malwarebytes:
Downloade Dir bitte Malwarebytes

• Installiere
  das Programm in den vorgegebenen Pfad.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Starte Malwarebytes, klicke auf Aktualisierung --> Suche
  nach Aktualisierung
• Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
• Wenn der Scan beendet
  ist, klicke auf Ergebnisse anzeigen.
• Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
• Poste
  das Logfile, welches sich in Notepad öffnet, hier in den Thread.
• Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Malwarebytes Anti-Malware (Test) 1.70.0.1100
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.02.21.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Cihan :: HP2540P [Administrator]

Schutz: Aktiviert

21.02.2013 03:08:25
MBAM-log-2013-02-21 (04-38-50).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Z:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 391485
Laufzeit: 1 Stunde(n), 29 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Intel\Cihan Cosar\Laptop weiss\Sicherheit\cihancosar55\HTC Bilder\Cihan\Progs\DaDi's PPC Creations\PDI\PDI.exe (Backdoor.MSIL.PGen) -> Keine Aktion durchgeführt.
C:\Users\Cihan\Pictures\Sonstiges\Laptop weiss\Sicherheit\cihancosar55\HTC Bilder\Cihan\Progs\DaDi's PPC Creations\PDI\PDI.exe (Backdoor.MSIL.PGen) -> Keine Aktion durchgeführt.

(Ende)


Auch das brachte kein erfolg
Youtube suchergebnisse immer noch nicht da.... :/
komisch das nur youtube betroffen ist.

hi,
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Auch eine Neuinstallation von chrome brachte kein erfolg.
Und ich habe eben selber ein programm bemerkt. angeblich von heute.
SearchAnonymizer was das wohl sein soll. aber daran wird es nicht liegen da es ja heute angeblich installiert worden ist. aber trotzdem keine ahnung was das sein soll.




Adobe Flash Player 10 ActiveX 64-bit Adobe Systems Incorporated 22.02.2011 6,00MB 10.3.162.28 *notwendig*
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 15.02.2013 6,00MB 11.6.602.168 *notwendig*
Adobe Reader X (10.1.5) - Deutsch Adobe Systems Incorporated 16.02.2013 168MB 10.1.5 *notwendig*
Ashampoo Burning Studio Elements 10.0.9 Ashampoo GmbH & Co. KG 10.03.2012 161MB 3.1.1 *notwendig*
Broadcom 2070 Bluetooth 2.1 + EDR Broadcom Corporation 10.02.2011 144MB 6.2.1.1100 *notwendig*
CCleaner Piriform 19.12.2012 3.26
DAEMON Tools Lite DT Soft Ltd 15.06.2011 4.40.2.0131 *notwendig*
Delta Chrome Toolbar DeltaInstaller 21.02.2013 3,00KB 1.0.0.0 * unbekannte*
DVD Architect Studio 5.0 Sony 22.08.2012 250MB 5.0.156 *unnötig*
EatCam Webcam Recorder 5.0 for MSN EatCam.com 16.02.2011 5.0 *notwendig*
Facebook Video Calling 1.2.0.287 Skype Limited 25.10.2012 4,76MB 1.2.287 *notwendig*
FastPictureViewer Professional 1.9.291.0 (64-bit) Axel
Rietschin Software Developments 21.02.2013 83,7MB 1.9.291.0 *notwendig*
Google Chrome Google Inc. 21.02.2013 24.0.1312.57 *notwendig*
Google Earth Plug-in Google 17.11.2011 40,8MB 6.1.0.5001 *notwendig*
HD2 Toolkit Version 4.3 Kaushal Subedi (KSubedi) 29.08.2012 29,1MB 4.3 *unnötig*
HP 3D DriveGuard Hewlett-Packard 10.02.2011 3,28MB 4.0.4.1 *unnötig*
HP ESU for Microsoft Windows 7 Hewlett-Packard Company 11.12.2012 9,12MB 2.0.1.1
HP Power Assistant Hewlett-Packard Company 22.06.2011 7,64MB 1.0.11.0 *notwendig*
HP Power Data Hewlett-Packard 10.02.2011 1,22MB 1.0.11.114 * unbekannte*
HP Product Detection HP 23.11.2012 3,83MB 11.14.0004 *notwendig*
HP Quick Launch Buttons Hewlett-Packard Company 10.02.2011 6.50.13.1 *notwendig*
HP Support Assistant Hewlett-Packard Company 11.12.2012 91,5MB 7.0.39.15 *notwendig*
HP System Default Settings Hewlett-Packard Company 11.12.2012 1,59MB 2.3.1.2 * unbekannte*
HP Webcam Roxio 05.06.2011 9,76MB 1.0.26.3 *notwendig*
HP Webcam Driver Sonix 06.05.2011 5.8.50009.6 *notwendig*
ICQ7.4 ICQ 23.02.2011 7.4 *notwendig*
IDT Audio IDT 11.12.2012 1.0.6300.0 *notwendig*
Iminent 10.02.2011 * unbekannte*
Intel(R) Graphics Media Accelerator Driver Intel Corporation 22.06.2011 8.15.10.2302 * notwendig*
Intel(R) Management Engine Components Intel Corporation 22.06.2011 6.0.0.1179 * unbekannte*
Intel(R) Network Connections Drivers Intel 10.02.2011 14.8
Intel® Matrix Storage Manager Intel Corporation 10.02.2011
Java 7 Update 15 Oracle 21.02.2013 129MB 7.0.150 * unbekannte*
Java(TM) 6 Update 24 (64-bit) Oracle 22.02.2011 90,7MB 6.0.240 * unbekannte*
Java(TM) SE Development Kit 6 Update 24 (64-bit) Oracle 22.02.2011 146MB 1.6.0.240 * unbekannte*
JPGVideo 1.05.0.0 NDW Ltd 22.08.2012 * unbekannte*
Kaspersky Internet Security 2013 Kaspersky Lab 15.02.2013 13.0.1.4190 *notwendig*
Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 21.02.2013 18,4MB 1.70.0.1100
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 05.08.2012 38,8MB 4.0.30320 * unbekannte*
Microsoft Camera Codec Pack Microsoft Corporation 21.02.2013 33,3MB 16.4.1734.1104 *notwendig*
Microsoft Silverlight Microsoft Corporation 13.05.2012 50,6MB 5.1.10411.0 * unbekannte*
Microsoft SkyDrive Microsoft Corporation 21.02.2013 25,1MB 16.4.6013.0910 * unbekannte*
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft * unbekannte*Corporation 21.02.2013 1,69MB 3.1.0000
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 12.02.2011 260KB 8.0.50727.4053 * unbekannte*
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 22.06.2011 300KB 8.0.61001 * unbekannte*
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 10.02.2011 708KB 8.0.61000 * unbekannte*
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Corporation 21.04.2011 580KB 8.0.51011 * unbekannte*
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Corporation 12.02.2011 212KB 9.0.30729.4148 * unbekannte*
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Corporation 21.04.2011 790KB 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 10.02.2011 788KB 9.0.30729 * unbekannte*
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 22.06.2011 788KB 9.0.30729.6161 * unbekannte*
MiniTool Partition Wizard Home Edition 7.0 MiniTool Solution Ltd. 29.08.2012 24,1MB *notwendig*
moDiag 2.8.515 Matthias Tieben 23.05.2011 17,7MB 2.8.515 *unnötig*
Nero Burning ROM 10 Nero AG 18.03.2011 167MB 10.5.10300 *notwendig*
Nero BurnRights 10 Nero AG 18.03.2011 6,14MB 4.2.10300.0.102 *notwendig*
Nero Update Nero AG 18.03.2011 1,43MB 1.0.0018 *unnötig*
Notepad++ 29.08.2012 5.9.3 *notwendig*
Photomatix Pro version 4.2.2 HDRsoft Sarl 17.09.2012 24,8MB 4.2.2 *notwendig*
PL-2303 USB-to-Serial Prolific Technology INC 17.02.2011 1.3.0 *notwendig*
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 11.12.2012 6.0.1.6662 * unbekannte*
RICOH Media Driver RICOH 10.02.2011 2.14.00.05 * unbekannte*
SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 05.08.2012 42,9MB 1.5.6.0 *unnötig*
SDFormatter SD Association 29.08.2012 3,57MB 3.1.0 *notwendig*
SearchAnonymizer 21.02.2013 1.0.1 (de) * unbekannte*
Skype Click to Call Skype Technologies S.A. 01.11.2012 37,9MB 6.3.11079 *notwendig*
Skype™ 6.2 Skype Technologies S.A. 19.02.2013 20,2MB 6.2.106 *notwendig*
Synaptics Pointing Device Driver Synaptics Incorporated 14.02.2011 46,4MB 15.0.24.0 *notwendig*
TeamViewer 6 TeamViewer GmbH 09.08.2011 6.0.10722 *notwendig*
Validity Fingerprint Driver Validity Sensors, Inc. 10.02.2011 11,0MB 4.0.11.0 *notwendig*
Vegas Movie Studio HD Platinum 11.0 Sony 22.08.2012 297MB 11.0.283 * unbekannte*
Virtual Router v0.9 Beta Chris Pietschmann 15.08.2012 1,18MB 0.9.0 *unnötig*
VLC media player 2.0.4 VideoLAN 05.12.2012 2.0.4 *notwendig*
WinAce Archiver e-merge GmbH 18.07.2012 2.69 *notwendig*
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) Broadcom 10.02.2011 07/30/2009 6.2.0.9405
Windows Driver Package - Broadcom Bluetooth (12/16/2009 6.2.0.9414) Broadcom 10.02.2011 12/16/2009 6.2.0.9414
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) Broadcom 10.02.2011 07/28/2009 6.2.0.9800
Windows Live Essentials Microsoft Corporation 21.02.2013 16.4.3505.0912
Windows Media Player Firefox Plugin Microsoft Corp 29.03.2011 296KB 1.0.0.8
Windows Mobile-Gerätecenter Microsoft Corporation 10.07.2011 27,4MB 6.1.6965.0

