya\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Programme\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Samsung\Samsung Update Plus\SUPBackGround.exe () PRC - C:\Programme\Paragon Software\PONS 7\PONS.exe () ========== Modules (No Company Name) ========== MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Programme\Samsung\Samsung Update Plus\SUPBackGround.exe () MOD - C:\Programme\Samsung\Samsung Update Plus\HMXML.dll () MOD - C:\Programme\Paragon Software\PONS 7\PONS.exe () MOD - C:\Programme\Paragon Software\PONS 7\Engine.dll () MOD - C:\Programme\Paragon Software\PONS 7\morphology.dll () MOD - C:\Programme\Paragon Software\PONS 7\QtCore4.dll () MOD - C:\Programme\Paragon Software\PONS 7\iconengines\qsvg1.dll () MOD - C:\Programme\Paragon Software\PONS 7\QtSvg4.dll () MOD - C:\Programme\Paragon Software\PONS 7\QtNetwork4.dll () MOD - C:\Programme\Paragon Software\PONS 7\QtGui4.dll () MOD - C:\Programme\Paragon Software\PONS 7\QtXml4.dll () MOD - C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (BrYNSvc) -- C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\derya\AppData\Local\Temp\catchme.sys File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys () DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys () DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (taphss6) -- C:\Windows\System32\drivers\taphss6.sys (Anchorfree Inc.) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2070947155-1557344131-3509826172-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Delta Search IE - HKU\S-1-5-21-2070947155-1557344131-3509826172-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE - HKU\S-1-5-21-2070947155-1557344131-3509826172-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-2070947155-1557344131-3509826172-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 57 12 43 4D 62 14 CE 01 [binary data] IE - HKU\S-1-5-21-2070947155-1557344131-3509826172-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2070947155-1557344131-3509826172-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2070947155-1557344131-3509826172-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&babsrc=SP_def&mntrId=48D14CEDDE7DD04A IE - HKU\S-1-5-21-2070947155-1557344131-3509826172-1000\..\SearchScopes\{23530345-370C-475E-A1B7-29101769EF6E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=469A2950-8C02-4C3A-856A-F800790215CC&apn_sauid=4BB2C14B-1C96-4E19-80F0-974D9791E0A3 IE - HKU\S-1-5-21-2070947155-1557344131-3509826172-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1483 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ocr@babylon.com: C:\Program Files\Babylon\Babylon-Pro\Utils\ocr@babylon.com [2013.04.10 13:19:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.04.11 22:02:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.11 23:48:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.11 23:47:51 | 000,000,000 | ---D | M] [2013.04.10 21:54:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\derya\AppData\Roaming\mozilla\Extensions [2013.04.13 17:29:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\derya\AppData\Roaming\mozilla\Firefox\Profiles\h4n9x1of.default\Extensions [2013.04.13 17:29:13 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\derya\AppData\Roaming\mozilla\firefox\profiles\h4n9x1of.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.04.11 23:47:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.04.11 23:47:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2013.04.11 22:02:37 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2013.04.11 23:48:14 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.11.11 19:47:16 | 001,903,520 | ---- | M] (Caminova, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll [2013.04.11 23:48:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.04.10 13:18:45 | 000,006,430 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2013.04.11 23:48:04 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.04.11 23:48:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.04.11 23:48:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.04.11 23:48:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.04.11 23:48:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.12.20 13:37:32 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.) O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [PONS 7] C:\Program Files\Paragon Software\PONS 7\PONS.exe () O4 - HKU\S-1-5-21-2070947155-1557344131-3509826172-1000..\Run: [Spotify Web Helper] C:\Users\derya\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - Startup: C:\Users\derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\derya\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2070947155-1557344131-3509826172-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2070947155-1557344131-3509826172-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D1D805D-972F-4927-91B7-1217F928207E}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDF786D4-3E50-4680-BF1C-C158320A7F31}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.13 17:23:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\derya\Desktop\OTL.exe [2013.04.13 17:07:30 | 000,000,000 | ---D | C] -- C:\Users\derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxford [2013.04.13 17:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oxford [2013.04.11 23:47:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.04.11 22:03:21 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2013.04.11 22:03:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2013.04.11 22:03:20 | 000,368,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2013.04.11 22:03:17 | 000,060,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys [2013.04.11 22:03:16 | 000,062,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2013.04.11 22:03:15 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2013.04.11 22:03:10 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2013.04.11 22:02:23 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2013.04.11 21:46:59 | 000,000,000 | ---D | C] -- C:\Users\derya\AppData\Local\MFAData [2013.04.11 21:46:59 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2013.04.11 21:46:59 | 000,000,000 | ---D | C] -- C:\Users\derya\AppData\Local\Avg2013 [2013.04.10 21:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2013.04.10 21:18:35 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.04.10 21:18:32 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.04.10 21:18:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.04.10 21:18:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.04.10 21:18:29 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.04.10 21:18:24 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.04.10 21:18:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.04.10 21:18:17 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.04.10 17:02:07 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.04.10 17:01:48 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.04.10 17:01:46 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.04.10 17:01:39 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2013.04.10 17:01:15 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll [2013.04.10 17:01:13 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll [2013.04.10 13:20:20 | 000,000,000 | ---D | C] -- C:\Users\derya\AppData\Local\Babylon [2013.04.10 13:19:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon [2013.04.10 13:18:54 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon [2013.04.09 11:43:55 | 000,000,000 | ---D | C] -- C:\Users\derya\AppData\Local\oald8 [2013.04.09 11:43:33 | 000,000,000 | ---D | C] -- C:\Users\derya\AppData\Roaming\oald8 [2013.04.09 11:43:09 | 000,000,000 | RH-D | C] -- C:\Users\derya\AppData\Roaming\SecuROM [2013.04.09 11:37:19 | 000,000,000 | ---D | C] -- C:\Program Files\Oxford [2013.04.07 11:03:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013.04.04 07:51:38 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.03.17 18:34:58 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys ========== Files - Modified Within 30 Days ========== [2013.04.13 17:44:40 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.13 17:44:40 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.13 17:37:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.13 17:37:01 | 796,889,088 | -HS- | M] () -- C:\hiberfil.sys [2013.04.13 17:30:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.13 17:23:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\derya\Desktop\OTL.exe [2013.04.13 17:07:30 | 000,001,908 | ---- | M] () -- C:\Users\Public\Desktop\Oxford Advanced Learner's Dictionary - 8th Edition.lnk [2013.04.12 09:39:31 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.04.12 09:39:31 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.04.12 09:32:08 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.04.12 09:32:08 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.04.12 09:32:08 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.04.12 09:32:08 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.11 22:03:22 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013.04.11 22:03:10 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2013.04.10 21:53:46 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.04.10 21:28:13 | 000,288,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.04.10 13:19:33 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Babylon.lnk [2013.04.04 07:52:53 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.03.30 10:02:01 | 000,015,760 | ---- | M] () -- C:\Users\derya\Documents\untitled_0.odt [2013.03.30 09:45:57 | 000,000,098 | -H-- | M] () -- C:\Users\derya\Documents\.~lock.atatürk.odt# [2013.03.26 09:42:30 | 000,001,011 | ---- | M] () -- C:\Users\derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.03.26 09:41:34 | 000,000,979 | ---- | M] () -- C:\Users\derya\Desktop\Dropbox.lnk [2013.03.19 07:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.03.19 07:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.03.19 06:48:45 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll ========== Files Created - No Company Name ========== [2013.04.13 17:07:30 | 000,001,908 | ---- | C] () -- C:\Users\Public\Desktop\Oxford Advanced Learner's Dictionary - 8th Edition.lnk [2013.04.11 22:03:22 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013.04.11 22:03:13 | 000,164,736 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys [2013.04.11 22:03:12 | 000,049,248 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys [2013.04.10 21:53:46 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.04.10 21:53:46 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.04.10 13:19:32 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Babylon.lnk [2013.03.31 10:03:25 | 000,015,760 | ---- | C] () -- C:\Users\derya\Documents\untitled_0.odt [2013.03.30 09:45:57 | 000,000,098 | -H-- | C] () -- C:\Users\derya\Documents\.~lock.atatürk.odt# [2012.12.19 23:08:09 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys [2012.12.19 18:59:16 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat [2012.12.19 13:50:29 | 000,000,000 | ---- | C] () -- C:\Windows\RTLInBoth.ini ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 05:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.04.10 15:25:57 | 000,000,000 | ---D | M] -- C:\Users\derya\AppData\Roaming\Babylon [2013.04.13 17:39:00 | 000,000,000 | ---D | M] -- C:\Users\derya\AppData\Roaming\Dropbox [2013.04.09 11:44:04 | 000,000,000 | ---D | M] -- C:\Users\derya\AppData\Roaming\oald8 [2012.12.22 13:09:47 | 000,000,000 | ---D | M] -- C:\Users\derya\AppData\Roaming\OpenOffice.org [2013.04.13 17:57:52 | 000,000,000 | ---D | M] -- C:\Users\derya\AppData\Roaming\Spotify [2012.12.19 18:51:02 | 000,000,000 | ---D | M] -- C:\Users\derya\AppData\Roaming\TuneUp Software ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 13.04.2013 17:39:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\derya\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1013,30 Mb Total Physical Memory | 144,89 Mb Available Physical Memory | 14,30% Memory free
1,99 Gb Paging File | 1,10 Gb Available in Paging File | 55,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 187,21 Gb Free Space | 80,42% Space Free | Partition Type: NTFS
Computer Name: DERYA-PC | User Name: derya | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6B465CCB-4A89-4440-AE59-63C1C36BF420}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{8E86C963-CB9A-4610-8BD9-5C569B24F56F}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{B7DAFC20-21DE-4A6C-BDC8-27335F519E66}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3ECA47B4-BC57-464A-9515-2F20AB75422D}" = protocol=6 | dir=in | app=c:\users\derya\appdata\roaming\dropbox\bin\dropbox.exe |
"{7CF206ED-01A0-4E03-BD15-F2D270F226F3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B20B69F7-D568-4E57-BE0F-2A79E7D1BFCD}" = protocol=17 | dir=in | app=c:\users\derya\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{3180332E-057B-41E2-82DC-155C76419750}C:\users\derya\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\derya\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{327C047A-F448-45FB-91AD-B1DDDE1B0406}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{6C3F07EA-F81A-4A9B-A4E1-0446A67EABE1}C:\users\derya\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\derya\appdata\roaming\spotify\spotify.exe |
"TCP Query User{CF57D954-9DA0-4883-8C58-0447489C0310}C:\users\derya\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\derya\appdata\roaming\spotify\spotify.exe |
"UDP Query User{6CA0C4F2-CFA9-488C-B2D2-241CB64449D5}C:\users\derya\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\derya\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{8AB318CB-68A1-43E9-88C0-2CD7A5BC5321}C:\users\derya\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\derya\appdata\roaming\spotify\spotify.exe |
"UDP Query User{B5944BA0-CE51-4292-A21B-148CB118FAC0}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{C9736F0A-74A3-4128-8D93-30017280D577}C:\users\derya\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\derya\appdata\roaming\spotify\spotify.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{ADDBDFFF-A9B1-4AAA-94ED-2F754A1F5D5F}" = Document Express DjVu Plug-in
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2130
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AudibleManager" = AudibleManager
"avast" = avast! Free Antivirus
"Babylon" = Babylon
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NSIS_oald8" = Oxford Advanced Learner's Dictionary - 8th Edition
"Paragon Software PONS 7" = Paragon Software PONS 7
"VLC media player" = VLC media player 2.0.5
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2070947155-1557344131-3509826172-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.04.2013 08:14:05 | Computer Name = derya-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\easy
display manager\RunGfxUI64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 04.04.2013 02:18:25 | Computer Name = derya-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\easy
display manager\RunGfxUI64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 05.04.2013 06:08:12 | Computer Name = derya-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\easy
display manager\RunGfxUI64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 06.04.2013 06:41:10 | Computer Name = derya-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\easy
display manager\RunGfxUI64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 06.04.2013 11:55:22 | Computer Name = derya-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 6.1.0.129, Zeitstempel:
0x50ec1757 Name des fehlerhaften Moduls: Skype.exe, Version: 6.1.0.129, Zeitstempel:
0x50ec1757 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00005dc8 ID des fehlerhaften Prozesses:
0xbe8 Startzeit der fehlerhaften Anwendung: 0x01ce32a11889f4a9 Pfad der fehlerhaften
Anwendung: C:\Program Files\Skype\Phone\Skype.exe Pfad des fehlerhaften Moduls:
C:\Program Files\Skype\Phone\Skype.exe Berichtskennung: 63303100-9ed2-11e2-ba35-4cedde7dd04a
Error - 07.04.2013 07:28:01 | Computer Name = derya-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\easy
display manager\RunGfxUI64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 08.04.2013 04:49:29 | Computer Name = derya-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\easy
display manager\RunGfxUI64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 09.04.2013 07:13:34 | Computer Name = derya-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\easy
display manager\RunGfxUI64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 12.04.2013 04:56:51 | Computer Name = derya-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\easy
display manager\RunGfxUI64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 13.04.2013 06:15:34 | Computer Name = derya-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\easy
display manager\RunGfxUI64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 18.02.2013 21:09:23 | Computer Name = derya-PC | Source = DCOM | ID = 10010
Description =
Error - 19.02.2013 04:15:13 | Computer Name = derya-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 19.02.2013 04:21:55 | Computer Name = derya-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Software Protection" wurde nicht richtig gestartet.
