Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: FB konto wurde gehackt / keylooger?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.04.2013, 14:41   #1
vertualx
 
FB konto wurde gehackt / keylooger? - Standard

FB konto wurde gehackt / keylooger?



Hallo erstmal ich bin neu im forum , also ich habe ein problem gestern war jemand in meinem Facebook konto und hat 4-5 leute beleidigt.....İch habe danach all die passwörte geändert und mit Avira alles gescannt es wurde nur TRDROPPER entdeckt , ich habe schon die threads über TRDROPPER gesehen und alles gelesen...Mit Spybot habe ich auch einmal system-scan gemacht und naya da wurde einpaar sachen gefunden aber ich hab echt keine ahnung was das bedeutet -.- ich wurde vielleicht keygeloggt kann mir aber nicht sicher sein wie kann ich %100 sicher sein dass mein laptop sauber ist?

Danke im voraus!!

Alt 04.04.2013, 07:41   #2
Ryko
 
FB konto wurde gehackt / keylooger? - Standard

FB konto wurde gehackt / keylooger?





Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst.

Ich bedanke mich für deine Geduld
__________________

__________________

Alt 04.04.2013, 10:42   #3
Ryko
 
FB konto wurde gehackt / keylooger? - Standard

FB konto wurde gehackt / keylooger?



Guten Tag und

Mein Name ist Rico und ich werde dir bei deinen Malware Problemen behilflich sein.
Unbedingt lesen

Es gibt ein paar Regeln für die Bereinigung, die du lesen und befolgen solltest:
  • Arbeite die Schritte nach der Reihe ab.
  • Lese dir die Anleitungen genau und gründlich durch.Falls du Fragen oder Probleme haben solltest, melde dich im Thread.
  • Bitte unterlasse Crossposting.Das erschwert deinen Helfern nur die Arbeit.
  • Verändere nichts selber am System, ausser du wurdest von mir dazu aufgefordert.
  • Poste die Logfiles direkt in deinen Thread.Hänge die Logs nur an wenn sie zu groß sind oder ich dich dazu auffordere.
  • Bei Verdacht oder Anzeichen auf Cracks,Keygens oder anderer illegaler Software stelle ich den Support sofort ein und es wird nur noch beim Neuaufsetzen des Systems geholfen

Hinweis: Ich kann dir keine Garantie geben,dass ich deinen Computer zu 100% sauber bekomme.Eine Formatierung ist meist der schnellere und immer der sicherste Weg.Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Hinweis: Sollte ich nach 3 Tagen keine Rückmeldung von dir bekommen,dann werde ich das Thema aus meinen Abos löschen.Falls du dennoch Hilfe benötigst schicke mir eine PM ,dass du weitermachen willst.


Guten Tag vertualx,
Zitat:
Avira alles gescannt
Poste bitte die Avira logs im nächsten Post.

Schritt 1:
Mit laufendem TeaTimer von Spybot Search&Destroy lässt sich keine Reinigung durchführen, da er alle gelöschten Einträge wiederherstellt. Der Teatimer muss also während der Reinigungsarbeiten abgestellt werden (lasse den Teatimer so lange ausgeschaltet, bis wir mit der Reinigung fertig sind):
Starte Spybot S&D => stelle im Menü "Modus" den "Erweiterten Modus" ein => klicke dann links unten auf "Werkzeuge" => klicke auf "Resident" => das Häkchen entfernen bei Resident "TeaTimer" (Schutz aller Systemeinstellungen) => Spybot Search&Destroy schließen => Rechner neu starten. Bebilderte Anleitung.

Schritt 2:
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).
  • Doppelklick auf die OTL.exe
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimal Ausgabe
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
__________________

Alt 04.04.2013, 13:09   #4
vertualx
 
FB konto wurde gehackt / keylooger? - Standard

FB konto wurde gehackt / keylooger?



Das mit werkzeuge habe ich nicht gefunden und mein avira ist leider auf Türkisch gestellt -.- Aber ich habe da eine vermutung immer wenn ich irgendetwas ausführen(öffnen) will fragt der mich zuerst(ist ja immer so wenn man als Administrator startet) aber jetzt kommt das garnicht mehr? İch habe extra unter einstellungen Administrator gemacht aber trotzdem keine frage fenster(oder wie ihr das nennt) bekommen , kanns sein das ein andere mein pc benutzt(als admin) und ich deswegen nix bekomme? Wie gesagt ist nur eine vermutung ich habe nicht viel ahnung vom PC...achja ich werde gleich die OTL Logs schicken aber musste ich *Scanne alle benutzer* auch einkreuzen?