hi
mache ausschließlich das, was hier steht.
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Delta
DVD
HD2
Iminent
Java(TM) 6
Java(TM) SE
JPGVideo
Microsoft Silverlight
SAMSUNG
SearchAnonymizer
TeamViewer : würde ich nur bei Bedarf instalieren, außerdem ist version 8 aktuell, wenns also drauf bleiben muss, upgraden.
Vegas
Virtual

Öffne CCleaner, analysieren, starten, PC neustarten
Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

microsoft silverlight auch?
Ist das nicht mein Email programm mit drinne das windows live mail?
Das lasse ich lieber erstmal drauf wenn ok.

Alles erledigt ausser das silverlight drauf geblieben ist.
Problem immer noch vorhanden.

AdwCleaner Logfile:

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v2.112 - Datei am 21/02/2013 um 22:56:53 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Cihan - HP2540P
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Cihan\Desktop\adwcleaner0.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\ProgramData\BrowserProtect

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v24.0.1312.57

Datei : C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.11] : homepage = "hxxp://www.delta-search.com/?affID=119828&babsrc=HP_ss&mntrId=3ba134d000000000000[...]
Gelöscht [l.1986] : homepage = "hxxp://www.delta-search.com/?affID=119828&babsrc=HP_ss&mntrId=3ba134d000000000000018[...]

*************************

AdwCleaner[R1].txt - [27007 octets] - [21/02/2013 16:52:39]
AdwCleaner[R2].txt - [27068 octets] - [21/02/2013 16:53:54]
AdwCleaner[S1].txt - [26881 octets] - [21/02/2013 16:54:33]
AdwCleaner[S2].txt - [1160 octets] - [21/02/2013 22:56:53]

########## EOF - C:\AdwCleaner[S2].txt - [1220 octets] ##########
         

--- --- ---

silverlight ist nicht outlook, weg damit.
sag mir nicht nach jedem Schritt, ob sich das problem erledigt hatt.
wir sind ja nicht fertig.
HitmanPro - Download - Filepony
hitmanpro laden, doppelklicken, lizenz, Testlizenz.
auf Scan.
Nichts löschen.
Auf weiter,Log als XML exportieren, posten, bzw packen und anhängen.

Ich habe aber auf weiter geklickt und es wurde was gelöscht.
Ich wusste nicht das wenn ich auf weiter klicke das da was gelöscht wird. :/

Code: Alles auswählenAufklappen

ATTFilter

HitmanPro 3.7.2.188
www.hitmanpro.com

   Computer name . . . . : HP2540P
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : HP2540P\Cihan
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2013-02-23 02:12:38
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 7m 52s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 141

   Objects scanned . . . : 2.049.757
   Files scanned . . . . : 43.328
   Remnants scanned  . . : 616.320 files / 1.390.109 keys

Potential Unwanted Programs _________________________________________________

   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\bprotector web data (Claro)
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences (Claro)
   HKU\S-1-5-21-3929057395-2147905070-1016382134-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
   HKU\S-1-5-21-3929057395-2147905070-1016382134-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC} (Claro)