Error - 19.02.2013 08:26:14 | Computer Name = derya-PC | Source = DCOM | ID = 10010
Description =
Error - 20.02.2013 04:09:48 | Computer Name = derya-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 20.02.2013 04:10:23 | Computer Name = derya-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 20.02.2013 04:14:15 | Computer Name = derya-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Software Protection" wurde nicht richtig gestartet.
Error - 20.02.2013 04:14:55 | Computer Name = derya-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst eventlog erreicht.
Error - 20.02.2013 09:37:26 | Computer Name = derya-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Schedule erreicht.
Error - 20.02.2013 09:37:34 | Computer Name = derya-PC | Source = DCOM | ID = 10010
Description =
< End of report >
|
|
13.04.2013, 17:05
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Lizenz-Daten konnten nicht korrekt geschrieben werden. Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
 Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.04.2013, 17:06
| #9 |
| | Lizenz-Daten konnten nicht korrekt geschrieben werden. ich habe aber ganz unten im fenster in benutzdefinierte scans teil keine funktion gesehen deswegen hab ich gedacht dass scan nicht geklaptt hat. mit support von software habe ich etwas am rechner verändert, an denen ich mich mehr erinnern kann. hallo. avast blocikert Ihre Internetseite! Infektionsdetails URL: http://www.trojaner-board.de/misc.php?v Prozess: C:\Program Files\Mozilla Firefox\firefox... Infektion: HTML:RedirDL-inf [Trj] ich sende die ergebnisse vom GMER und malware. wie ich vorher geschrieben habe, blockiert avast ihre Internetseite, dass ein zugang manchmal nicht möglich ist. GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-04-13 19:03:54
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM250HI rev.2AC101C4 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\derya\AppData\Local\Temp\ugloapob.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x89C1A59C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8A97F388]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x89C1B02E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x89C267F2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x89C2683E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x89C269D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x89C26760]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8A97F720]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x89C267A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x89C1B52C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x89C1B748]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x89C26992]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x89C1BDE4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x89C1A602]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x89C1F5C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8A97F450]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8A97D9B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x89C1A668]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x89C1F98C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x89C1C874]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x89C2681C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x89C26860]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x89C269FC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x89C26786]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x89C1EEA8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x89C26910]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x89C267D0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x89C1F29A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x89C269B6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8A97F5B0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x89C1C740]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x89C1C44E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x89C1A6CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x89C1A734]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x89C1BC5E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x89C1A284]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x89C1A45A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x89C1A3E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x89C1BFAE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x89C1C110]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x89C1A4E2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x8A97F678]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x89C1BC3E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x8A97D9E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x89C1A79A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8A97F4FC]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 81C53A09 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81C8D1F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 81C94220 4 Bytes [9C, A5, C1, 89]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 81C94248 4 Bytes [88, F3, 97, 8A]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 81C942A8 4 Bytes [2E, B0, C1, 89]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 81C942FC 8 Bytes [F2, 67, C2, 89, 3E, 68, C2, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 81C94308 4 Bytes [D8, 69, C2, 89]
.text ...
.text kernel32.dll!GetBinaryTypeW + 70 75E569F4 1 Byte [62]
---- User code sections - GMER 2.1 ----
.text C:\Windows\System32\svchost.exe[132] kernel32.dll!GetBinaryTypeW + 70 75E569F4 1 Byte [62]
.text C:\Windows\system32\csrss.exe[416] kernel32.dll!GetBinaryTypeW + 70 75E569F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[468] kernel32.dll!GetBinaryTypeW + 70 75E569F4 1 Byte [62]
.text C:\Windows\system32\csrss.exe[476] kernel32.dll!GetBinaryTypeW + 70 75E569F4 1 Byte [62]
.text ...
.text C:\Users\derya\AppData\Roaming\Dropbox\bin\Dropbox.exe[2200] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 001E03FC
.text C:\Users\derya\AppData\Roaming\Dropbox\bin\Dropbox.exe[2200] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 001E01F8
.text C:\Users\derya\AppData\Roaming\Dropbox\bin\Dropbox.exe[2200] KERNEL32.dll!GetBinaryTypeW + 70 75E569F4 1 Byte [62]
.text C:\Users\derya\AppData\Roaming\Dropbox\bin\Dropbox.exe[2200] USER32.dll!UnhookWindowsHookEx 75FFADF9 5 Bytes JMP 001F0A08
.text C:\Users\derya\AppData\Roaming\Dropbox\bin\Dropbox.exe[2200] USER32.dll!UnhookWinEvent 75FFB750 5 Bytes JMP 001F03FC
.text C:\Users\derya\AppData\Roaming\Dropbox\bin\Dropbox.exe[2200] USER32.dll!SetWindowsHookExW 75FFE30C 5 Bytes JMP 001F0804
.text C:\Users\derya\AppData\Roaming\Dropbox\bin\Dropbox.exe[2200] USER32.dll!SetWinEventHook 760024DC 5 Bytes JMP 001F01F8
.text C:\Users\derya\AppData\Roaming\Dropbox\bin\Dropbox.exe[2200] USER32.dll!SetWindowsHookExA 76026D0C 5 Bytes JMP 001F0600
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[2248] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 001E03FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[2248] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 001E01F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[2248] KERNEL32.dll!GetBinaryTypeW + 70 75E569F4 1 Byte [62]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[2248] USER32.dll!UnhookWindowsHookEx 75FFADF9 5 Bytes JMP 00300A08
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[2248] USER32.dll!UnhookWinEvent 75FFB750 5 Bytes JMP 003003FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[2248] USER32.dll!SetWindowsHookExW 75FFE30C 5 Bytes JMP 00300804
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[2248] USER32.dll!SetWinEventHook 760024DC 5 Bytes JMP 003001F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[2248] USER32.dll!SetWindowsHookExA 76026D0C 5 Bytes JMP 00300600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] KERNEL32.dll!GetBinaryTypeW + 70 75E569F4 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] USER32.dll!UnhookWindowsHookEx 75FFADF9 5 Bytes JMP 00090A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] USER32.dll!UnhookWinEvent 75FFB750 5 Bytes JMP 000903FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] USER32.dll!SetWindowsHookExW 75FFE30C 5 Bytes JMP 00090804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] USER32.dll!SetWinEventHook 760024DC 5 Bytes JMP 000901F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2336] USER32.dll!SetWindowsHookExA 76026D0C 5 Bytes JMP 00090600
.text C:\Windows\system32\svchost.exe[2548] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 000E03FC
.text C:\Windows\system32\svchost.exe[2548] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 000E01F8
.text C:\Windows\system32\svchost.exe[2548] KERNEL32.dll!GetBinaryTypeW + 70 75E569F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2548] USER32.dll!UnhookWindowsHookEx 75FFADF9 5 Bytes JMP 00100A08
.text C:\Windows\system32\svchost.exe[2548] USER32.dll!UnhookWinEvent 75FFB750 5 Bytes JMP 001003FC
.text C:\Windows\system32\svchost.exe[2548] USER32.dll!SetWindowsHookExW 75FFE30C 5 Bytes JMP 00100804
.text C:\Windows\system32\svchost.exe[2548] USER32.dll!SetWinEventHook 760024DC 5 Bytes JMP 001001F8
.text C:\Windows\system32\svchost.exe[2548] USER32.dll!SetWindowsHookExA 76026D0C 5 Bytes JMP 00100600
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2860] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 000F03FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2860] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 000F01F8
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2860] KERNEL32.dll!GetBinaryTypeW + 70 75E569F4 1 Byte [62]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2860] USER32.dll!UnhookWindowsHookEx 75FFADF9 5 Bytes JMP 00100A08
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2860] USER32.dll!UnhookWinEvent 75FFB750 5 Bytes JMP 001003FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2860] USER32.dll!SetWindowsHookExW 75FFE30C 5 Bytes JMP 00100804
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2860] USER32.dll!SetWinEventHook 760024DC 5 Bytes JMP 001001F8
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2860] USER32.dll!SetWindowsHookExA 76026D0C 5 Bytes JMP 00100600
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3004] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 000E03FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3004] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 000E01F8
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3004] KERNEL32.dll!GetBinaryTypeW + 70 75E569F4 1 Byte [62]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3004] USER32.dll!UnhookWindowsHookEx 75FFADF9 5 Bytes JMP 00BA0A08
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3004] USER32.dll!UnhookWinEvent 75FFB750 5 Bytes JMP 00BA03FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3004] USER32.dll!SetWindowsHookExW 75FFE30C 5 Bytes JMP 00BA0804
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3004] USER32.dll!SetWinEventHook 760024DC 5 Bytes JMP 00BA01F8
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3004] USER32.dll!SetWindowsHookExA 76026D0C 5 Bytes JMP 00BA0600
.text C:\Windows\system32\taskhost.exe[3076] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 000D03FC
.text C:\Windows\system32\taskhost.exe[3076] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 000D01F8
.text C:\Windows\system32\taskhost.exe[3076] KERNEL32.dll!GetBinaryTypeW + 70 75E569F4 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[3076] USER32.dll!UnhookWindowsHookEx 75FFADF9 5 Bytes JMP 00120A08
.text C:\Windows\system32\taskhost.exe[3076] USER32.dll!UnhookWinEvent 75FFB750 5 Bytes JMP 001203FC
.text C:\Windows\system32\taskhost.exe[3076] USER32.dll!SetWindowsHookExW 75FFE30C 5 Bytes JMP 00120804
.text C:\Windows\system32\taskhost.exe[3076] USER32.dll!SetWinEventHook 760024DC 5 Bytes JMP 001201F8
.text C:\Windows\system32\taskhost.exe[3076] USER32.dll!SetWindowsHookExA 76026D0C 5 Bytes JMP 00120600
.text C:\Windows\system32\taskeng.exe[3120] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 000E03FC
.text C:\Windows\system32\taskeng.exe[3120] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 000E01F8
.text C:\Windows\system32\taskeng.exe[3120] KERNEL32.dll!GetBinaryTypeW + 70 75E569F4 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[3120] USER32.dll!UnhookWindowsHookEx 75FFADF9 5 Bytes JMP 000F0A08
.text C:\Windows\system32\taskeng.exe[3120] USER32.dll!UnhookWinEvent 75FFB750 5 Bytes JMP 000F03FC
.text C:\Windows\system32\taskeng.exe[3120] USER32.dll!SetWindowsHookExW 75FFE30C 5 Bytes JMP 000F0804
.text C:\Windows\system32\taskeng.exe[3120] USER32.dll!SetWinEventHook 760024DC 5 Bytes JMP 000F01F8
.text C:\Windows\system32\taskeng.exe[3120] USER32.dll!SetWindowsHookExA 76026D0C 5 Bytes JMP 000F0600
.text C:\Windows\system32\Dwm.exe[3176] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 000E03FC
.text C:\Windows\system32\Dwm.exe[3176] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 000E01F8
.text C:\Windows\system32\Dwm.exe[3176] KERNEL32.dll!GetBinaryTypeW + 70 75E569F4 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[3176] USER32.dll!UnhookWindowsHookEx 75FFADF9 5 Bytes JMP 000F0A08
.text C:\Windows\system32\Dwm.exe[3176] USER32.dll!UnhookWinEvent 75FFB750 5 Bytes JMP 000F03FC
.text C:\Windows\system32\Dwm.exe[3176] USER32.dll!SetWindowsHookExW 75FFE30C 5 Bytes JMP 000F0804
.text C:\Windows\system32\Dwm.exe[3176] USER32.dll!SetWinEventHook 760024DC 5 Bytes JMP 000F01F8
.text C:\Windows\system32\Dwm.exe[3176] USER32.dll!SetWindowsHookExA 76026D0C 5 Bytes JMP 000F0600
.text C:\Windows\system32\taskhost.exe[3248] kernel32.dll!GetBinaryTypeW + 70 75E569F4 1 Byte [62]
.text C:\Windows\Explorer.EXE[3276] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 000E03FC
.text C:\Windows\Explorer.EXE[3276] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 000E01F8
.text C:\Windows\Explorer.EXE[3276] KERNEL32.dll!GetBinaryTypeW + 70 75E569F4 1 Byte [62]