Hier die logs :

OTL.txOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 4/4/2013 1:59:01 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\mücahit\Desktop
64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: ABD | Language: ENU | Date Format: M/d/yyyy
 
2.91 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 46.04% Memory free
5.83 Gb Paging File | 3.77 Gb Available in Paging File | 64.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186.30 Gb Total Space | 110.43 Gb Free Space | 59.27% Space Free | Partition Type: NTFS
Drive D: | 254.45 Gb Total Space | 250.91 Gb Free Space | 98.61% Space Free | Partition Type: NTFS
 
Computer Name: MUCAHIT | User Name: mücahit | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\mücahit\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Software Plate\svcgdp.exe (Beijing ELEX Technology Co., Ltd.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\syncables\syncables desktop\syncables.exe (syncables, LLC)
PRC - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe ()
MOD - C:\Users\mücahit\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\mücahit\AppData\Local\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\mücahit\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll ()
MOD - C:\Users\mücahit\AppData\Local\Google\Chrome\Application\26.0.1410.43\libglesv2.dll ()
MOD - C:\Users\mücahit\AppData\Local\Google\Chrome\Application\26.0.1410.43\libegl.dll ()
MOD - C:\Users\mücahit\AppData\Local\Google\Chrome\Application\26.0.1410.43\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (svcgdp) -- C:\Program Files (x86)\Software Plate\svcgdp.exe (Beijing ELEX Technology Co., Ltd.)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (Atheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (HssDRV6) -- C:\Windows\SysNative\drivers\hssdrv6.sys (AnchorFree Inc.)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (SecDrv) -- C:\Windows\SysWOW64\drivers\SECDRV.SYS (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = Certified-Toolbar Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = Certified-Toolbar Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = Certified-Toolbar Search
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = Certified-Toolbar Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Homepage.com.tr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = Certified-Toolbar Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = Certified-Toolbar Search
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKCU\..\URLSearchHook: {983e3779-31f8-4e9e-bfbd-c415842586ba} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll File not found
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\mücahit\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\mücahit\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\mücahit\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2012/05/14 17:45:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012/05/14 17:45:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2012/05/14 17:45:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/12 12:51:49 | 000,000,000 | ---D | M]
 