Repairs _____________________________________________________________________

   Proxyserver auf diesem Computer (Benutzer)
   127.0.0.1:8888


Cookies _____________________________________________________________________

   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:112.2o7.net
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adnet.de
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.reklamport.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:adultfriendfinder.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertstream.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:allepornos.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:alphaporno.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:anotherpornblog.tumblr.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:anyporn.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:autoscout24.112.2o7.net
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:babapornoizle.net
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:bazoosexcams.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:camsex-luder.info
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:dailymotionpoc.112.2o7.net
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:de.sitestat.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:dextersporn.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:eporner.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ero-advertising.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:freecamsexposed.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:getclicky.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:h2porn.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:hardsextube.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:htc.122.2o7.net
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:hussysex.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:kaspersky.122.2o7.net
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:kostenlos-webcam-sex.livecam24.cc
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:largeporntube.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:libri.112.2o7.net
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:microsoftsto.112.2o7.net
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:onlinepornoizle.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:paypal.112.2o7.net
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornblog.cc
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornblog.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:porncj.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornhub.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornmd.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornoelits.biz
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornoelits.ws
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornosu-izle.info
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornotane.tv
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:pornshare.biz
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:porntube.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexcamfrauen.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexforum.tv
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexsohbet.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexy.1a-chat.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:stat.dealtime.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:static.getclicky.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.badoostats.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.computecmedia.de
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.paypal.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:turbanlipornolari.blogspot.de
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:turk.pornosu-izle.info
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:turkporno.tv
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:turkpornolari31.blogspot.de
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:videosexarchive.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:vporn.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.alphaporno.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.bazoosexcams.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.dextersporn.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.eporner.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.etracker.de
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.freecamsexposed.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.hardsextube.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.hussysex.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.largeporntube.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.livecam-sexchat.tv
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.pornblog.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.pornhub.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.pornmd.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.porntube.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.sexcamfrauen.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.sexsohbet.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.xxxchatters.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:xxxymovies.com
   C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru
   C:\Users\Cihan\AppData\Roaming\Microsoft\Windows\Cookies\02BE23U2.txt
   C:\Users\Cihan\AppData\Roaming\Microsoft\Windows\Cookies\06QF0YXN.txt
   C:\Users\Cihan\AppData\Roaming\Microsoft\Windows\Cookies\0UV78SVX.txt
   C:\Users\Cihan\AppData\Roaming\Microsoft\Windows\Cookies\13QDLS1R.txt
   C:\Users\Cihan\AppData\Roaming\Microsoft\Windows\Cookies\1GF78W0Y.txt
   C:\Users\Cihan\AppData\Roaming\Microsoft\Windows\Cookies\1WUTBQWF.txt
   C:\Users\Cihan\AppData\Roaming\Microsoft\Windows\Cookies\3WIBTL0B.txt
   C:\Users\Cihan\AppData\Roaming\Microsoft\Windows\Cookies\789WRI86.txt
   C:\Users\Cihan\AppData\Roaming\Microsoft\Windows\Cookies\8019WABU.txt
   C:\Users\Cihan\AppData\Roaming\Microsoft\Windows\Cookies\9J1AEC19.txt
   C:\Users\Cihan\AppData\Roaming\Microsoft\Windows\Cookies\9YT0Q1LQ.txt
   C:\Users\Cihan\AppData\Roaming\Microsoft\Windows\Cookies\BZS7QBYM.txt
   C:\Users\Cihan\AppData\Roaming\Microsoft\Windows\Cookies\cihan@ads.cartown[2].txt
   C:\Users\Cihan\AppData\Roaming\Microsoft\Windows\Cookies\cihan@adtech[1].txt
   C:\Users\Cihan\AppData\Roaming\Microsoft\Windows\Cookies\cihan@at.atwola[2].txt
   C:\Users\Cihan\AppData\Roaming\Microsoft\Windows\Cookies\cihan@atwola[1].txt
   C:\Users\Cihan\AppData\Roaming\Microsoft\Windows\Cookies\cihan@cdn.at.atwola[1].txt
   C:\Users\Cihan\AppData\Roaming\Microsoft\Windows\Cookies\cihan@content.yieldmanager[1].txt
   C:\Users\Cihan\AppData\Roaming\Microsoft\Windows\Cookies\cihan@revsci[3].txt
   C:\Users\Cihan\AppData\Roaming\Microsoft\Windows\Cookies\cihan@sevenoneintermedia.112.2o7[1].txt
   C:\Users\Cihan\AppData\Roaming\Microsoft\Windows\Cookies\cihan@tacoda.at.atwola[1].txt
   C:\Users\Cihan\AppData\Roaming\Microsoft\Windows\Cookies\CIT0WYZW.txt
   C:\Users\Cihan\AppData\Roaming\Microsoft\Windows\Cookies\DBOL6EJ4.txt
   C:\Users\Cihan\AppData\Roaming\Microsoft\Windows\Cookies\DXW5RVMJ.txt
   C:\Users\Cihan\AppData\Roaming\Microsoft\Windows\Cookies\ER7Q7XVH.txt
   C:\Users\Cihan\AppData\Roaming\Microsoft\Windows\Cookies\G8NU501A.txt
   C:\Users\Cihan\AppData\Roaming\Microsoft\Windows\Cookies\J3ZT0DPT.txt
   C:\Users\Cihan\AppData\Roaming\Microsoft\Windows\Cookies\J7KN8818.txt
   C:\Users\Cihan\AppData\Roaming\Microsoft\Windows\Cookies\KV52C7MC.txt
   C:\Users\Cihan\AppData\Roaming\Microsoft\Windows\Cookies\O8QKJFT6.txt
   C:\Users\Cihan\AppData\Roaming\Microsoft\Windows\Cookies\PS9F9G3S.txt
   C:\Users\Cihan\AppData\Roaming\Microsoft\Windows\Cookies\QXQ4M9AG.txt
   C:\Users\Cihan\AppData\Roaming\Microsoft\Windows\Cookies\RRXNRP2S.txt
   C:\Users\Cihan\AppData\Roaming\Microsoft\Windows\Cookies\S3IDFBZY.txt
   C:\Users\Cihan\AppData\Roaming\Microsoft\Windows\Cookies\S9CQD0B2.txt
   C:\Users\Cihan\AppData\Roaming\Microsoft\Windows\Cookies\UW422HV0.txt
   C:\Users\Cihan\AppData\Roaming\Microsoft\Windows\Cookies\X5SQXERX.txt
   C:\Users\Cihan\AppData\Roaming\Microsoft\Windows\Cookies\ZBLBHDQI.txt
         

Ich habe aber auch gerade noch was bemerkt was an meinem laptop falsch läuft.
Ich kann manche dateien nicht bearbeiten und auf manche ordner gar nicht zugreifen. ohh ohh.

was heißt manche? welche?
poste noch mal ein neues otl log.

Habe ein OTL durchlaufen lassen so wie du es auf seite 1 gesagt hattest deinen code da in otl reikopieren usw.
hier das ergebnis.OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 26.02.2013 02:07:04 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Cihan\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,80 Gb Total Physical Memory | 3,31 Gb Available Physical Memory | 57,12% Memory free
11,59 Gb Paging File | 8,47 Gb Available in Paging File | 73,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 200,64 Gb Total Space | 19,43 Gb Free Space | 9,68% Space Free | Partition Type: NTFS
Drive Z: | 32,14 Gb Total Space | 29,63 Gb Free Space | 92,17% Space Free | Partition Type: NTFS
 