.text C:\Windows\Explorer.EXE[3276] USER32.dll!UnhookWindowsHookEx 75FFADF9 5 Bytes JMP 00100A08
.text C:\Windows\Explorer.EXE[3276] USER32.dll!UnhookWinEvent 75FFB750 5 Bytes JMP 001003FC
.text C:\Windows\Explorer.EXE[3276] USER32.dll!SetWindowsHookExW 75FFE30C 5 Bytes JMP 00100804
.text C:\Windows\Explorer.EXE[3276] USER32.dll!SetWinEventHook 760024DC 5 Bytes JMP 001001F8
.text C:\Windows\Explorer.EXE[3276] USER32.dll!SetWindowsHookExA 76026D0C 5 Bytes JMP 00100600
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3300] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 001E03FC
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3300] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 001E01F8
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3300] KERNEL32.dll!GetBinaryTypeW + 70 75E569F4 1 Byte [62]
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3300] USER32.dll!UnhookWindowsHookEx 75FFADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3300] USER32.dll!UnhookWinEvent 75FFB750 5 Bytes JMP 001F03FC
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3300] USER32.dll!SetWindowsHookExW 75FFE30C 5 Bytes JMP 001F0804
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3300] USER32.dll!SetWinEventHook 760024DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[3300] USER32.dll!SetWindowsHookExA 76026D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\igfxext.exe[3384] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 001E03FC
.text C:\Windows\system32\igfxext.exe[3384] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 001E01F8
.text C:\Windows\system32\igfxext.exe[3384] KERNEL32.dll!GetBinaryTypeW + 70 75E569F4 1 Byte [62]
.text C:\Windows\system32\igfxext.exe[3384] USER32.dll!UnhookWindowsHookEx 75FFADF9 5 Bytes JMP 001F0A08
.text C:\Windows\system32\igfxext.exe[3384] USER32.dll!UnhookWinEvent 75FFB750 5 Bytes JMP 001F03FC
.text C:\Windows\system32\igfxext.exe[3384] USER32.dll!SetWindowsHookExW 75FFE30C 5 Bytes JMP 001F0804
.text C:\Windows\system32\igfxext.exe[3384] USER32.dll!SetWinEventHook 760024DC 5 Bytes JMP 001F01F8
.text C:\Windows\system32\igfxext.exe[3384] USER32.dll!SetWindowsHookExA 76026D0C 5 Bytes JMP 001F0600
.text C:\Windows\system32\igfxsrvc.exe[3416] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 001E03FC
.text C:\Windows\system32\igfxsrvc.exe[3416] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 001E01F8
.text C:\Windows\system32\igfxsrvc.exe[3416] KERNEL32.dll!GetBinaryTypeW + 70 75E569F4 1 Byte [62]
.text C:\Windows\system32\igfxsrvc.exe[3416] USER32.dll!UnhookWindowsHookEx 75FFADF9 5 Bytes JMP 001F0A08
.text C:\Windows\system32\igfxsrvc.exe[3416] USER32.dll!UnhookWinEvent 75FFB750 5 Bytes JMP 001F03FC
.text C:\Windows\system32\igfxsrvc.exe[3416] USER32.dll!SetWindowsHookExW 75FFE30C 5 Bytes JMP 001F0804
.text C:\Windows\system32\igfxsrvc.exe[3416] USER32.dll!SetWinEventHook 760024DC 5 Bytes JMP 001F01F8
.text C:\Windows\system32\igfxsrvc.exe[3416] USER32.dll!SetWindowsHookExA 76026D0C 5 Bytes JMP 001F0600
.text C:\Windows\System32\igfxtray.exe[3472] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 001E03FC
.text C:\Windows\System32\igfxtray.exe[3472] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 001E01F8
.text C:\Windows\System32\igfxtray.exe[3472] KERNEL32.dll!GetBinaryTypeW + 70 75E569F4 1 Byte [62]
.text C:\Windows\System32\igfxtray.exe[3472] USER32.dll!UnhookWindowsHookEx 75FFADF9 5 Bytes JMP 00200A08
.text C:\Windows\System32\igfxtray.exe[3472] USER32.dll!UnhookWinEvent 75FFB750 5 Bytes JMP 002003FC
.text C:\Windows\System32\igfxtray.exe[3472] USER32.dll!SetWindowsHookExW 75FFE30C 5 Bytes JMP 00200804
.text C:\Windows\System32\igfxtray.exe[3472] USER32.dll!SetWinEventHook 760024DC 5 Bytes JMP 002001F8
.text C:\Windows\System32\igfxtray.exe[3472] USER32.dll!SetWindowsHookExA 76026D0C 5 Bytes JMP 00200600
.text C:\Windows\System32\hkcmd.exe[3480] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 001703FC
.text C:\Windows\System32\hkcmd.exe[3480] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 001701F8
.text C:\Windows\System32\hkcmd.exe[3480] KERNEL32.dll!GetBinaryTypeW + 70 75E569F4 1 Byte [62]
.text C:\Windows\System32\hkcmd.exe[3480] USER32.dll!UnhookWindowsHookEx 75FFADF9 5 Bytes JMP 00190A08
.text C:\Windows\System32\hkcmd.exe[3480] USER32.dll!UnhookWinEvent 75FFB750 5 Bytes JMP 001903FC
.text C:\Windows\System32\hkcmd.exe[3480] USER32.dll!SetWindowsHookExW 75FFE30C 5 Bytes JMP 00190804
.text C:\Windows\System32\hkcmd.exe[3480] USER32.dll!SetWinEventHook 760024DC 5 Bytes JMP 001901F8
.text C:\Windows\System32\hkcmd.exe[3480] USER32.dll!SetWindowsHookExA 76026D0C 5 Bytes JMP 00190600
.text C:\Windows\System32\igfxpers.exe[3496] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 001E03FC
.text C:\Windows\System32\igfxpers.exe[3496] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 001E01F8
.text C:\Windows\System32\igfxpers.exe[3496] KERNEL32.dll!GetBinaryTypeW + 70 75E569F4 1 Byte [62]
.text C:\Windows\System32\igfxpers.exe[3496] USER32.dll!UnhookWindowsHookEx 75FFADF9 5 Bytes JMP 00300A08
.text C:\Windows\System32\igfxpers.exe[3496] USER32.dll!UnhookWinEvent 75FFB750 5 Bytes JMP 003003FC
.text C:\Windows\System32\igfxpers.exe[3496] USER32.dll!SetWindowsHookExW 75FFE30C 5 Bytes JMP 00300804
.text C:\Windows\System32\igfxpers.exe[3496] USER32.dll!SetWinEventHook 760024DC 5 Bytes JMP 003001F8
.text C:\Windows\System32\igfxpers.exe[3496] USER32.dll!SetWindowsHookExA 76026D0C 5 Bytes JMP 00300600
.text C:\Windows\system32\igfxsrvc.exe[3528] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 001E03FC
.text C:\Windows\system32\igfxsrvc.exe[3528] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 001E01F8
.text C:\Windows\system32\igfxsrvc.exe[3528] KERNEL32.dll!GetBinaryTypeW + 70 75E569F4 1 Byte [62]
.text C:\Windows\system32\igfxsrvc.exe[3528] USER32.dll!UnhookWindowsHookEx 75FFADF9 5 Bytes JMP 001F0A08
.text C:\Windows\system32\igfxsrvc.exe[3528] USER32.dll!UnhookWinEvent 75FFB750 5 Bytes JMP 001F03FC
.text C:\Windows\system32\igfxsrvc.exe[3528] USER32.dll!SetWindowsHookExW 75FFE30C 5 Bytes JMP 001F0804
.text C:\Windows\system32\igfxsrvc.exe[3528] USER32.dll!SetWinEventHook 760024DC 5 Bytes JMP 001F01F8
.text C:\Windows\system32\igfxsrvc.exe[3528] USER32.dll!SetWindowsHookExA 76026D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Paragon Software\PONS 7\PONS.exe[3708] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 001E03FC
.text C:\Program Files\Paragon Software\PONS 7\PONS.exe[3708] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 001E01F8
.text C:\Program Files\Paragon Software\PONS 7\PONS.exe[3708] KERNEL32.dll!GetBinaryTypeW + 70 75E569F4 1 Byte [62]
.text C:\Program Files\Paragon Software\PONS 7\PONS.exe[3708] USER32.dll!UnhookWindowsHookEx 75FFADF9 5 Bytes JMP 00230A08
.text C:\Program Files\Paragon Software\PONS 7\PONS.exe[3708] USER32.dll!UnhookWinEvent 75FFB750 5 Bytes JMP 002303FC
.text C:\Program Files\Paragon Software\PONS 7\PONS.exe[3708] USER32.dll!SetWindowsHookExW 75FFE30C 5 Bytes JMP 00230804
.text C:\Program Files\Paragon Software\PONS 7\PONS.exe[3708] USER32.dll!SetWinEventHook 760024DC 5 Bytes JMP 002301F8
.text C:\Program Files\Paragon Software\PONS 7\PONS.exe[3708] USER32.dll!SetWindowsHookExA 76026D0C 5 Bytes JMP 00230600
.text C:\Program Files\Babylon\Babylon-Pro\Babylon.exe[3828] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 001E03FC
.text C:\Program Files\Babylon\Babylon-Pro\Babylon.exe[3828] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 001E01F8
.text C:\Program Files\Babylon\Babylon-Pro\Babylon.exe[3828] KERNEL32.dll!GetBinaryTypeW + 70 75E569F4 1 Byte [62]
.text C:\Program Files\Babylon\Babylon-Pro\Babylon.exe[3828] USER32.dll!UnhookWindowsHookEx 75FFADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Babylon\Babylon-Pro\Babylon.exe[3828] USER32.dll!UnhookWinEvent 75FFB750 5 Bytes JMP 001F03FC
.text C:\Program Files\Babylon\Babylon-Pro\Babylon.exe[3828] USER32.dll!SetWindowsHookExW 75FFE30C 5 Bytes JMP 001F0804
.text C:\Program Files\Babylon\Babylon-Pro\Babylon.exe[3828] USER32.dll!SetWinEventHook 760024DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Babylon\Babylon-Pro\Babylon.exe[3828] USER32.dll!SetWindowsHookExA 76026D0C 5 Bytes JMP 001F0600
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3836] kernel32.dll!GetBinaryTypeW + 70 75E569F4 1 Byte [62]
.text C:\Users\derya\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3900] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 000E03FC
.text C:\Users\derya\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3900] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 000E01F8
.text C:\Users\derya\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3900] KERNEL32.dll!GetBinaryTypeW + 70 75E569F4 1 Byte [62]
.text C:\Users\derya\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3900] USER32.dll!UnhookWindowsHookEx 75FFADF9 5 Bytes JMP 00100A08
.text C:\Users\derya\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3900] USER32.dll!UnhookWinEvent 75FFB750 5 Bytes JMP 001003FC
.text C:\Users\derya\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3900] USER32.dll!SetWindowsHookExW 75FFE30C 5 Bytes JMP 00100804
.text C:\Users\derya\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3900] USER32.dll!SetWinEventHook 760024DC 5 Bytes JMP 001001F8
.text C:\Users\derya\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3900] USER32.dll!SetWindowsHookExA 76026D0C 5 Bytes JMP 00100600
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4000] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 001703FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4000] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 001701F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4000] KERNEL32.dll!GetBinaryTypeW + 70 75E569F4 1 Byte [62]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4000] USER32.dll!UnhookWindowsHookEx 75FFADF9 5 Bytes JMP 001A0A08
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4000] USER32.dll!UnhookWinEvent 75FFB750 5 Bytes JMP 001A03FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4000] USER32.dll!SetWindowsHookExW 75FFE30C 5 Bytes JMP 001A0804
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4000] USER32.dll!SetWinEventHook 760024DC 5 Bytes JMP 001A01F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[4000] USER32.dll!SetWindowsHookExA 76026D0C 5 Bytes JMP 001A0600
.text C:\Windows\system32\SearchIndexer.exe[4016] ntdll.dll!LdrUnloadDll 770AC86E 5 Bytes JMP 000E03FC
.text C:\Windows\system32\SearchIndexer.exe[4016] ntdll.dll!LdrLoadDll 770B223E 5 Bytes JMP 000E01F8
.text C:\Windows\system32\SearchIndexer.exe[4016] KERNEL32.dll!GetBinaryTypeW + 70 75E569F4 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[4016] USER32.dll!UnhookWindowsHookEx 75FFADF9 5 Bytes JMP 00140A08
.text C:\Windows\system32\SearchIndexer.exe[4016] USER32.dll!UnhookWinEvent 75FFB750 5 Bytes JMP 001403FC
.text C:\Windows\system32\SearchIndexer.exe[4016] USER32.dll!SetWindowsHookExW 75FFE30C 5 Bytes JMP 00140804
.text C:\Windows\system32\SearchIndexer.exe[4016] USER32.dll!SetWinEventHook 760024DC 5 Bytes JMP 001401F8
.text C:\Windows\system32\SearchIndexer.exe[4016] USER32.dll!SetWindowsHookExA 76026D0C 5 Bytes JMP 00140600
.text C:\Users\derya\Desktop\gmer_2.1.19163.exe[4736] kernel32.dll!GetBinaryTypeW + 70 75E569F4 1 Byte [62]
---- Devices - GMER 2.1 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Driver\BTHUSB \Device\00000070 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000072 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4cedde7dd04a
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Upgrade\LocalRadioSettings
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4cedde7dd04a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Upgrade\LocalRadioSettings (not active ControlSet)
---- EOF - GMER 2.1 ----
Malwarebytes Anti-Rootkit BETA 1.05.0.1001 Malwarebytes : Free Anti-Malware download Database version: v2013.04.13.08 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 derya :: DERYA-PC [administrator] 14.04.2013 14:41:02 mbar-log-2013-04-14 (14-41-02).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 27046 Time elapsed: 18 minute(s), 45 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) |
|
14.04.2013, 15:24
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Lizenz-Daten konnten nicht korrekt geschrieben werden. aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.04.2013, 18:29
| #11 |