[2012/07/11 16:34:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mücahit\AppData\Roaming\mozilla\Firefox\extensions
[2012/07/11 16:34:15 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\mücahit\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: Homepage.com.tr
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\m\u00FCcahit\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\m\u00FCcahit\AppData\Local\Google\Chrome\Application\26.0.1410.43\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\m\u00FCcahit\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\m\u00FCcahit\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\m\u00FCcahit\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\m\u00FCcahit\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekobafpjjhenlpaamnojkagajfdpoelj\10.11.21.5_0\plugins/np-cwmp.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
CHR - plugin: WEBZEN Browser Extension (Enabled) = C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
CHR - Extension: Dark Legends = C:\Users\mücahit\AppData\Local\Google\Chrome\User Data\Default\Extensions\acfbekphmapfjpdkfedomagjpccekhaa\2.0.0.0_0\
CHR - Extension: GFACE Experience Plugin = C:\Users\mücahit\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdlfmdbdibkbfdpjocdaolcheehmpol\0.29.0_0\
CHR - Extension: Blue Exorcist Theme = C:\Users\mücahit\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgoiipfcgeibblincnkdfpicpmciinmg\1_0\
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKCU..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.)
O4 - HKCU..\Run: [MicroUpdate] C:\Users\mücahit\Documents\MSDCSC\msdcsc.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe (syncables, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\mücahit\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\mücahit\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\mücahit\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\mücahit\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFAA50F8-E654-422A-A7F2-2E7D227797B7}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/04/04 13:58:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\mücahit\Desktop\OTL.exe
[2013/04/04 13:50:22 | 000,000,000 | ---D | C] -- C:\Users\mücahit\Documents\ProcAlyzer Dumps
[2013/04/04 13:33:19 | 000,000,000 | R--D | C] -- C:\Users\mücahit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013/04/03 10:37:22 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{7853D9E3-47CA-411F-99F5-DD5E79631EBE}
[2013/04/02 12:30:23 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{234C0AA9-C8BC-46FD-B56A-1CE97E0ADFE8}
[2013/04/01 20:58:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/04/01 20:57:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/04/01 20:57:46 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/04/01 20:57:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/04/01 20:56:33 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\Programs
[2013/04/01 19:59:34 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/04/01 13:46:51 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{A5548ECB-F56A-4D61-83F8-997AB7CDBFE6}
[2013/03/30 23:33:35 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Roaming\Avira
[2013/03/30 23:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013/03/30 23:27:39 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013/03/30 23:27:39 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013/03/30 23:27:39 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013/03/30 23:27:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013/03/30 23:27:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013/03/30 13:34:19 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{709012FE-1294-4B46-BE4F-25352E83CDD1}
[2013/03/28 13:34:10 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{428E2F38-73C5-4625-A02C-C3011F6A3E80}
[2013/03/27 13:44:27 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{205B9318-7907-4C33-B491-9DC649600D88}
[2013/03/26 13:38:28 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{F6E5EA24-915D-4D58-BDE9-55387DA8BF6C}
[2013/03/25 14:23:55 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{B0A55BD4-979E-42F2-87E1-C925826CAD62}
[2013/03/24 23:31:31 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{1B205DA7-057A-48A4-8744-85611CD0612D}
[2013/03/24 13:39:46 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{94002463-58B9-4A9B-8A02-64AA02FE7D33}
[2013/03/23 12:32:50 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{A8FEAA69-A96F-4B67-A46E-CFF42639DA8F}
[2013/03/22 14:28:17 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{DBE3A7E6-5713-439D-84E6-524A807CADD0}
[2013/03/21 14:17:45 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{12D23E8A-BD66-4CA2-A858-BB25871FD3DD}
[2013/03/20 12:43:51 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{5D4B5235-2D99-4364-B607-2C6F706DE398}
[2013/03/18 12:43:25 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{9E3CF699-8D60-46E0-B7EA-69127A753996}
[2013/03/17 18:50:34 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{98204B9A-72B6-41EB-AD6A-FF8A08C95E5E}
[2013/03/17 14:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\GFACE
[2013/03/17 13:56:51 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/03/17 13:07:36 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{CE557EAC-FBD3-4D85-8B9E-4422B0B07B94}
[2013/03/16 12:29:15 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{9A49BFE5-A300-4CA6-A17E-0DE66932F929}
[2013/03/16 09:56:42 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{0E6C6D0C-95F9-49EC-AE77-13834B69CBF8}
[2013/03/14 20:22:21 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/03/14 20:22:21 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/03/14 20:22:20 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/03/14 20:22:20 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/03/14 20:22:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/03/14 20:22:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/03/14 20:22:20 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/03/14 20:22:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/03/14 20:22:19 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/03/14 20:22:19 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/03/14 20:22:19 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/03/14 20:22:19 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/03/14 20:22:18 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/03/14 20:22:18 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/03/14 20:22:17 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/03/14 14:24:06 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{6E891397-6DB9-41AF-A073-0DA68ABF95CC}
[2013/03/13 13:50:05 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{B24AB343-2580-4702-8F02-0C29F391970D}
[2013/03/12 14:36:14 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{F64F1266-E249-42F4-8B21-A8E80774551B}
[2013/03/09 13:43:01 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{E01591F4-A6F5-4AB5-B6C5-422CDB5328ED}
[2013/03/08 14:31:01 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{A4E571F9-847F-4B5A-9A13-154FCAD592DD}
[2013/03/07 22:46:01 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/03/07 22:45:34 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/03/07 22:45:34 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/03/07 22:45:34 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/03/07 22:45:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/03/07 16:45:45 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{100BEA43-B1C5-4478-8A3D-2F79DD41BCCF}
[2013/03/06 13:48:46 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{960DACB2-914D-454C-8ED9-8D7D99D6D1A8}
[2013/03/05 14:28:50 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{54C28E9A-5DB3-49F9-90B3-B0AD63ED32F8}
 
========== Files - Modified Within 30 Days ==========
 
[2013/04/04 13:52:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mücahit\Desktop\OTL.exe
[2013/04/04 13:40:28 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/04 13:40:28 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/04 13:38:50 | 001,684,052 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/04 13:38:50 | 000,701,940 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat
[2013/04/04 13:38:50 | 000,691,274 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/04 13:38:50 | 000,155,006 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat
[2013/04/04 13:38:50 | 000,137,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/04 13:32:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/04 13:32:41 | 2346,545,152 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/02 12:29:05 | 000,001,414 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2013/04/02 12:28:51 | 000,002,290 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2013/04/01 20:58:05 | 000,000,632 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/04/01 20:58:05 | 000,000,628 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/04/01 20:58:05 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/04/01 20:57:54 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/03/30 23:26:20 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013/03/30 23:26:20 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013/03/30 23:26:20 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013/03/28 23:50:30 | 000,002,340 | ---- | M] () -- C:\Users\mücahit\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/03/07 22:45:24 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/03/07 22:45:23 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/03/07 22:45:23 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/03/07 22:45:23 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/03/07 22:45:23 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/03/07 22:45:23 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
 