Computer Name: HP2540P | User Name: Cihan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.15 23:55:36 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2013.02.15 22:45:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cihan\Downloads\OTL.exe
PRC - [2013.02.10 22:48:38 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2013.01.26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\program files (x86)\google\chrome\application\chrome.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.08.17 21:38:34 | 000,128,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe
PRC - [2012.08.10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011.01.20 10:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010.03.03 14:46:56 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.03.03 14:46:54 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.01.08 22:55:54 | 000,354,840 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009.12.29 14:19:14 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009.11.11 14:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.15 02:28:22 | 012,638,576 | ---- | M] () -- C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
MOD - [2013.01.26 03:35:06 | 000,460,240 | ---- | M] () -- C:\program files (x86)\google\chrome\application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
MOD - [2013.01.26 03:35:04 | 004,012,496 | ---- | M] () -- C:\program files (x86)\google\chrome\application\24.0.1312.57\pdf.dll
MOD - [2013.01.26 03:34:19 | 000,597,968 | ---- | M] () -- C:\program files (x86)\google\chrome\application\24.0.1312.57\libglesv2.dll
MOD - [2013.01.26 03:34:18 | 000,124,368 | ---- | M] () -- C:\program files (x86)\google\chrome\application\24.0.1312.57\libegl.dll
MOD - [2013.01.26 03:34:16 | 001,552,848 | ---- | M] () -- C:\program files (x86)\google\chrome\application\24.0.1312.57\ffmpegsumo.dll
MOD - [2012.08.17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.05.13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009.12.29 23:03:24 | 002,019,120 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.02.21 22:47:29 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.15 23:55:36 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2013.02.07 13:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.09.27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2012.08.10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.08 00:05:34 | 000,271,360 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2010.08.23 10:40:40 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.03 14:46:56 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.03.03 14:46:54 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.01.08 22:55:54 | 000,354,840 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2009.12.29 22:44:24 | 001,639,728 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2009.12.29 14:19:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.02 00:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2007.05.31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.02.16 00:16:55 | 000,613,720 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013.02.16 00:16:55 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.10.25 12:42:02 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2012.10.25 12:42:02 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012.09.12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.08.13 16:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2012.08.02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012.06.19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.02 10:43:02 | 000,509,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
DRV:64bit: - [2011.09.02 21:29:54 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2011.09.02 21:29:52 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2011.06.22 00:54:30 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.05.13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011.05.13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.11 10:16:36 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.09.08 00:05:34 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010.08.31 04:07:04 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.06.04 02:18:56 | 001,379,376 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.06.03 15:56:06 | 001,803,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2010.02.26 14:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.01.13 16:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2010.01.08 22:45:26 | 000,409,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.01.07 19:22:44 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010.01.07 19:22:40 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010.01.07 19:22:36 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.01.07 19:22:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.09.17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.07.20 15:05:50 | 000,059,008 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rismcx64.sys -- (rismcx64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.25 17:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009.06.10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009.02.17 10:18:48 | 000,069,192 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2009.02.17 10:17:16 | 000,084,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1A 3E 49 5C 44 D2 CB 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Cihan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.02.16 00:16:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.02.16 00:16:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.02.16 00:16:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.02.16 00:16:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.02.16 00:16:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{0F827075-B026-42F3-885D-98981EE7B1AE}: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
 
[2013.02.21 15:31:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - homepage: Delta Search
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: Delta Search
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\program files (x86)\google\chrome\application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\program files (x86)\google\chrome\application\24.0.1312.57\pdf.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plugin/online_banking_npapi.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\plugin/content_blocker_npapi.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\plugin/npVKPlugin.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plugin/npABPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U15 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Cihan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: AdBlock = C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Modul f\u00FCr das Blockieren gef\u00E4hrlicher Webseiten = C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\
CHR - Extension: Skype Click to Call = C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: Google Mail = C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\
 
O1 HOSTS File: ([2013.02.20 00:34:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Cihan\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C7F3E6F-E5D7-49E0-A41E-DCB0913B7B82}: NameServer = 198.153.194.1,198.153.192.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0FF2DEC9-E2B5-4137-8096-8B7B919AF919}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36E6DF71-7F5F-4E4E-823D-E409566366D5}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36E6DF71-7F5F-4E4E-823D-E409566366D5}: NameServer = 198.153.194.1,198.153.192.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98D91A74-DDD7-45A4-AD0F-DABBF4C524F1}: NameServer = 198.153.194.1,198.153.192.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A56AC4DD-82CE-4F95-B912-EA0BF6EF3B5A}: NameServer = 198.153.194.1,198.153.192.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8174EEB-4193-4038-8650-93148FE525A9}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E60FFC6F-7C89-40FF-87B2-85A610E6E103}: NameServer = 198.153.194.1,198.153.192.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4581EC6-DE52-4275-BBE1-62D1C126BAD3}: NameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.23 02:11:46 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.02.23 02:07:48 | 009,754,024 | ---- | C] (SurfRight B.V.) -- C:\Users\Cihan\Desktop\HitmanPro_x64.exe
[2013.02.21 22:28:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\IO
[2013.02.21 17:20:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.02.21 17:20:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.02.21 17:16:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.02.21 16:04:18 | 000,000,000 | ---D | C] -- C:\Windows\de
[2013.02.21 16:03:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2013.02.21 16:02:18 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2013.02.21 16:02:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2013.02.21 16:02:14 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013.02.21 15:59:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastPictureViewer
[2013.02.21 15:59:04 | 000,000,000 | ---D | C] -- C:\Windows\WICCodecs
[2013.02.21 15:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\FastPictureViewer
[2013.02.21 15:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\FastPictureViewer
[2013.02.21 15:58:47 | 000,000,000 | R--D | C] -- C:\Users\Cihan\SkyDrive
[2013.02.21 15:58:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2013.02.21 15:58:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2013.02.21 15:56:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.02.21 15:55:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.02.21 15:32:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013.02.21 15:32:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013.02.21 15:31:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.21 15:31:22 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Roaming\Opera
[2013.02.21 15:31:17 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Roaming\OCS
[2013.02.21 14:36:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013.02.21 14:33:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Canon_Inc_IC
[2013.02.21 14:33:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon_Inc_IC
[2013.02.21 03:19:38 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{559741F7-343C-4EF9-AB69-8965C2507042}
[2013.02.21 03:06:57 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\Programs
[2013.02.21 03:06:12 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Roaming\Malwarebytes
[2013.02.21 03:05:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.21 03:05:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.21 03:05:40 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.21 03:05:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.20 01:18:39 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{728E30B0-8AD2-4B57-AD10-6736CBF44E99}
[2013.02.20 01:04:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.02.20 00:58:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.02.20 00:13:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.20 00:13:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.20 00:13:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.20 00:12:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.20 00:12:26 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.02.20 00:10:35 | 005,034,457 | R--- | C] (Swearware) -- C:\Users\Cihan\Desktop\ComboFix.exe
[2013.02.19 23:26:34 | 000,000,000 | ---D | C] -- C:\Program Files\WIBU-SYSTEMS
[2013.02.19 23:26:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WIBU-SYSTEMS
[2013.02.19 23:16:47 | 000,000,000 | ---D | C] -- C:\Users\Cihan\Desktop\BMW Software
[2013.02.19 00:55:09 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{F73F2361-CC7D-434F-BC36-A7CDC7EC6077}
[2013.02.19 00:45:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.19 00:45:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.02.18 12:54:45 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{D6B33CF2-1C63-4E3C-A12B-0D7F32DACB86}
[2013.02.18 12:51:15 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{1C15AE69-0697-4B40-8EF8-52E933A3C8DF}
[2013.02.18 01:25:59 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
[2013.02.17 21:42:53 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{EE5E5962-7966-4883-BCFF-209B8D70D46A}
[2013.02.16 20:45:47 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{C76205DA-27B2-4FE3-9CE8-C84E0BE6915D}
[2013.02.16 08:45:23 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{E121990B-C094-4249-A137-524631E62A9A}
[2013.02.15 23:35:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013
[2013.02.15 23:34:13 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2013.02.15 23:33:34 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2013.02.15 23:25:42 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Cihan\Desktop\tdsskiller.exe
[2013.02.15 20:45:07 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{A5A055E4-3D7E-494B-B897-EDCEE4B57949}
[2013.02.14 22:01:43 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{7D692DC9-E23C-4BAF-ACB3-DB12E4D6235A}
[2013.02.11 10:51:39 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{4C7E9AE2-8C12-48EB-A048-854152416937}
[2013.02.10 22:51:27 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{9289DD9D-4BEE-4234-ADB4-205E7B9424B8}
[2013.02.10 22:47:57 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{5DB13E9E-9EA9-4EF2-A50F-4A8E585B1B3F}
[2013.02.10 01:15:12 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{43C8C42B-5F12-4BA8-A7EB-538EF7670C45}
[2013.02.08 20:45:42 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{2D2E599C-079A-4452-AC41-C310DDED7CD1}
[2013.02.08 02:29:41 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{69BF5E61-2096-4EC1-B275-F28E1EA8A616}
[2013.02.08 02:29:33 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{4D61D2FE-72F6-4ED5-B93A-BC00366ACDE2}
[2013.02.07 13:23:15 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{40C20804-5DB1-4A8F-B0C6-D4BBC52AD988}
[2013.02.06 11:08:37 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{234A01D0-0301-443C-B462-9B3F8EB57669}
[2013.02.05 21:40:27 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{F291BF5A-256E-49AC-910E-FE8A0D7B3ABF}
[2013.02.04 14:50:14 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{0CF0BFA2-04CC-4CFC-B573-6C23AD12DE1F}
[2013.02.03 13:39:34 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{EB5C81D5-9273-420C-A139-CE4EFE865400}
[2013.02.02 13:03:52 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{9236DE75-3F99-4401-AE86-E417DD52F8D0}
[2013.02.02 11:50:09 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{DEFD5874-3E24-4385-942F-A8BABD269016}
[2013.02.01 10:56:07 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{E8EFAFD9-B13B-4AAA-A5A2-9250A4987AA0}
[2013.01.31 22:13:25 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{FA142269-AE4D-4D40-BF29-1D7072A03A22}
[2013.01.31 00:46:26 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{E7782B84-F6E7-4EA8-A3B9-F6CAD9CC433D}
[2013.01.30 09:24:03 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{9F5EF711-B13F-45C4-88F5-1D031332C2BB}
[2013.01.28 23:59:28 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{4871B47B-F219-497B-BD57-00CC58764E55}
[2013.01.28 01:10:27 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{7BCA72D4-A477-4F3A-8A43-000EA95936C8}
[2013.01.27 03:22:16 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{6D2B5391-794D-4DC9-8294-F6616C810FFE}
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.26 02:03:58 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.26 02:03:29 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3929057395-2147905070-1016382134-1000UA.job
[2013.02.26 02:03:28 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.26 02:03:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.24 14:02:13 | 000,214,366 | ---- | M] () -- C:\Users\Cihan\Desktop\fehler.jpg
[2013.02.24 13:58:17 | 000,015,232 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.24 13:58:17 | 000,015,232 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.24 13:49:44 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.24 13:49:13 | 1928,728,575 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.23 02:12:00 | 009,754,024 | ---- | M] (SurfRight B.V.) -- C:\Users\Cihan\Desktop\HitmanPro_x64.exe
[2013.02.21 22:56:19 | 000,587,671 | ---- | M] () -- C:\Users\Cihan\Desktop\adwcleaner0.exe
[2013.02.21 22:42:21 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.02.21 17:20:27 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.02.21 17:16:14 | 000,002,259 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.02.21 16:54:50 | 000,000,097 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.02.21 16:17:54 | 000,091,977 | ---- | M] () -- C:\Users\Cihan\Desktop\chrome.html
[2013.02.21 15:59:06 | 000,001,157 | ---- | M] () -- C:\Users\Public\Desktop\FastPictureViewer Cheat Sheet.lnk
[2013.02.21 15:59:06 | 000,001,087 | ---- | M] () -- C:\Users\Public\Desktop\Fast Picture Viewer 64.lnk
[2013.02.21 15:32:27 | 000,000,620 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013.02.21 12:09:15 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3929057395-2147905070-1016382134-1000Core.job
[2013.02.21 03:07:15 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.20 00:34:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.02.20 00:11:09 | 005,034,457 | R--- | M] (Swearware) -- C:\Users\Cihan\Desktop\ComboFix.exe
[2013.02.19 00:45:54 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.02.17 21:44:53 | 000,286,532 | ---- | M] () -- C:\Users\Cihan\Desktop\gefundenetrojaner.jpg
[2013.02.16 18:54:35 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.16 18:54:35 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.16 18:54:35 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.16 18:54:35 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.16 18:54:35 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.16 03:56:39 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.16 01:57:56 | 001,171,199 | ---- | M] () -- C:\Users\Cihan\Documents\hydroreinigung.pdf
[2013.02.16 00:16:55 | 000,613,720 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2013.02.16 00:16:55 | 000,054,104 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\kltdi.sys
[2013.02.16 00:00:01 | 000,134,823 | ---- | M] () -- C:\Users\Cihan\Desktop\youtube.jpg
[2013.02.15 23:34:13 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
[2013.02.15 23:24:32 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Cihan\Desktop\tdsskiller.exe
[2013.02.10 22:54:17 | 000,016,656 | ---- | M] () -- C:\Users\Cihan\Documents\Servoöl bmw.pdf
[2013.01.28 02:26:04 | 000,095,512 | ---- | M] () -- C:\Users\Cihan\Desktop\bumbur turkbase berlin.jpg
 