| | Lizenz-Daten konnten nicht korrekt geschrieben werden. hi! ich sende die ergebnisse. beim scan mit tdsskiller ist ein threat gefunden worden aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software Run date: 2013-04-14 18:52:27 ----------------------------- 18:52:27.470 OS Version: Windows 6.1.7601 Service Pack 1 18:52:27.470 Number of processors: 4 586 0x1C0A 18:52:27.485 ComputerName: DERYA-PC UserName: derya 18:52:28.234 Initialize success 18:52:28.468 AVAST engine defs: 13041400 18:52:34.271 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 18:52:34.271 Disk 0 Vendor: SAMSUNG_HM250HI 2AC101C4 Size: 238475MB BusType: 11 18:52:34.396 Disk 0 MBR read successfully 18:52:34.396 Disk 0 MBR scan 18:52:34.412 Disk 0 Windows 7 default MBR code 18:52:34.427 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 18:52:34.490 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848 18:52:34.521 Disk 0 scanning sectors +488394752 18:52:34.615 Disk 0 scanning C:\Windows\system32\drivers 18:52:53.990 Service scanning 18:53:19.168 Modules scanning 18:53:30.400 Disk 0 trace - called modules: 18:53:30.431 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys 18:53:30.463 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x843ba4c8] 18:53:30.478 3 CLASSPNP.SYS[8677d59e] -> nt!IofCallDriver -> [0x8427c918] 18:53:30.494 5 ACPI.sys[862b13d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84244030] 18:53:31.227 AVAST engine scan C:\Windows 18:53:34.207 AVAST engine scan C:\Windows\system32 18:56:57.693 AVAST engine scan C:\Windows\system32\drivers 18:57:17.178 AVAST engine scan C:\Users\derya 19:09:11.191 AVAST engine scan C:\ProgramData 19:09:36.713 Scan finished successfully 19:12:17.362 Disk 0 MBR has been saved successfully to "C:\Users\derya\Desktop\MBR.dat" 19:12:17.377 The log file has been saved successfully to "C:\Users\derya\Desktop\aswMBR.txt" 19:21:51.0678 1144 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 19:21:52.0006 1144 ============================================================ 19:21:52.0006 1144 Current date / time: 2013/04/14 19:21:52.0006 19:21:52.0006 1144 SystemInfo: 19:21:52.0006 1144 19:21:52.0006 1144 OS Version: 6.1.7601 ServicePack: 1.0 19:21:52.0006 1144 Product type: Workstation 19:21:52.0021 1144 ComputerName: DERYA-PC 19:21:52.0021 1144 UserName: derya 19:21:52.0021 1144 Windows directory: C:\Windows 19:21:52.0021 1144 System windows directory: C:\Windows 19:21:52.0021 1144 Processor architecture: Intel x86 19:21:52.0021 1144 Number of processors: 4 19:21:52.0021 1144 Page size: 0x1000 19:21:52.0021 1144 Boot type: Normal boot 19:21:52.0021 1144 ============================================================ 19:21:54.0205 1144 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 19:21:54.0221 1144 ============================================================ 19:21:54.0221 1144 \Device\Harddisk0\DR0: 19:21:54.0221 1144 MBR partitions: 19:21:54.0221 1144 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 19:21:54.0237 1144 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800 19:21:54.0237 1144 ============================================================ 19:21:54.0268 1144 C: <-> \Device\Harddisk0\DR0\Partition2 19:21:54.0283 1144 ============================================================ 19:21:54.0283 1144 Initialize success 19:21:54.0283 1144 ============================================================ 19:22:16.0498 2632 ============================================================ 19:22:16.0498 2632 Scan started 19:22:16.0498 2632 Mode: Manual; SigCheck; TDLFS; 19:22:16.0498 2632 ============================================================ 19:22:16.0981 2632 ================ Scan system memory ======================== 19:22:16.0981 2632 System memory - ok 19:22:16.0981 2632 ================ Scan services ============================= 19:22:17.0200 2632 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 19:22:17.0527 2632 1394ohci - ok 19:22:17.0590 2632 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys 19:22:17.0637 2632 ACPI - ok 19:22:17.0683 2632 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 19:22:17.0793 2632 AcpiPmi - ok 19:22:17.0871 2632 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 19:22:17.0917 2632 AdobeARMservice - ok 19:22:17.0980 2632 [ 479901C99FA62D1C3261B7ACB1228DAD ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 19:22:18.0027 2632 AdobeFlashPlayerUpdateSvc - ok 19:22:18.0089 2632 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 19:22:18.0151 2632 adp94xx - ok 19:22:18.0183 2632 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 19:22:18.0245 2632 adpahci - ok 19:22:18.0261 2632 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 19:22:18.0323 2632 adpu320 - ok 19:22:18.0354 2632 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 19:22:18.0526 2632 AeLookupSvc - ok 19:22:18.0588 2632 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys 19:22:18.0713 2632 AFD - ok 19:22:18.0760 2632 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys 19:22:18.0791 2632 agp440 - ok 19:22:18.0853 2632 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys 19:22:18.0900 2632 aic78xx - ok 19:22:18.0931 2632 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe 19:22:19.0025 2632 ALG - ok 19:22:19.0056 2632 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys 19:22:19.0087 2632 aliide - ok 19:22:19.0119 2632 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys 19:22:19.0165 2632 amdagp - ok 19:22:19.0197 2632 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys 19:22:19.0243 2632 amdide - ok 19:22:19.0275 2632 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 19:22:19.0368 2632 AmdK8 - ok 19:22:19.0399 2632 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 19:22:19.0493 2632 AmdPPM - ok 19:22:19.0540 2632 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys 19:22:19.0587 2632 amdsata - ok 19:22:19.0602 2632 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 19:22:19.0649 2632 amdsbs - ok 19:22:19.0680 2632 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys 19:22:19.0727 2632 amdxata - ok 19:22:19.0774 2632 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys 19:22:19.0930 2632 AppID - ok 19:22:19.0961 2632 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll 19:22:20.0070 2632 AppIDSvc - ok 19:22:20.0101 2632 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll 19:22:20.0211 2632 Appinfo - ok 19:22:20.0304 2632 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys 19:22:20.0351 2632 arc - ok 19:22:20.0367 2632 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 19:22:20.0413 2632 arcsas - ok 19:22:20.0445 2632 [ CCDA8D84FD02AEC52E62F296433AE9DC ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys 19:22:20.0507 2632 aswFsBlk - ok 19:22:20.0554 2632 [ A6E20E62871A28A0F1C05B1681848FA7 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys 19:22:20.0585 2632 aswMonFlt - ok 19:22:20.0616 2632 [ 6844738D52970A0F482768EEA941C78E ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys 19:22:20.0647 2632 aswRdr - ok 19:22:20.0679 2632 [ 657A61979F40D67CA29716149766FFA7 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys 19:22:20.0710 2632 aswRvrt - ok 19:22:20.0757 2632 [ 0E604867FC28F00D91CB0B00D2EC830D ] aswSnx C:\Windows\system32\drivers\aswSnx.sys 19:22:20.0850 2632 aswSnx - ok 19:22:20.0881 2632 [ 6FC4AA106AA505394C908D37CCCB9148 ] aswSP C:\Windows\system32\drivers\aswSP.sys 19:22:20.0944 2632 aswSP - ok 19:22:20.0959 2632 [ 33E21FFB063CA6C7E00D568467DC72E4 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys 19:22:21.0006 2632 aswTdi - ok 19:22:21.0037 2632 [ EDB0C9BA44B748E420CCA989FD8B826E ] aswVmm C:\Windows\system32\drivers\aswVmm.sys 19:22:21.0084 2632 aswVmm - ok 19:22:21.0131 2632 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 19:22:21.0303 2632 AsyncMac - ok 19:22:21.0349 2632 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys 19:22:21.0381 2632 atapi - ok 19:22:21.0443 2632 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 19:22:21.0568 2632 AudioEndpointBuilder - ok 19:22:21.0583 2632 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll 19:22:21.0708 2632 Audiosrv - ok 19:22:21.0786 2632 [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe 19:22:21.0833 2632 avast! Antivirus - ok 19:22:21.0880 2632 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll 19:22:22.0020 2632 AxInstSV - ok 19:22:22.0067 2632 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys 19:22:22.0176 2632 b06bdrv - ok 19:22:22.0223 2632 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 19:22:22.0285 2632 b57nd60x - ok 19:22:22.0473 2632 [ 9E209171C51B1D750F53777253B80E81 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys 19:22:22.0738 2632 BCM43XX - ok 19:22:22.0800 2632 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll 19:22:22.0941 2632 BDESVC - ok 19:22:22.0972 2632 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys 19:22:23.0097 2632 Beep - ok 19:22:23.0175 2632 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll 19:22:23.0284 2632 BFE - ok 19:22:23.0331 2632 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll 19:22:23.0471 2632 BITS - ok 19:22:23.0502 2632 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 19:22:23.0565 2632 blbdrive - ok 19:22:23.0611 2632 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 19:22:23.0721 2632 bowser - ok 19:22:23.0767 2632 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 19:22:23.0877 2632 BrFiltLo - ok 19:22:23.0892 2632 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 19:22:23.0955 2632 BrFiltUp - ok 19:22:24.0001 2632 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 19:22:24.0111 2632 BridgeMP - ok 19:22:24.0157 2632 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll 19:22:24.0282 2632 Browser - ok 19:22:24.0313 2632 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys 19:22:24.0407 2632 Brserid - ok 19:22:24.0438 2632 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 19:22:24.0501 2632 BrSerWdm - ok 19:22:24.0547 2632 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 19:22:24.0610 2632 BrUsbMdm - ok 19:22:24.0625 2632 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 19:22:24.0703 2632 BrUsbSer - ok 19:22:24.0766 2632 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files\Browny02\BrYNSvc.exe 19:22:24.0813 2632 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning 19:22:24.0813 2632 BrYNSvc - detected UnsignedFile.Multi.Generic (1) 19:22:24.0875 2632 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 19:22:25.0031 2632 BthEnum - ok 19:22:25.0062 2632 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 19:22:25.0140 2632 BTHMODEM - ok 19:22:25.0187 2632 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 19:22:25.0265 2632 BthPan - ok 19:22:25.0312 2632 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 19:22:25.0390 2632 BTHPORT - ok 19:22:25.0437 2632 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll 19:22:25.0546 2632 bthserv - ok 19:22:25.0577 2632 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 19:22:25.0639 2632 BTHUSB - ok 19:22:25.0686 2632 [ 2A0DE6423D6BE95C96124FC66046176E ] BTWAMPFL C:\Windows\system32\drivers\btwampfl.sys 19:22:25.0733 2632 BTWAMPFL - ok 19:22:25.0795 2632 [ CC0A5E69D19B5C1ECC6CF9BF3ACC3969 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys 19:22:25.0842 2632 btwaudio - ok 19:22:25.0889 2632 [ 9ABEA4DC976E3F47DA2D4B169719CBAA ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys 19:22:25.0920 2632 btwavdt - ok 19:22:25.0998 2632 [ 96B820A53634C81F801AFEB132613B6B ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 19:22:26.0061 2632 btwdins - ok 19:22:26.0092 2632 [ A94032A7755164E13C75E0E7409AFD65 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys 19:22:26.0139 2632 btwl2cap - ok 19:22:26.0154 2632 [ 1E5468447E4D18FBEA5F01267D6495A5 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys 19:22:26.0185 2632 btwrchid - ok 19:22:26.0310 2632 catchme - ok 19:22:26.0341 2632 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 19:22:26.0451 2632 cdfs - ok 19:22:26.0497 2632 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 19:22:26.0560 2632 cdrom - ok 19:22:26.0607 2632 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll 19:22:26.0700 2632 CertPropSvc - ok 19:22:26.0747 2632 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys 19:22:26.0794 2632 circlass - ok 19:22:26.0841 2632 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys 19:22:26.0887 2632 CLFS - ok 19:22:26.0997 2632 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 19:22:27.0028 2632 clr_optimization_v2.0.50727_32 - ok 19:22:27.0106 2632 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 19:22:27.0168 2632 clr_optimization_v4.0.30319_32 - ok 19:22:27.0215 2632 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 19:22:27.0277 2632 CmBatt - ok 19:22:27.0309 2632 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys 19:22:27.0371 2632 cmdide - ok 19:22:27.0418 2632 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys 19:22:27.0511 2632 CNG - ok 19:22:27.0543 2632 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 19:22:27.0589 2632 Compbatt - ok 19:22:27.0621 2632 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 19:22:27.0714 2632 CompositeBus - ok 19:22:27.0745 2632 COMSysApp - ok 19:22:27.0761 2632 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 19:22:27.0808 2632 crcdisk - ok 19:22:27.0870 2632 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll 19:22:27.0979 2632 CryptSvc - ok 19:22:28.0026 2632 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll 19:22:28.0151 2632 DcomLaunch - ok 19:22:28.0198 2632 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll 19:22:28.0323 2632 defragsvc - ok 19:22:28.0369 2632 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 19:22:28.0479 2632 DfsC - ok 19:22:28.0557 2632 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll 19:22:28.0681 2632 Dhcp - ok 19:22:28.0713 2632 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys 19:22:28.0806 2632 discache - ok 19:22:28.0853 2632 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys 19:22:28.0900 2632 Disk - ok 19:22:28.0931 2632 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll 19:22:29.0040 2632 Dnscache - ok 19:22:29.0087 2632 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll 19:22:29.0181 2632 dot3svc - ok 19:22:29.0227 2632 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll 19:22:29.0368 2632 DPS - ok 19:22:29.0415 2632 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 19:22:29.0477 2632 drmkaud - ok 19:22:29.0539 2632 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 19:22:29.0617 2632 DXGKrnl - ok 19:22:29.0649 2632 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll 19:22:29.0758 2632 EapHost - ok 19:22:29.0898 2632 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys 19:22:30.0070 2632 ebdrv - ok 19:22:30.0132 2632 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe 19:22:30.0195 2632 EFS - ok 19:22:30.0257 2632 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 19:22:30.0320 2632 elxstor - ok 19:22:30.0335 2632 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys 19:22:30.0413 2632 ErrDev - ok 19:22:30.0491 2632 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll 19:22:30.0616 2632 EventSystem - ok 19:22:30.0663 2632 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys 19:22:30.0772 2632 exfat - ok 19:22:30.0788 2632 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys 19:22:30.0897 2632 fastfat - ok 19:22:30.0959 2632 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe 19:22:31.0100 2632 Fax - ok 19:22:31.0146 2632 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 19:22:31.0209 2632 fdc - ok 19:22:31.0240 2632 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll 19:22:31.0349 2632 fdPHost - ok 19:22:31.0380 2632 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll 19:22:31.0490 2632 FDResPub - ok 19:22:31.0521 2632 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 19:22:31.0568 2632 FileInfo - ok 19:22:31.0583 2632 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 19:22:31.0677 2632 Filetrace - ok 19:22:31.0708 2632 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 19:22:31.0786 2632 flpydisk - ok 19:22:31.0817 2632 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 19:22:31.0864 2632 FltMgr - ok 19:22:31.0926 2632 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll 19:22:32.0082 2632 FontCache - ok 19:22:32.0160 2632 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 19:22:32.0192 2632 FontCache3.0.0.0 - ok 19:22:32.0223 2632 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 19:22:32.0270 2632 FsDepends - ok 19:22:32.0301 2632 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 19:22:32.0348 2632 Fs_Rec - ok 19:22:32.0394 2632 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 19:22:32.0472 2632 fvevol - ok 19:22:32.0519 2632 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 19:22:32.0566 2632 gagp30kx - ok 19:22:32.0613 2632 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll 19:22:32.0738 2632 gpsvc - ok 19:22:32.0769 2632 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 19:22:32.0925 2632 hcw85cir - ok 19:22:32.0987 2632 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 19:22:33.0065 2632 HdAudAddService - ok 19:22:33.0096 2632 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 19:22:33.0190 2632 HDAudBus - ok 19:22:33.0237 2632 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 19:22:33.0284 2632 HidBatt - ok 19:22:33.0330 2632 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 19:22:33.0393 2632 HidBth - ok 19:22:33.0440 2632 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 19:22:33.0502 2632 HidIr - ok 19:22:33.0533 2632 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll 19:22:33.0642 2632 hidserv - ok 19:22:33.0705 2632 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 19:22:33.0783 2632 HidUsb - ok 19:22:33.0814 2632 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll 19:22:33.0923 2632 hkmsvc - ok 19:22:33.0954 2632 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 19:22:34.0110 2632 HomeGroupListener - ok 19:22:34.0173 2632 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 19:22:34.0235 2632 HomeGroupProvider - ok 19:22:34.0282 2632 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 19:22:34.0329 2632 HpSAMD - ok 19:22:34.0391 2632 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys 19:22:34.0532 2632 HTTP - ok 19:22:34.0578 2632 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 19:22:34.0610 2632 hwpolicy - ok 19:22:34.0656 2632 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 19:22:34.0719 2632 i8042prt - ok 19:22:34.0766 2632 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 19:22:34.0844 2632 iaStorV - ok 19:22:34.0922 2632 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 19:22:35.0000 2632 idsvc - ok 19:22:35.0187 2632 [ D0074897C6BC132F3980EA4654BF7FB9 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys 19:22:35.0499 2632 igfx - ok 19:22:35.0546 2632 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 19:22:35.0592 2632 iirsp - ok 19:22:35.0655 2632 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll 19:22:35.0780 2632 IKEEXT - ok 19:22:35.0842 2632 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys 19:22:35.0873 2632 intelide - ok 19:22:35.0904 2632 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 19:22:35.0982 2632 intelppm - ok 19:22:36.0029 2632 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 19:22:36.0154 2632 IPBusEnum - ok 19:22:36.0185 2632 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 19:22:36.0279 2632 IpFilterDriver - ok 19:22:36.0326 2632 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 19:22:36.0482 2632 iphlpsvc - ok 19:22:36.0513 2632 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 19:22:36.0575 2632 IPMIDRV - ok 19:22:36.0606 2632 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys 19:22:36.0716 2632 IPNAT - ok 19:22:36.0762 2632 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys 19:22:36.0887 2632 IRENUM - ok 19:22:36.0918 2632 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys 19:22:36.0965 2632 isapnp - ok 19:22:37.0012 2632 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 19:22:37.0074 2632 iScsiPrt - ok 19:22:37.0106 2632 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 19:22:37.0152 2632 kbdclass - ok 19:22:37.0184 2632 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 19:22:37.0246 2632 kbdhid - ok 19:22:37.0277 2632 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe 19:22:37.0340 2632 KeyIso - ok 19:22:37.0355 2632 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 19:22:37.0402 2632 KSecDD - ok 19:22:37.0433 2632 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 19:22:37.0480 2632 KSecPkg - ok 19:22:37.0527 2632 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll 19:22:37.0667 2632 KtmRm - ok 19:22:37.0714 2632 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll 19:22:37.0823 2632 LanmanServer - ok 19:22:37.0870 2632 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 19:22:37.0979 2632 LanmanWorkstation - ok 19:22:38.0042 2632 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 19:22:38.0151 2632 lltdio - ok 19:22:38.0198 2632 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll 19:22:38.0307 2632 lltdsvc - ok 19:22:38.0322 2632 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll 19:22:38.0416 2632 lmhosts - ok 19:22:38.0463 2632 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 19:22:38.0510 2632 LSI_FC - ok 19:22:38.0525 2632 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 19:22:38.0572 2632 LSI_SAS - ok 19:22:38.0603 2632 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 19:22:38.0650 2632 LSI_SAS2 - ok 19:22:38.0650 2632 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 19:22:38.0697 2632 LSI_SCSI - ok 19:22:38.0744 2632 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys 19:22:38.0853 2632 luafv - ok 19:22:38.0868 2632 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 19:22:38.0915 2632 megasas - ok 19:22:38.0946 2632 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 19:22:38.0993 2632 MegaSR - ok 19:22:39.0024 2632 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll 19:22:39.0149 2632 MMCSS - ok 19:22:39.0196 2632 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys 19:22:39.0290 2632 Modem - ok 19:22:39.0321 2632 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 19:22:39.0399 2632 monitor - ok 19:22:39.0446 2632 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys 19:22:39.0492 2632 mouclass - ok 19:22:39.0539 2632 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 19:22:39.0602 2632 mouhid - ok 19:22:39.0633 2632 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 19:22:39.0680 2632 mountmgr - ok 19:22:39.0758 2632 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 19:22:39.0804 2632 MozillaMaintenance - ok 19:22:39.0836 2632 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys 19:22:39.0882 2632 mpio - ok 19:22:39.0914 2632 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 19:22:40.0007 2632 mpsdrv - ok 19:22:40.0054 2632 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll 19:22:40.0179 2632 MpsSvc - ok 19:22:40.0241 2632 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 19:22:40.0304 2632 MRxDAV - ok 19:22:40.0350 2632 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 19:22:40.0475 2632 mrxsmb - ok 19:22:40.0522 2632 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 19:22:40.0584 2632 mrxsmb10 - ok 19:22:40.0616 2632 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 19:22:40.0662 2632 mrxsmb20 - ok 19:22:40.0709 2632 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys 19:22:40.0740 2632 msahci - ok 19:22:40.0803 2632 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys 19:22:40.0850 2632 msdsm - ok 19:22:40.0865 2632 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe 19:22:40.0943 2632 MSDTC - ok 19:22:41.0006 2632 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys 19:22:41.0099 2632 Msfs - ok 19:22:41.0130 2632 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 19:22:41.0240 2632 mshidkmdf - ok 19:22:41.0271 2632 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 19:22:41.0318 2632 msisadrv - ok 19:22:41.0364 2632 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 19:22:41.0458 2632 MSiSCSI - ok 19:22:41.0474 2632 msiserver - ok 19:22:41.0505 2632 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 19:22:41.0598 2632 MSKSSRV - ok 19:22:41.0630 2632 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 19:22:41.0739 2632 MSPCLOCK - ok 19:22:41.0770 2632 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 19:22:41.0848 2632 MSPQM - ok 19:22:41.0910 2632 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 19:22:41.0957 2632 MsRPC - ok 19:22:42.0004 2632 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 19:22:42.0051 2632 mssmbios - ok 19:22:42.0082 2632 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 19:22:42.0160 2632 MSTEE - ok 19:22:42.0191 2632 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 19:22:42.0254 2632 MTConfig - ok 19:22:42.0300 2632 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys 19:22:42.0347 2632 Mup - ok 19:22:42.0378 2632 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll 19:22:42.0503 2632 napagent - ok 19:22:42.0566 2632 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 19:22:42.0644 2632 NativeWifiP - ok 19:22:42.0690 2632 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys 19:22:42.0768 2632 NDIS - ok 19:22:42.0815 2632 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 19:22:42.0924 2632 NdisCap - ok 19:22:42.0956 2632 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 19:22:43.0065 2632 NdisTapi - ok 19:22:43.0112 2632 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 19:22:43.0236 2632 Ndisuio - ok 19:22:43.0268 2632 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 19:22:43.0377 2632 NdisWan - ok 19:22:43.0424 2632 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 19:22:43.0517 2632 NDProxy - ok 19:22:43.0580 2632 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 19:22:43.0689 2632 NetBIOS - ok 19:22:43.0736 2632 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 19:22:43.0845 2632 NetBT - ok 19:22:43.0860 2632 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe 19:22:43.0907 2632 Netlogon - ok 19:22:43.0970 2632 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll 19:22:44.0079 2632 Netman - ok 19:22:44.0126 2632 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll 19:22:44.0250 2632 netprofm - ok 19:22:44.0282 2632 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 19:22:44.0328 2632 NetTcpPortSharing - ok 19:22:44.0375 2632 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 19:22:44.0422 2632 nfrd960 - ok 19:22:44.0453 2632 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll 19:22:44.0531 2632 NlaSvc - ok 19:22:44.0562 2632 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys 19:22:44.0656 2632 Npfs - ok 19:22:44.0687 2632 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll 19:22:44.0781 2632 nsi - ok 19:22:44.0812 2632 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 19:22:44.0937 2632 nsiproxy - ok 19:22:45.0030 2632 [ 9CDAEBE5160B9AF02AE17C62BDB6C4B5 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 19:22:45.0124 2632 Ntfs - ok 19:22:45.0140 2632 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys 19:22:45.0264 2632 Null - ok 19:22:45.0311 2632 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys 19:22:45.0358 2632 nvraid - ok 19:22:45.0420 2632 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys 19:22:45.0483 2632 nvstor - ok 19:22:45.0530 2632 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 19:22:45.0576 2632 nv_agp - ok 19:22:45.0592 2632 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 19:22:45.0654 2632 ohci1394 - ok 19:22:45.0701 2632 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 19:22:45.0810 2632 p2pimsvc - ok 19:22:45.0842 2632 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll 19:22:45.0904 2632 p2psvc - ok 19:22:45.0935 2632 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys 19:22:46.0013 2632 Parport - ok 19:22:46.0060 2632 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys 19:22:46.0107 2632 partmgr - ok 19:22:46.0138 2632 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys 19:22:46.0200 2632 Parvdm - ok 19:22:46.0263 2632 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll 19:22:46.0325 2632 PcaSvc - ok 19:22:46.0356 2632 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys 19:22:46.0403 2632 pci - ok 19:22:46.0450 2632 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys 19:22:46.0481 2632 pciide - ok 19:22:46.0512 2632 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 19:22:46.0559 2632 pcmcia - ok 19:22:46.0575 2632 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys 19:22:46.0622 2632 pcw - ok 19:22:46.0668 2632 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys 19:22:46.0793 2632 PEAUTH - ok 19:22:46.0918 2632 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll 19:22:47.0090 2632 pla - ok 19:22:47.0136 2632 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll 19:22:47.0261 2632 PlugPlay - ok 19:22:47.0308 2632 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 19:22:47.0386 2632 PNRPAutoReg - ok 19:22:47.0417 2632 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 