========== Files Created - No Company Name ==========
 
[2013.02.24 14:02:13 | 000,214,366 | ---- | C] () -- C:\Users\Cihan\Desktop\fehler.jpg
[2013.02.21 22:56:08 | 000,587,671 | ---- | C] () -- C:\Users\Cihan\Desktop\adwcleaner0.exe
[2013.02.21 22:47:30 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.21 22:42:21 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.02.21 22:42:19 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.02.21 17:20:27 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.02.21 17:16:14 | 000,002,259 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.02.21 16:54:41 | 000,000,097 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.02.21 16:17:54 | 000,091,977 | ---- | C] () -- C:\Users\Cihan\Desktop\chrome.html
[2013.02.21 16:03:51 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013.02.21 16:03:37 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013.02.21 15:59:06 | 000,001,157 | ---- | C] () -- C:\Users\Public\Desktop\FastPictureViewer Cheat Sheet.lnk
[2013.02.21 15:59:06 | 000,001,087 | ---- | C] () -- C:\Users\Public\Desktop\Fast Picture Viewer 64.lnk
[2013.02.21 15:58:46 | 000,002,179 | ---- | C] () -- C:\Users\Cihan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2013.02.21 15:32:23 | 000,000,620 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013.02.21 03:05:41 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.20 00:13:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.20 00:13:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.20 00:13:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.20 00:13:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.20 00:13:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.17 21:44:53 | 000,286,532 | ---- | C] () -- C:\Users\Cihan\Desktop\gefundenetrojaner.jpg
[2013.02.16 01:57:55 | 001,171,199 | ---- | C] () -- C:\Users\Cihan\Documents\hydroreinigung.pdf
[2013.02.16 00:00:00 | 000,134,823 | ---- | C] () -- C:\Users\Cihan\Desktop\youtube.jpg
[2013.02.15 23:35:52 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
[2013.02.10 22:54:17 | 000,016,656 | ---- | C] () -- C:\Users\Cihan\Documents\Servoöl bmw.pdf
[2013.01.28 02:26:04 | 000,095,512 | ---- | C] () -- C:\Users\Cihan\Desktop\bumbur turkbase berlin.jpg
[2013.01.08 02:58:21 | 000,003,584 | ---- | C] () -- C:\Users\Cihan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.26 15:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.06.26 15:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.06.26 15:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.06.26 15:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.05.23 00:30:10 | 000,000,137 | -H-- | C] () -- C:\Windows\SysWow64\crkmo.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.03.10 16:00:38 | 000,000,000 | ---D | M] -- C:\Users\Cihan\AppData\Roaming\Ashampoo
[2011.02.22 04:26:52 | 000,000,000 | ---D | M] -- C:\Users\Cihan\AppData\Roaming\Charles
[2011.06.15 16:05:21 | 000,000,000 | ---D | M] -- C:\Users\Cihan\AppData\Roaming\DAEMON Tools Lite
[2013.02.21 15:35:08 | 000,000,000 | ---D | M] -- C:\Users\Cihan\AppData\Roaming\DesktopIconForAmazon
[2011.06.22 00:48:07 | 000,000,000 | ---D | M] -- C:\Users\Cihan\AppData\Roaming\GetRightToGo
[2012.09.17 20:52:45 | 000,000,000 | ---D | M] -- C:\Users\Cihan\AppData\Roaming\HDRsoft
[2011.10.15 03:09:45 | 000,000,000 | ---D | M] -- C:\Users\Cihan\AppData\Roaming\ICQ
[2012.08.29 21:25:49 | 000,000,000 | ---D | M] -- C:\Users\Cihan\AppData\Roaming\Notepad++
[2013.02.21 15:31:17 | 000,000,000 | ---D | M] -- C:\Users\Cihan\AppData\Roaming\OCS
[2013.02.21 15:31:22 | 000,000,000 | ---D | M] -- C:\Users\Cihan\AppData\Roaming\Opera
[2012.08.05 00:26:03 | 000,000,000 | ---D | M] -- C:\Users\Cihan\AppData\Roaming\Samsung
[2012.08.22 22:01:59 | 000,000,000 | ---D | M] -- C:\Users\Cihan\AppData\Roaming\Sony
[2011.08.09 19:22:39 | 000,000,000 | ---D | M] -- C:\Users\Cihan\AppData\Roaming\TeamViewer
[2011.06.22 00:48:06 | 000,000,000 | ---D | M] -- C:\Users\Cihan\AppData\Roaming\uTorrent
[2011.02.14 20:42:13 | 000,000,000 | ---D | M] -- C:\Users\Cihan\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:C68DE4A3

< End of report >
         

--- --- ---

Habe ein OTL durchlaufen lassen so wie du es auf seite 1 gesagt hattest deinen code da in otl reikopieren usw.
hier das ergebnis.OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 26.02.2013 02:07:04 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Cihan\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,80 Gb Total Physical Memory | 3,31 Gb Available Physical Memory | 57,12% Memory free
11,59 Gb Paging File | 8,47 Gb Available in Paging File | 73,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 200,64 Gb Total Space | 19,43 Gb Free Space | 9,68% Space Free | Partition Type: NTFS
Drive Z: | 32,14 Gb Total Space | 29,63 Gb Free Space | 92,17% Space Free | Partition Type: NTFS
 
Computer Name: HP2540P | User Name: Cihan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.15 23:55:36 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2013.02.15 22:45:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cihan\Downloads\OTL.exe
PRC - [2013.02.10 22:48:38 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2013.01.26 03:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\program files (x86)\google\chrome\application\chrome.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.08.17 21:38:34 | 000,128,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe
PRC - [2012.08.10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011.01.20 10:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010.03.03 14:46:56 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.03.03 14:46:54 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.01.08 22:55:54 | 000,354,840 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009.12.29 14:19:14 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009.11.11 14:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.15 02:28:22 | 012,638,576 | ---- | M] () -- C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
MOD - [2013.01.26 03:35:06 | 000,460,240 | ---- | M] () -- C:\program files (x86)\google\chrome\application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
MOD - [2013.01.26 03:35:04 | 004,012,496 | ---- | M] () -- C:\program files (x86)\google\chrome\application\24.0.1312.57\pdf.dll
MOD - [2013.01.26 03:34:19 | 000,597,968 | ---- | M] () -- C:\program files (x86)\google\chrome\application\24.0.1312.57\libglesv2.dll
MOD - [2013.01.26 03:34:18 | 000,124,368 | ---- | M] () -- C:\program files (x86)\google\chrome\application\24.0.1312.57\libegl.dll
MOD - [2013.01.26 03:34:16 | 001,552,848 | ---- | M] () -- C:\program files (x86)\google\chrome\application\24.0.1312.57\ffmpegsumo.dll
MOD - [2012.08.17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.05.13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009.12.29 23:03:24 | 002,019,120 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.02.21 22:47:29 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.15 23:55:36 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2013.02.07 13:10:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.09.27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2012.08.10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.08 00:05:34 | 000,271,360 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2010.08.23 10:40:40 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.03 14:46:56 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.03.03 14:46:54 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.01.08 22:55:54 | 000,354,840 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2009.12.29 22:44:24 | 001,639,728 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2009.12.29 14:19:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.02 00:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2007.05.31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.02.16 00:16:55 | 000,613,720 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013.02.16 00:16:55 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.10.25 12:42:02 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2012.10.25 12:42:02 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012.09.12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.08.13 16:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2012.08.02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012.06.19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.02 10:43:02 | 000,509,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
DRV:64bit: - [2011.09.02 21:29:54 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2011.09.02 21:29:52 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2011.06.22 00:54:30 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.05.13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011.05.13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.11 10:16:36 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.09.08 00:05:34 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010.08.31 04:07:04 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.06.04 02:18:56 | 001,379,376 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.06.03 15:56:06 | 001,803,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2010.02.26 14:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.01.13 16:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2010.01.08 22:45:26 | 000,409,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.01.07 19:22:44 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010.01.07 19:22:40 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010.01.07 19:22:36 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.01.07 19:22:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.09.17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.07.20 15:05:50 | 000,059,008 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rismcx64.sys -- (rismcx64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.07.14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.25 17:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009.06.10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009.02.17 10:18:48 | 000,069,192 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2009.02.17 10:17:16 | 000,084,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1A 3E 49 5C 44 D2 CB 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Cihan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.02.16 00:16:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.02.16 00:16:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.02.16 00:16:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.02.16 00:16:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.02.16 00:16:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{0F827075-B026-42F3-885D-98981EE7B1AE}: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
 
[2013.02.21 15:31:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - homepage: Delta Search
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: Delta Search
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\program files (x86)\google\chrome\application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\program files (x86)\google\chrome\application\24.0.1312.57\pdf.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plugin/online_banking_npapi.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\plugin/content_blocker_npapi.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\plugin/npVKPlugin.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plugin/npABPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U15 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Cihan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: AdBlock = C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Modul f\u00FCr das Blockieren gef\u00E4hrlicher Webseiten = C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\
CHR - Extension: Skype Click to Call = C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
CHR - Extension: Google Mail = C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\Cihan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\
 