19:22:47.0480 2632 PNRPsvc - ok 19:22:47.0526 2632 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 19:22:47.0636 2632 PolicyAgent - ok 19:22:47.0698 2632 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll 19:22:47.0807 2632 Power - ok 19:22:47.0870 2632 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 19:22:47.0979 2632 PptpMiniport - ok 19:22:48.0026 2632 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys 19:22:48.0072 2632 Processor - ok 19:22:48.0119 2632 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll 19:22:48.0228 2632 ProfSvc - ok 19:22:48.0260 2632 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe 19:22:48.0306 2632 ProtectedStorage - ok 19:22:48.0353 2632 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys 19:22:48.0478 2632 Psched - ok 19:22:48.0540 2632 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 19:22:48.0650 2632 ql2300 - ok 19:22:48.0681 2632 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 19:22:48.0743 2632 ql40xx - ok 19:22:48.0774 2632 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll 19:22:48.0868 2632 QWAVE - ok 19:22:48.0884 2632 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 19:22:48.0962 2632 QWAVEdrv - ok 19:22:48.0993 2632 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 19:22:49.0086 2632 RasAcd - ok 19:22:49.0133 2632 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 19:22:49.0242 2632 RasAgileVpn - ok 19:22:49.0258 2632 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll 19:22:49.0352 2632 RasAuto - ok 19:22:49.0398 2632 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 19:22:49.0508 2632 Rasl2tp - ok 19:22:49.0554 2632 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll 19:22:49.0664 2632 RasMan - ok 19:22:49.0695 2632 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 19:22:49.0804 2632 RasPppoe - ok 19:22:49.0835 2632 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 19:22:49.0929 2632 RasSstp - ok 19:22:49.0991 2632 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 19:22:50.0100 2632 rdbss - ok 19:22:50.0147 2632 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 19:22:50.0194 2632 rdpbus - ok 19:22:50.0225 2632 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 19:22:50.0319 2632 RDPCDD - ok 19:22:50.0381 2632 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 19:22:50.0459 2632 RDPENCDD - ok 19:22:50.0490 2632 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 19:22:50.0584 2632 RDPREFMP - ok 19:22:50.0615 2632 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 19:22:50.0740 2632 RDPWD - ok 19:22:50.0787 2632 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 19:22:50.0834 2632 rdyboost - ok 19:22:50.0865 2632 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll 19:22:50.0990 2632 RemoteAccess - ok 19:22:51.0036 2632 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll 19:22:51.0146 2632 RemoteRegistry - ok 19:22:51.0192 2632 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 19:22:51.0255 2632 RFCOMM - ok 19:22:51.0286 2632 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 19:22:51.0411 2632 RpcEptMapper - ok 19:22:51.0458 2632 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe 19:22:51.0551 2632 RpcLocator - ok 19:22:51.0598 2632 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll 19:22:51.0707 2632 RpcSs - ok 19:22:51.0754 2632 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 19:22:51.0863 2632 rspndr - ok 19:22:51.0894 2632 [ 6E5FBB7CBAEC47038B945D5E9B144A64 ] SABI C:\Windows\system32\Drivers\SABI.sys 19:22:52.0004 2632 SABI - ok 19:22:52.0035 2632 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe 19:22:52.0082 2632 SamSs - ok 19:22:52.0113 2632 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 19:22:52.0160 2632 sbp2port - ok 19:22:52.0206 2632 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll 19:22:52.0316 2632 SCardSvr - ok 19:22:52.0347 2632 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 19:22:52.0456 2632 scfilter - ok 19:22:52.0503 2632 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll 19:22:52.0628 2632 Schedule - ok 19:22:52.0659 2632 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll 19:22:52.0752 2632 SCPolicySvc - ok 19:22:52.0799 2632 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll 19:22:52.0893 2632 SDRSVC - ok 19:22:52.0940 2632 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 19:22:53.0064 2632 secdrv - ok 19:22:53.0096 2632 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll 19:22:53.0189 2632 seclogon - ok 19:22:53.0236 2632 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll 19:22:53.0330 2632 SENS - ok 19:22:53.0361 2632 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 19:22:53.0408 2632 Serenum - ok 19:22:53.0439 2632 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys 19:22:53.0486 2632 Serial - ok 19:22:53.0517 2632 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 19:22:53.0579 2632 sermouse - ok 19:22:53.0642 2632 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll 19:22:53.0735 2632 SessionEnv - ok 19:22:53.0782 2632 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 19:22:53.0860 2632 sffdisk - ok 19:22:53.0891 2632 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 19:22:53.0969 2632 sffp_mmc - ok 19:22:54.0000 2632 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 19:22:54.0078 2632 sffp_sd - ok 19:22:54.0125 2632 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 19:22:54.0188 2632 sfloppy - ok 19:22:54.0234 2632 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll 19:22:54.0328 2632 SharedAccess - ok 19:22:54.0375 2632 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 19:22:54.0484 2632 ShellHWDetection - ok 19:22:54.0515 2632 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys 19:22:54.0562 2632 sisagp - ok 19:22:54.0593 2632 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 19:22:54.0640 2632 SiSRaid2 - ok 19:22:54.0656 2632 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 19:22:54.0702 2632 SiSRaid4 - ok 19:22:54.0765 2632 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe 19:22:54.0796 2632 SkypeUpdate - ok 19:22:54.0843 2632 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys 19:22:54.0952 2632 Smb - ok 19:22:55.0014 2632 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 19:22:55.0077 2632 SNMPTRAP - ok 19:22:55.0092 2632 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys 19:22:55.0139 2632 spldr - ok 19:22:55.0186 2632 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe 19:22:55.0326 2632 Spooler - ok 19:22:55.0451 2632 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe 19:22:55.0638 2632 sppsvc - ok 19:22:55.0670 2632 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll 19:22:55.0794 2632 sppuinotify - ok 19:22:55.0857 2632 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys 19:22:55.0966 2632 srv - ok 19:22:55.0997 2632 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 19:22:56.0060 2632 srv2 - ok 19:22:56.0075 2632 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 19:22:56.0153 2632 srvnet - ok 19:22:56.0184 2632 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 19:22:56.0309 2632 SSDPSRV - ok 19:22:56.0340 2632 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll 19:22:56.0450 2632 SstpSvc - ok 19:22:56.0481 2632 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 19:22:56.0528 2632 stexstor - ok 19:22:56.0590 2632 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll 19:22:56.0684 2632 StiSvc - ok 19:22:56.0715 2632 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys 19:22:56.0762 2632 swenum - ok 19:22:56.0808 2632 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll 19:22:56.0933 2632 swprv - ok 19:22:57.0027 2632 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll 19:22:57.0136 2632 SysMain - ok 19:22:57.0167 2632 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll 19:22:57.0230 2632 TabletInputService - ok 19:22:57.0276 2632 [ 2D631E8B09C2D6DA3EF8D12797A9FA44 ] taphss6 C:\Windows\system32\DRIVERS\taphss6.sys 19:22:57.0323 2632 taphss6 - ok 19:22:57.0370 2632 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll 19:22:57.0479 2632 TapiSrv - ok 19:22:57.0526 2632 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll 19:22:57.0635 2632 TBS - ok 19:22:57.0713 2632 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 19:22:57.0822 2632 Tcpip - ok 19:22:57.0869 2632 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 19:22:57.0963 2632 TCPIP6 - ok 19:22:58.0010 2632 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 19:22:58.0072 2632 tcpipreg - ok 19:22:58.0103 2632 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 19:22:58.0181 2632 TDPIPE - ok 19:22:58.0212 2632 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 19:22:58.0275 2632 TDTCP - ok 19:22:58.0322 2632 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 19:22:58.0446 2632 tdx - ok 19:22:58.0493 2632 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys 19:22:58.0524 2632 TermDD - ok 19:22:58.0571 2632 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll 19:22:58.0696 2632 TermService - ok 19:22:58.0727 2632 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll 19:22:58.0821 2632 Themes - ok 19:22:58.0868 2632 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll 19:22:58.0961 2632 THREADORDER - ok 19:22:58.0992 2632 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll 19:22:59.0117 2632 TrkWks - ok 19:22:59.0180 2632 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 19:22:59.0289 2632 TrustedInstaller - ok 19:22:59.0351 2632 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 19:22:59.0460 2632 tssecsrv - ok 19:22:59.0523 2632 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 19:22:59.0601 2632 TsUsbFlt - ok 19:22:59.0648 2632 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 19:22:59.0726 2632 tunnel - ok 19:22:59.0757 2632 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 19:22:59.0804 2632 uagp35 - ok 19:22:59.0850 2632 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys 19:22:59.0960 2632 udfs - ok 19:23:00.0006 2632 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 19:23:00.0100 2632 UI0Detect - ok 19:23:00.0116 2632 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 19:23:00.0162 2632 uliagpkx - ok 19:23:00.0209 2632 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys 19:23:00.0256 2632 umbus - ok 19:23:00.0287 2632 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 19:23:00.0365 2632 UmPass - ok 19:23:00.0412 2632 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll 19:23:00.0537 2632 upnphost - ok 19:23:00.0584 2632 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 19:23:00.0693 2632 usbccgp - ok 19:23:00.0740 2632 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys 19:23:00.0802 2632 usbcir - ok 19:23:00.0833 2632 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 19:23:00.0880 2632 usbehci - ok 19:23:00.0927 2632 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 19:23:01.0005 2632 usbhub - ok 19:23:01.0052 2632 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys 19:23:01.0098 2632 usbohci - ok 19:23:01.0130 2632 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 19:23:01.0192 2632 usbprint - ok 19:23:01.0223 2632 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 19:23:01.0317 2632 USBSTOR - ok 19:23:01.0348 2632 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 19:23:01.0457 2632 usbuhci - ok 19:23:01.0504 2632 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 19:23:01.0582 2632 usbvideo - ok 19:23:01.0644 2632 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll 19:23:01.0754 2632 UxSms - ok 19:23:01.0800 2632 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe 19:23:01.0847 2632 VaultSvc - ok 19:23:01.0878 2632 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 19:23:01.0925 2632 vdrvroot - ok 19:23:01.0972 2632 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe 19:23:02.0081 2632 vds - ok 19:23:02.0144 2632 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 19:23:02.0206 2632 vga - ok 19:23:02.0237 2632 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys 19:23:02.0346 2632 VgaSave - ok 19:23:02.0378 2632 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 19:23:02.0440 2632 vhdmp - ok 19:23:02.0471 2632 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys 19:23:02.0502 2632 viaagp - ok 19:23:02.0534 2632 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys 19:23:02.0596 2632 ViaC7 - ok 19:23:02.0643 2632 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys 19:23:02.0674 2632 viaide - ok 19:23:02.0705 2632 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys 19:23:02.0752 2632 volmgr - ok 19:23:02.0783 2632 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 19:23:02.0830 2632 volmgrx - ok 19:23:02.0861 2632 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys 19:23:02.0908 2632 volsnap - ok 19:23:02.0955 2632 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 19:23:03.0002 2632 vsmraid - ok 19:23:03.0064 2632 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe 19:23:03.0204 2632 VSS - ok 19:23:03.0236 2632 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 19:23:03.0314 2632 vwifibus - ok 19:23:03.0329 2632 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 19:23:03.0407 2632 vwififlt - ok 19:23:03.0454 2632 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll 19:23:03.0594 2632 W32Time - ok 19:23:03.0641 2632 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 19:23:03.0704 2632 WacomPen - ok 19:23:03.0750 2632 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 19:23:03.0860 2632 WANARP - ok 19:23:03.0875 2632 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 19:23:03.0969 2632 Wanarpv6 - ok 19:23:04.0031 2632 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe 19:23:04.0203 2632 wbengine - ok 19:23:04.0250 2632 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 19:23:04.0312 2632 WbioSrvc - ok 19:23:04.0359 2632 