O1 HOSTS File: ([2013.02.20 00:34:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard Company)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Cihan\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C7F3E6F-E5D7-49E0-A41E-DCB0913B7B82}: NameServer = 198.153.194.1,198.153.192.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0FF2DEC9-E2B5-4137-8096-8B7B919AF919}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36E6DF71-7F5F-4E4E-823D-E409566366D5}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36E6DF71-7F5F-4E4E-823D-E409566366D5}: NameServer = 198.153.194.1,198.153.192.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98D91A74-DDD7-45A4-AD0F-DABBF4C524F1}: NameServer = 198.153.194.1,198.153.192.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A56AC4DD-82CE-4F95-B912-EA0BF6EF3B5A}: NameServer = 198.153.194.1,198.153.192.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8174EEB-4193-4038-8650-93148FE525A9}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E60FFC6F-7C89-40FF-87B2-85A610E6E103}: NameServer = 198.153.194.1,198.153.192.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4581EC6-DE52-4275-BBE1-62D1C126BAD3}: NameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.23 02:11:46 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.02.23 02:07:48 | 009,754,024 | ---- | C] (SurfRight B.V.) -- C:\Users\Cihan\Desktop\HitmanPro_x64.exe
[2013.02.21 22:28:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\IO
[2013.02.21 17:20:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.02.21 17:20:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.02.21 17:16:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.02.21 16:04:18 | 000,000,000 | ---D | C] -- C:\Windows\de
[2013.02.21 16:03:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2013.02.21 16:02:18 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2013.02.21 16:02:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2013.02.21 16:02:14 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013.02.21 15:59:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastPictureViewer
[2013.02.21 15:59:04 | 000,000,000 | ---D | C] -- C:\Windows\WICCodecs
[2013.02.21 15:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\FastPictureViewer
[2013.02.21 15:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\FastPictureViewer
[2013.02.21 15:58:47 | 000,000,000 | R--D | C] -- C:\Users\Cihan\SkyDrive
[2013.02.21 15:58:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2013.02.21 15:58:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2013.02.21 15:56:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.02.21 15:55:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.02.21 15:32:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013.02.21 15:32:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013.02.21 15:31:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.21 15:31:22 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Roaming\Opera
[2013.02.21 15:31:17 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Roaming\OCS
[2013.02.21 14:36:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013.02.21 14:33:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Canon_Inc_IC
[2013.02.21 14:33:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon_Inc_IC
[2013.02.21 03:19:38 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{559741F7-343C-4EF9-AB69-8965C2507042}
[2013.02.21 03:06:57 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\Programs
[2013.02.21 03:06:12 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Roaming\Malwarebytes
[2013.02.21 03:05:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.21 03:05:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.21 03:05:40 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.21 03:05:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.20 01:18:39 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{728E30B0-8AD2-4B57-AD10-6736CBF44E99}
[2013.02.20 01:04:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.02.20 00:58:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.02.20 00:13:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.20 00:13:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.20 00:13:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.20 00:12:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.20 00:12:26 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.02.20 00:10:35 | 005,034,457 | R--- | C] (Swearware) -- C:\Users\Cihan\Desktop\ComboFix.exe
[2013.02.19 23:26:34 | 000,000,000 | ---D | C] -- C:\Program Files\WIBU-SYSTEMS
[2013.02.19 23:26:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WIBU-SYSTEMS
[2013.02.19 23:16:47 | 000,000,000 | ---D | C] -- C:\Users\Cihan\Desktop\BMW Software
[2013.02.19 00:55:09 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{F73F2361-CC7D-434F-BC36-A7CDC7EC6077}
[2013.02.19 00:45:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.19 00:45:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.02.18 12:54:45 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{D6B33CF2-1C63-4E3C-A12B-0D7F32DACB86}
[2013.02.18 12:51:15 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{1C15AE69-0697-4B40-8EF8-52E933A3C8DF}
[2013.02.18 01:25:59 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
[2013.02.17 21:42:53 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{EE5E5962-7966-4883-BCFF-209B8D70D46A}
[2013.02.16 20:45:47 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{C76205DA-27B2-4FE3-9CE8-C84E0BE6915D}
[2013.02.16 08:45:23 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{E121990B-C094-4249-A137-524631E62A9A}
[2013.02.15 23:35:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013
[2013.02.15 23:34:13 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2013.02.15 23:33:34 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2013.02.15 23:25:42 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Cihan\Desktop\tdsskiller.exe
[2013.02.15 20:45:07 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{A5A055E4-3D7E-494B-B897-EDCEE4B57949}
[2013.02.14 22:01:43 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{7D692DC9-E23C-4BAF-ACB3-DB12E4D6235A}
[2013.02.11 10:51:39 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{4C7E9AE2-8C12-48EB-A048-854152416937}
[2013.02.10 22:51:27 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{9289DD9D-4BEE-4234-ADB4-205E7B9424B8}
[2013.02.10 22:47:57 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{5DB13E9E-9EA9-4EF2-A50F-4A8E585B1B3F}
[2013.02.10 01:15:12 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{43C8C42B-5F12-4BA8-A7EB-538EF7670C45}
[2013.02.08 20:45:42 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{2D2E599C-079A-4452-AC41-C310DDED7CD1}
[2013.02.08 02:29:41 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{69BF5E61-2096-4EC1-B275-F28E1EA8A616}
[2013.02.08 02:29:33 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{4D61D2FE-72F6-4ED5-B93A-BC00366ACDE2}
[2013.02.07 13:23:15 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{40C20804-5DB1-4A8F-B0C6-D4BBC52AD988}
[2013.02.06 11:08:37 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{234A01D0-0301-443C-B462-9B3F8EB57669}
[2013.02.05 21:40:27 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{F291BF5A-256E-49AC-910E-FE8A0D7B3ABF}
[2013.02.04 14:50:14 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{0CF0BFA2-04CC-4CFC-B573-6C23AD12DE1F}
[2013.02.03 13:39:34 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{EB5C81D5-9273-420C-A139-CE4EFE865400}
[2013.02.02 13:03:52 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{9236DE75-3F99-4401-AE86-E417DD52F8D0}
[2013.02.02 11:50:09 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{DEFD5874-3E24-4385-942F-A8BABD269016}
[2013.02.01 10:56:07 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{E8EFAFD9-B13B-4AAA-A5A2-9250A4987AA0}
[2013.01.31 22:13:25 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{FA142269-AE4D-4D40-BF29-1D7072A03A22}
[2013.01.31 00:46:26 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{E7782B84-F6E7-4EA8-A3B9-F6CAD9CC433D}
[2013.01.30 09:24:03 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{9F5EF711-B13F-45C4-88F5-1D031332C2BB}
[2013.01.28 23:59:28 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{4871B47B-F219-497B-BD57-00CC58764E55}
[2013.01.28 01:10:27 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{7BCA72D4-A477-4F3A-8A43-000EA95936C8}
[2013.01.27 03:22:16 | 000,000,000 | ---D | C] -- C:\Users\Cihan\AppData\Local\{6D2B5391-794D-4DC9-8294-F6616C810FFE}
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.26 02:03:58 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.26 02:03:29 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3929057395-2147905070-1016382134-1000UA.job
[2013.02.26 02:03:28 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.26 02:03:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.24 14:02:13 | 000,214,366 | ---- | M] () -- C:\Users\Cihan\Desktop\fehler.jpg
[2013.02.24 13:58:17 | 000,015,232 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.24 13:58:17 | 000,015,232 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.24 13:49:44 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.24 13:49:13 | 1928,728,575 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.23 02:12:00 | 009,754,024 | ---- | M] (SurfRight B.V.) -- C:\Users\Cihan\Desktop\HitmanPro_x64.exe
[2013.02.21 22:56:19 | 000,587,671 | ---- | M] () -- C:\Users\Cihan\Desktop\adwcleaner0.exe
[2013.02.21 22:42:21 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.02.21 17:20:27 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.02.21 17:16:14 | 000,002,259 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.02.21 16:54:50 | 000,000,097 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.02.21 16:17:54 | 000,091,977 | ---- | M] () -- C:\Users\Cihan\Desktop\chrome.html
[2013.02.21 15:59:06 | 000,001,157 | ---- | M] () -- C:\Users\Public\Desktop\FastPictureViewer Cheat Sheet.lnk
[2013.02.21 15:59:06 | 000,001,087 | ---- | M] () -- C:\Users\Public\Desktop\Fast Picture Viewer 64.lnk
[2013.02.21 15:32:27 | 000,000,620 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013.02.21 12:09:15 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3929057395-2147905070-1016382134-1000Core.job
[2013.02.21 03:07:15 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.20 00:34:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.02.20 00:11:09 | 005,034,457 | R--- | M] (Swearware) -- C:\Users\Cihan\Desktop\ComboFix.exe
[2013.02.19 00:45:54 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.02.17 21:44:53 | 000,286,532 | ---- | M] () -- C:\Users\Cihan\Desktop\gefundenetrojaner.jpg
[2013.02.16 18:54:35 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.16 18:54:35 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.16 18:54:35 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.16 18:54:35 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.16 18:54:35 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.16 03:56:39 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.16 01:57:56 | 001,171,199 | ---- | M] () -- C:\Users\Cihan\Documents\hydroreinigung.pdf
[2013.02.16 00:16:55 | 000,613,720 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2013.02.16 00:16:55 | 000,054,104 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\kltdi.sys
[2013.02.16 00:00:01 | 000,134,823 | ---- | M] () -- C:\Users\Cihan\Desktop\youtube.jpg
[2013.02.15 23:34:13 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
[2013.02.15 23:24:32 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Cihan\Desktop\tdsskiller.exe
[2013.02.10 22:54:17 | 000,016,656 | ---- | M] () -- C:\Users\Cihan\Documents\Servoöl bmw.pdf
[2013.01.28 02:26:04 | 000,095,512 | ---- | M] () -- C:\Users\Cihan\Desktop\bumbur turkbase berlin.jpg
 
========== Files Created - No Company Name ==========
 
[2013.02.24 14:02:13 | 000,214,366 | ---- | C] () -- C:\Users\Cihan\Desktop\fehler.jpg
[2013.02.21 22:56:08 | 000,587,671 | ---- | C] () -- C:\Users\Cihan\Desktop\adwcleaner0.exe
[2013.02.21 22:47:30 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.21 22:42:21 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.02.21 22:42:19 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.02.21 17:20:27 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.02.21 17:16:14 | 000,002,259 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.02.21 16:54:41 | 000,000,097 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.02.21 16:17:54 | 000,091,977 | ---- | C] () -- C:\Users\Cihan\Desktop\chrome.html
[2013.02.21 16:03:51 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013.02.21 16:03:37 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013.02.21 15:59:06 | 000,001,157 | ---- | C] () -- C:\Users\Public\Desktop\FastPictureViewer Cheat Sheet.lnk
[2013.02.21 15:59:06 | 000,001,087 | ---- | C] () -- C:\Users\Public\Desktop\Fast Picture Viewer 64.lnk
[2013.02.21 15:58:46 | 000,002,179 | ---- | C] () -- C:\Users\Cihan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2013.02.21 15:32:23 | 000,000,620 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013.02.21 03:05:41 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.20 00:13:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.20 00:13:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.20 00:13:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.20 00:13:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.20 00:13:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.17 21:44:53 | 000,286,532 | ---- | C] () -- C:\Users\Cihan\Desktop\gefundenetrojaner.jpg
[2013.02.16 01:57:55 | 001,171,199 | ---- | C] () -- C:\Users\Cihan\Documents\hydroreinigung.pdf
[2013.02.16 00:00:00 | 000,134,823 | ---- | C] () -- C:\Users\Cihan\Desktop\youtube.jpg
[2013.02.15 23:35:52 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
[2013.02.10 22:54:17 | 000,016,656 | ---- | C] () -- C:\Users\Cihan\Documents\Servoöl bmw.pdf
[2013.01.28 02:26:04 | 000,095,512 | ---- | C] () -- C:\Users\Cihan\Desktop\bumbur turkbase berlin.jpg
[2013.01.08 02:58:21 | 000,003,584 | ---- | C] () -- C:\Users\Cihan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.26 15:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.06.26 15:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.06.26 15:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.06.26 15:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.05.23 00:30:10 | 000,000,137 | -H-- | C] () -- C:\Windows\SysWow64\crkmo.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.03.10 16:00:38 | 000,000,000 | ---D | M] -- C:\Users\Cihan\AppData\Roaming\Ashampoo
[2011.02.22 04:26:52 | 000,000,000 | ---D | M] -- C:\Users\Cihan\AppData\Roaming\Charles
[2011.06.15 16:05:21 | 000,000,000 | ---D | M] -- C:\Users\Cihan\AppData\Roaming\DAEMON Tools Lite
[2013.02.21 15:35:08 | 000,000,000 | ---D | M] -- C:\Users\Cihan\AppData\Roaming\DesktopIconForAmazon
[2011.06.22 00:48:07 | 000,000,000 | ---D | M] -- C:\Users\Cihan\AppData\Roaming\GetRightToGo
[2012.09.17 20:52:45 | 000,000,000 | ---D | M] -- C:\Users\Cihan\AppData\Roaming\HDRsoft
[2011.10.15 03:09:45 | 000,000,000 | ---D | M] -- C:\Users\Cihan\AppData\Roaming\ICQ
[2012.08.29 21:25:49 | 000,000,000 | ---D | M] -- C:\Users\Cihan\AppData\Roaming\Notepad++
[2013.02.21 15:31:17 | 000,000,000 | ---D | M] -- C:\Users\Cihan\AppData\Roaming\OCS
[2013.02.21 15:31:22 | 000,000,000 | ---D | M] -- C:\Users\Cihan\AppData\Roaming\Opera
[2012.08.05 00:26:03 | 000,000,000 | ---D | M] -- C:\Users\Cihan\AppData\Roaming\Samsung
[2012.08.22 22:01:59 | 000,000,000 | ---D | M] -- C:\Users\Cihan\AppData\Roaming\Sony
[2011.08.09 19:22:39 | 000,000,000 | ---D | M] -- C:\Users\Cihan\AppData\Roaming\TeamViewer
[2011.06.22 00:48:06 | 000,000,000 | ---D | M] -- C:\Users\Cihan\AppData\Roaming\uTorrent
[2011.02.14 20:42:13 | 000,000,000 | ---D | M] -- C:\Users\Cihan\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:C68DE4A3

< End of report >
         

--- --- ---

hi,
otl fix

Fixen mit OTL

• Starte bitte die OTL.exe.
• Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code: Alles auswählenAufklappen

ATTFilter

:OTL
IE - HKCU\..\URLSearchHook:  - No CLSID value found
CHR - homepage: Delta Search
CHR - homepage: Delta Search
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) -  File not found
:files
:Commands
[emptytemp]
         

• Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
• Schließe bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
  ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
  Kopiere nun den Inhalt hier in Deinen Thread

Ich habe jetzt nichts verändert bei benutzernamen usw. wüsste auch nicht wo ich das hätte eingeben sollen.
Ich habe aber gerade bemerkt das die ordner in C: dokumente und einstellungen und ein paar andere auch meine ich weg sind.

All processes killed
Error: Unable to interpret <:OTL IE - HKCU\..\URLSearchHook: - No CLSID value found CHR - homepage: Delta Search CHR - homepage: Delta Search O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - File not found :files :Commands [emptytemp]> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 02262013_155257

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

du sollst nicht alles hintereinander weg in otl eingeben, sondern so wies da steht bitte