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll 19:23:04.0437 2632 wcncsvc - ok 19:23:04.0468 2632 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 19:23:04.0608 2632 WcsPlugInService - ok 19:23:04.0640 2632 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys 19:23:04.0686 2632 Wd - ok 19:23:04.0733 2632 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 19:23:04.0811 2632 Wdf01000 - ok 19:23:04.0827 2632 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll 19:23:04.0936 2632 WdiServiceHost - ok 19:23:04.0936 2632 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll 19:23:05.0014 2632 WdiSystemHost - ok 19:23:05.0045 2632 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll 19:23:05.0154 2632 WebClient - ok 19:23:05.0217 2632 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll 19:23:05.0326 2632 Wecsvc - ok 19:23:05.0357 2632 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll 19:23:05.0466 2632 wercplsupport - ok 19:23:05.0498 2632 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll 19:23:05.0622 2632 WerSvc - ok 19:23:05.0669 2632 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 19:23:05.0763 2632 WfpLwf - ok 19:23:05.0794 2632 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys 19:23:05.0841 2632 WIMMount - ok 19:23:05.0919 2632 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 19:23:06.0012 2632 WinDefend - ok 19:23:06.0044 2632 WinHttpAutoProxySvc - ok 19:23:06.0106 2632 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 19:23:06.0215 2632 Winmgmt - ok 19:23:06.0309 2632 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll 19:23:06.0434 2632 WinRM - ok 19:23:06.0543 2632 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll 19:23:06.0652 2632 Wlansvc - ok 19:23:06.0699 2632 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 19:23:06.0746 2632 WmiAcpi - ok 19:23:06.0792 2632 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 19:23:06.0855 2632 wmiApSrv - ok 19:23:06.0948 2632 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 19:23:07.0089 2632 WMPNetworkSvc - ok 19:23:07.0136 2632 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll 19:23:07.0229 2632 WPCSvc - ok 19:23:07.0245 2632 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 19:23:07.0338 2632 WPDBusEnum - ok 19:23:07.0370 2632 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 19:23:07.0479 2632 ws2ifsl - ok 19:23:07.0510 2632 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll 19:23:07.0588 2632 wscsvc - ok 19:23:07.0588 2632 WSearch - ok 19:23:07.0697 2632 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 19:23:07.0838 2632 wuauserv - ok 19:23:07.0869 2632 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 19:23:07.0931 2632 WudfPf - ok 19:23:07.0994 2632 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 19:23:08.0056 2632 WUDFRd - ok 19:23:08.0103 2632 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 19:23:08.0165 2632 wudfsvc - ok 19:23:08.0212 2632 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll 19:23:08.0306 2632 WwanSvc - ok 19:23:08.0368 2632 [ B07C5B7EFDF936FF93D4F540938725BE ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys 19:23:08.0430 2632 yukonw7 - ok 19:23:08.0462 2632 ================ Scan global =============================== 19:23:08.0508 2632 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll 19:23:08.0540 2632 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll 19:23:08.0571 2632 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll 19:23:08.0618 2632 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll 19:23:08.0664 2632 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe 19:23:08.0680 2632 [Global] - ok 19:23:08.0680 2632 ================ Scan MBR ================================== 19:23:08.0696 2632 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 19:23:09.0101 2632 \Device\Harddisk0\DR0 - ok 19:23:09.0101 2632 ================ Scan VBR ================================== 19:23:09.0101 2632 [ 14C8C3267CB1DB07C545602CF7EAEAA6 ] \Device\Harddisk0\DR0\Partition1 19:23:09.0117 2632 \Device\Harddisk0\DR0\Partition1 - ok 19:23:09.0148 2632 [ E02070AAF2FAC96EE335AC236D40D1D6 ] \Device\Harddisk0\DR0\Partition2 19:23:09.0164 2632 \Device\Harddisk0\DR0\Partition2 - ok 19:23:09.0164 2632 ============================================================ 19:23:09.0164 2632 Scan finished 19:23:09.0164 2632 ============================================================ 19:23:09.0195 4992 Detected object count: 1 19:23:09.0195 4992 Actual detected object count: 1 19:23:51.0954 4992 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user 19:23:51.0954 4992 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip |
|
15.04.2013, 11:53
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Lizenz-Daten konnten nicht korrekt geschrieben werden. Unauffällig JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.04.2013, 23:49
| #13 |
| | Lizenz-Daten konnten nicht korrekt geschrieben werden. hallo. hier sind die ergebnisse ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.8.3 (04.05.2013:1) OS: Windows 7 Starter x86 Ran by derya on 15.04.2013 at 23:34:26,17 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\babylon client Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2070947155-1557344131-3509826172-1000\software\microsoft\internet explorer\main\\Start Page ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_classes_root\appid\babyloniepi.dll Successfully deleted: [Registry Key] hkey_classes_root\babydict Successfully deleted: [Registry Key] hkey_classes_root\babygloss Successfully deleted: [Registry Key] hkey_classes_root\babyloniepi.babyloniebho Successfully deleted: [Registry Key] hkey_classes_root\babyloniepi.babyloniebho.1 Successfully deleted: [Registry Key] hkey_classes_root\babylonofficeaddin.officeaddin Successfully deleted: [Registry Key] hkey_classes_root\babylonofficeaddin.officeaddin.1 Successfully deleted: [Registry Key] hkey_classes_root\babyoptfile Successfully deleted: [Registry Key] hkey_current_user\software\babylon Successfully deleted: [Registry Key] hkey_local_machine\software\babylon Successfully deleted: [Registry Key] hkey_current_user\software\babylontoolbar Successfully deleted: [Registry Key] hkey_current_user\software\conduit Successfully deleted: [Registry Key] hkey_local_machine\software\conduit Failed to delete: [Registry Key] hkey_current_user\software\datamngr Failed to delete: [Registry Key] hkey_local_machine\software\datamngr Failed to delete: [Registry Key] hkey_current_user\software\datamngr_toolbar Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\menuext\translate this web page with babylon Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\menuext\translate with babylon Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\office\powerpoint\addins\babylonofficeaddin.officeaddin Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\office\word\addins\babylonofficeaddin.officeaddin Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\babylon_rasapi32 Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\babylon_rasmancs Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\conduitinstaller_rasapi32 Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\conduitinstaller_rasmancs Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\conduituninstaller_rasapi32 Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\conduituninstaller_rasmancs Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32 Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\app paths\babylon.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT1561552 Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{6ac0bb10-c922-45e2-857d-2a368fe749e5} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} ~~~ Files Successfully deleted: [File] "C:\Users\derya\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\babylon.lnk" Successfully deleted: [File] "C:\end" Successfully deleted: [File] "C:\users\public\desktop\babylon.lnk" Successfully deleted: [File] C:\Windows\prefetch\BABYLON.EXE-45A68AF1.pf ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\babylon" Successfully deleted: [Folder] "C:\Users\derya\AppData\Roaming\babylon" Successfully deleted: [Folder] "C:\Users\derya\appdata\local\babylon" Successfully deleted: [Folder] "C:\Users\derya\appdata\local\conduit" Successfully deleted: [Folder] "C:\Users\derya\appdata\locallow\conduit" Failed to delete: [Folder] "C:\Program Files\babylon" Successfully deleted: [Folder] "C:\Program Files\conduit" Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\babylon" ~~~ FireFox Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml" Successfully deleted: [File] C:\Users\derya\AppData\Roaming\mozilla\firefox\profiles\h4n9x1of.default\invalidprefs.js Successfully deleted: [Folder] "C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com" Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\ocr@babylon.com Emptied folder: C:\Users\derya\AppData\Roaming\mozilla\firefox\profiles\h4n9x1of.default\minidumps [2 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 15.04.2013 at 23:43:54,71 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.200 - Datei am 15/04/2013 um 23:54:18 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Starter Service Pack 1 (32 bits)
# Benutzer : derya - DERYA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\derya\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\derya\AppData\Local\Temp\Uninstall.exe
Datei Gelöscht : C:\Users\derya\AppData\Roaming\Mozilla\Firefox\Profiles\6tiiggbw.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\derya\AppData\Roaming\Mozilla\Firefox\Profiles\jvs0cn2y.default\bprotector_extensions.sqlite
Ordner Gelöscht : C:\Program Files\Babylon
Ordner Gelöscht : C:\Users\derya\AppData\Local\Temp\Babylon
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\5fe8ad8bd38ea12
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\SOFTWARE\5fe8ad8bd38ea12
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Babylon
Schlüssel Gelöscht : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16476
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Users\derya\AppData\Roaming\Mozilla\Firefox\Profiles\h4n9x1of.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [3618 octets] - [15/04/2013 23:54:18]
########## EOF - C:\AdwCleaner[S1].txt - [3678 octets] ##########OTL Logfile:
Code:
ATTFilter OTL logfile created on: 16.04.2013 00:06:12 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\derya\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013,30 Mb Total Physical Memory | 207,23 Mb Available Physical Memory | 20,45% Memory free 1,99 Gb Paging File | 1,15 Gb Available in Paging File | 57,90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 232,79 Gb Total Space | 187,03 Gb Free Space | 80,34% Space Free | Partition Type: NTFS Computer Name: DERYA-PC | User Name: derya | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\derya\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) PRC - C:\Users\derya\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\derya\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Samsung\Samsung Update Plus\SUPBackGround.exe () PRC - C:\Programme\Paragon Software\PONS 7\PONS.exe () ========== Modules (No Company Name) ========== MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Programme\Samsung\Samsung Update Plus\SUPBackGround.exe () MOD - C:\Programme\Samsung\Samsung Update Plus\HMXML.dll () MOD - C:\Programme\Paragon Software\PONS 7\PONS.exe () MOD - C:\Programme\Paragon Software\PONS 7\Engine.dll () MOD - C:\Programme\Paragon Software\PONS 7\morphology.dll () MOD - C:\Programme\Paragon Software\PONS 7\QtCore4.dll () MOD - C:\Programme\Paragon Software\PONS 7\iconengines\qsvg1.dll () MOD - C:\Programme\Paragon Software\PONS 7\QtSvg4.dll () MOD - C:\Programme\Paragon Software\PONS 7\QtNetwork4.dll () MOD - C:\Programme\Paragon Software\PONS 7\QtGui4.dll () MOD - C:\Programme\Paragon Software\PONS 7\QtXml4.dll () MOD - C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (BrYNSvc) -- C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\derya\AppData\Local\Temp\catchme.sys File not found DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys () DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys () DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (taphss6) -- C:\Windows\System32\drivers\taphss6.sys (Anchorfree Inc.) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2070947155-1557344131-3509826172-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-2070947155-1557344131-3509826172-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. IE - HKU\S-1-5-21-2070947155-1557344131-3509826172-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-2070947155-1557344131-3509826172-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 57 12 43 4D 62 14 CE 01 [binary data] IE - HKU\S-1-5-21-2070947155-1557344131-3509826172-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2070947155-1557344131-3509826172-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2070947155-1557344131-3509826172-1000\..\SearchScopes\{23530345-370C-475E-A1B7-29101769EF6E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=469A2950-8C02-4C3A-856A-F800790215CC&apn_sauid=4BB2C14B-1C96-4E19-80F0-974D9791E0A3 IE - HKU\S-1-5-21-2070947155-1557344131-3509826172-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2070947155-1557344131-3509826172-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1483 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.04.11 22:02:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.11 23:48:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.11 23:47:51 | 000,000,000 | ---D | M] [2013.04.10 21:54:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\derya\AppData\Roaming\mozilla\Extensions [2013.04.13 17:29:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\derya\AppData\Roaming\mozilla\Firefox\Profiles\h4n9x1of.default\Extensions [2013.04.13 17:29:13 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\derya\AppData\Roaming\mozilla\firefox\profiles\h4n9x1of.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.04.15 23:43:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.04.11 22:02:37 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2013.04.11 23:48:14 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.11.11 19:47:16 | 001,903,520 | ---- | M] (Caminova, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll [2013.04.11 23:48:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.04.11 23:48:04 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.04.11 23:48:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.04.11 23:48:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.04.11 23:48:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.04.11 23:48:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.12.20 13:37:32 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [PONS 7] C:\Program Files\Paragon Software\PONS 7\PONS.exe () O4 - HKU\S-1-5-21-2070947155-1557344131-3509826172-1000..\Run: [Spotify Web Helper] C:\Users\derya\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - Startup: C:\Users\derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\derya\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2070947155-1557344131-3509826172-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2070947155-1557344131-3509826172-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D1D805D-972F-4927-91B7-1217F928207E}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDF786D4-3E50-4680-BF1C-C158320A7F31}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.15 23:34:17 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.04.15 23:34:06 | 000,000,000 | ---D | C] -- C:\JRT [2013.04.15 23:29:52 | 000,551,587 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\derya\Desktop\JRT.exe [2013.04.14 19:17:09 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\derya\Desktop\tdsskiller.exe [2013.04.14 18:27:59 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\derya\Desktop\aswMBR.exe [2013.04.14 14:19:24 | 000,000,000 | ---D | C] -- C:\Users\derya\Desktop\mbar [2013.04.13 17:23:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\derya\Desktop\OTL.exe [2013.04.13 17:07:30 | 000,000,000 | ---D | C] -- C:\Users\derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxford [2013.04.13 17:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oxford [2013.04.11 23:47:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.04.11 22:03:21 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2013.04.11 22:03:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2013.04.11 22:03:20 | 000,368,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2013.04.11 22:03:17 | 000,060,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys [2013.04.11 22:03:16 | 000,062,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2013.04.11 22:03:15 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2013.04.11 22:03:10 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2013.04.11 22:02:23 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2013.04.11 21:46:59 | 000,000,000 | ---D | C] -- C:\Users\derya\AppData\Local\MFAData [2013.04.11 21:46:59 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2013.04.11 21:46:59 | 000,000,000 | ---D | C] -- C:\Users\derya\AppData\Local\Avg2013 [2013.04.10 21:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2013.04.10 21:18:35 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.04.10 21:18:32 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.04.10 21:18:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.04.10 21:18:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.04.10 21:18:29 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.04.10 21:18:24 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.04.10 21:18:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.04.10 21:18:17 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.04.10 17:02:07 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.04.10 17:01:48 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.04.10 17:01:46 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.04.10 17:01:39 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2013.04.10 17:01:15 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll [2013.04.10 17:01:13 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll [2013.04.09 11:43:55 | 000,000,000 | ---D | C] -- C:\Users\derya\AppData\Local\oald8 [2013.04.09 11:43:33 | 000,000,000 | ---D | C] -- C:\Users\derya\AppData\Roaming\oald8 [2013.04.09 11:43:09 | 000,000,000 | RH-D | C] -- C:\Users\derya\AppData\Roaming\SecuROM [2013.04.09 11:37:19 | 000,000,000 | ---D | C] -- C:\Program Files\Oxford [2013.04.07 11:03:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013.03.17 18:34:58 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys ========== Files - Modified Within 30 Days ========== [2013.04.16 00:12:05 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.16 00:12:05 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.16 00:04:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.16 00:04:24 | 796,889,088 | -HS- | M] () -- C:\hiberfil.sys [2013.04.15 23:50:55 | 000,613,083 | ---- | M] () -- C:\Users\derya\Desktop\adwcleaner.exe [2013.04.15 23:30:30 | 000,551,587 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\derya\Desktop\JRT.exe [2013.04.15 23:30:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.14 19:17:23 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\derya\Desktop\tdsskiller.exe [2013.04.14 19:12:17 | 000,000,512 | ---- | M] () -- C:\Users\derya\Desktop\MBR.dat [2013.04.14 18:29:39 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\derya\Desktop\aswMBR.exe [2013.04.14 14:17:27 | 012,917,756 | ---- | M] () -- C:\Users\derya\Desktop\mbar-1.05.0.1001.zip [2013.04.14 10:51:06 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.04.14 10:51:06 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.04.13 18:14:35 | 000,377,856 | ---- | M] () -- C:\Users\derya\Desktop\gmer_2.1.19163.exe [2013.04.13 17:23:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\derya\Desktop\OTL.exe [2013.04.13 17:07:30 | 000,001,908 | ---- | M] () -- C:\Users\Public\Desktop\Oxford Advanced Learner's Dictionary - 8th Edition.lnk [2013.04.12 09:32:08 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.04.12 09:32:08 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.04.12 09:32:08 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.04.12 09:32:08 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.11 22:03:22 | 000,002,079 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013.04.11 22:03:10 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2013.04.10 21:53:46 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.04.10 21:28:13 | 000,288,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.03.30 10:02:01 | 000,015,760 | ---- | M] () -- C:\Users\derya\Documents\untitled_0.odt [2013.03.30 09:45:57 | 000,000,098 | -H-- | M] () -- C:\Users\derya\Documents\.~lock.atatürk.odt# [2013.03.26 09:42:30 | 000,001,011 | ---- | M] () -- C:\Users\derya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.03.26 09:41:34 | 000,000,979 | ---- | M] () -- C:\Users\derya\Desktop\Dropbox.lnk [2013.03.19 07:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.03.19 07:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.03.19 06:48:45 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll ========== Files Created - No Company Name ========== [2013.04.15 23:50:28 | 000,613,083 | ---- | C] () -- C:\Users\derya\Desktop\adwcleaner.exe [2013.04.14 19:12:17 | 000,000,512 | ---- | C] () -- C:\Users\derya\Desktop\MBR.dat [2013.04.14 14:15:21 | 012,917,756 | ---- | C] () -- C:\Users\derya\Desktop\mbar-1.05.0.1001.zip [2013.04.13 18:14:16 | 000,377,856 | ---- | C] () -- C:\Users\derya\Desktop\gmer_2.1.19163.exe [2013.04.13 17:07:30 | 000,001,908 | ---- | C] () -- C:\Users\Public\Desktop\Oxford Advanced Learner's Dictionary - 8th Edition.lnk [2013.04.11 22:03:22 | 000,002,079 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2013.04.11 22:03:13 | 000,164,736 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys [2013.04.11 22:03:12 | 000,049,248 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys [2013.04.10 21:53:46 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.04.10 21:53:46 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.03.31 10:03:25 | 000,015,760 | ---- | C] () -- C:\Users\derya\Documents\untitled_0.odt [2013.03.30 09:45:57 | 000,000,098 | -H-- | C] () -- C:\Users\derya\Documents\.~lock.atatürk.odt# [2012.12.19 23:08:09 | 000,032,768 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys [2012.12.19 18:59:16 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat [2012.12.19 13:50:29 | 000,000,000 | ---- | C] () -- C:\Windows\RTLInBoth.ini ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 05:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 16.04.2013 00:06:12 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\derya\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1013,30 Mb Total Physical Memory | 207,23 Mb Available Physical Memory | 20,45% Memory free
1,99 Gb Paging File | 1,15 Gb Available in Paging File | 57,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 187,03 Gb Free Space | 80,34% Space Free | Partition Type: NTFS
Computer Name: DERYA-PC | User Name: derya | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6B465CCB-4A89-4440-AE59-63C1C36BF420}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{8E86C963-CB9A-4610-8BD9-5C569B24F56F}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{B7DAFC20-21DE-4A6C-BDC8-27335F519E66}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3ECA47B4-BC57-464A-9515-2F20AB75422D}" = protocol=6 | dir=in | app=c:\users\derya\appdata\roaming\dropbox\bin\dropbox.exe |
"{7CF206ED-01A0-4E03-BD15-F2D270F226F3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B20B69F7-D568-4E57-BE0F-2A79E7D1BFCD}" = protocol=17 | dir=in | app=c:\users\derya\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{3180332E-057B-41E2-82DC-155C76419750}C:\users\derya\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\derya\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{327C047A-F448-45FB-91AD-B1DDDE1B0406}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{6C3F07EA-F81A-4A9B-A4E1-0446A67EABE1}C:\users\derya\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\derya\appdata\roaming\spotify\spotify.exe |
"TCP Query User{CF57D954-9DA0-4883-8C58-0447489C0310}C:\users\derya\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\derya\appdata\roaming\spotify\spotify.exe |
"UDP Query User{6CA0C4F2-CFA9-488C-B2D2-241CB64449D5}C:\users\derya\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\derya\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{8AB318CB-68A1-43E9-88C0-2CD7A5BC5321}C:\users\derya\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\derya\appdata\roaming\spotify\spotify.exe |
"UDP Query User{B5944BA0-CE51-4292-A21B-148CB118FAC0}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{C9736F0A-74A3-4128-8D93-30017280D577}C:\users\derya\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\derya\appdata\roaming\spotify\spotify.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{ADDBDFFF-A9B1-4AAA-94ED-2F754A1F5D5F}" = Document Express DjVu Plug-in
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2130
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AudibleManager" = AudibleManager
"avast" = avast! Free Antivirus
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NSIS_oald8" = Oxford Advanced Learner's Dictionary - 8th Edition
"Paragon Software PONS 7" = Paragon Software PONS 7
"VLC media player" = VLC media player 2.0.5
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2070947155-1557344131-3509826172-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ System Events ]
Error - 15.04.2013 17:56:38 | Computer Name = derya-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 15.04.2013 18:04:51 | Computer Name = derya-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
< End of report >
|
|
16.04.2013, 09:09
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Lizenz-Daten konnten nicht korrekt geschrieben werden. Logs sehen ok aus, aber das taten sie bis auf den Werbemüll/Toolbar-Krams auch bis die von JRT und adwCleaner entfernt wurden. Code:
ATTFilter [2013.04.09 11:43:09 | 000,000,000 | RH-D | C] -- C:\Users\derya\AppData\Roaming\SecuROM
Rechtsklick auf Ordner "SecuROM" in C:\Users\derya\AppData\Roaming => Eigenschaften => Haken rausnehmen bei schreibgeschützt und übernehmen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.04.2013, 21:51
| #15 |
| | Lizenz-Daten konnten nicht korrekt geschrieben werden. hey danke für deine Antwort. schreibgeschützt haken habe ich rausgenommen und veränderung übernommen aber wenn ich auf wörterbuch klicke, immer noch dieselbe nervende nachricht soll ich vielleicht wörterbuch deinstallieren und nochmals installieren? und die anderen scan prgramme auf meinem desktop ..jrt adw usw. soll ich die einfach löschen?ich hab nochmals geprüft. eigentlich (als ich geschrieben habe, den haken habe ich rausgenommen)gibts da von anfang an keinen haken beim schreibgeschützt. man sieht keinen haken sondern eine farbe daneben wie blau. und als ich auf das symbol vom wörterbuch klicke, kommt noch dieselbe nachrict:lizentdaten konntennicht korrekt geschrieben werden. in dem kästchen, wo diese nachricht steht, gibts 2 möglichkeiten entweder ok oder analyse starten. wenn ich auf analyse starten drücke, entsteht angeblich eine logfile, die in C:\AnalysisLog.sr0 gespeichert wurde. aber ich sehe in C keine logfile unter diesem namen, damit ich dir schicken kann? |
|
| Themen zu Lizenz-Daten konnten nicht korrekt geschrieben werden. |
| advanced, desktop, edition, erhalte, fehlermeldung, formatiert, freue, installier, klicke, konnte, korrekt, monate, netbook, neustart, problem, rechner, support, symbol, system, windows, windows 7, würde |
Linear-Darstellung