========== Files Created - No Company Name ==========
 
[2013/04/01 20:58:05 | 000,000,632 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/04/01 20:58:05 | 000,000,628 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/04/01 20:58:05 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/04/01 20:57:54 | 000,002,187 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/04/01 20:57:54 | 000,002,175 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/04/01 20:04:28 | 000,002,617 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
[2013/04/01 20:04:28 | 000,002,062 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
[2012/11/26 20:25:01 | 000,234,544 | ---- | C] () -- C:\Windows\RegBootClean64.exe
[2012/11/04 11:39:31 | 000,000,254 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/11/04 11:37:19 | 000,000,036 | ---- | C] () -- C:\Users\mücahit\AppData\Local\housecall.guid.cache
[2012/08/25 23:48:16 | 000,000,054 | ---- | C] () -- C:\Users\mücahit\AppData\Roaming\updater.cfg
[2012/07/31 16:44:38 | 000,000,035 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2012/07/25 01:33:52 | 001,574,032 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/28 18:15:10 | 000,045,270 | ---- | C] () -- C:\Users\mücahit\AppData\Roaming\room_v3.dat
[2012/04/04 12:46:21 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/04/04 12:46:17 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/03/19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/03/19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/03/19 23:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/03/19 22:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/02/26 18:26:13 | 000,004,096 | -H-- | C] () -- C:\Users\mücahit\AppData\Local\keyfile3.drm
[2012/02/05 00:50:13 | 000,000,012 | ---- | C] () -- C:\Users\mücahit\intlname.ols
[2011/10/24 03:29:22 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2011/10/16 21:15:35 | 000,000,396 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/05/31 08:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011/05/31 08:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011/04/22 09:38:08 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/04/22 09:36:38 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/01/12 22:54:28 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:41099CE9
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:D20FFA63

< End of report >
         
--- --- ---
EXTRAS.txOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 4/4/2013 1:59:01 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\mücahit\Desktop
64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: ABD | Language: ENU | Date Format: M/d/yyyy
 
2.91 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 46.04% Memory free
5.83 Gb Paging File | 3.77 Gb Available in Paging File | 64.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186.30 Gb Total Space | 110.43 Gb Free Space | 59.27% Space Free | Partition Type: NTFS
Drive D: | 254.45 Gb Total Space | 250.91 Gb Free Space | 98.61% Space Free | Partition Type: NTFS
 
Computer Name: MUCAHIT | User Name: mücahit | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{43C8809D-3DEF-49BA-90A9-E232D1794B7C}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | 
"{60F08968-0884-42C8-A7E2-4ADAB2980E54}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{948F2C24-4B83-4632-91FB-872BB8516AA3}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | 
"{D5C9ED20-3C2B-4BF2-BD66-FD895790AB56}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A2076E6-2CB2-4B0B-BCC0-E4B389B79871}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{21A5670D-E724-4061-BB04-F1B5B34953E7}" = protocol=6 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe | 
"{21C78642-4ADA-4394-B9C2-FA748008D9B2}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{272C17AB-3BEA-4274-BD1C-505170A92A75}" = protocol=6 | dir=in | app=c:\nexon\vindictus eu\en-eu\nmservice.exe | 
"{35FDFCC9-50DC-461E-8924-5EB1A793B604}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 
"{433F19B3-B427-4EEB-9BB9-B1EAAB4C7D28}" = protocol=6 | dir=in | app=d:\cs\counter-strike online\bin\nmservice.exe | 
"{47B148B9-E0EA-4596-8ABF-3BF73FE88DFF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{5C4EB111-6579-4D2C-9B4A-764C123DB180}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{62A5C9D2-5845-4AA3-8274-260183CB9E12}" = protocol=17 | dir=in | app=d:\cs\counter-strike online\bin\nmservice.exe | 
"{692FA98B-8E83-4EE0-919F-435FFAB12A0D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{6B4C5282-C580-4EEB-8BDE-7E2DF4DB5B77}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{7EC9EFFE-4AFC-44EB-8ED5-61E492CAABBC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{94E36A8E-D675-4275-9A9C-D4C52CEAF48F}" = protocol=17 | dir=in | app=d:\cs\counter-strike online\bin\cstrike-online.exe | 
"{99C1874C-9D03-40EA-92F5-9CF52A30A653}" = protocol=17 | dir=in | app=c:\nexon\vindictus eu\en-eu\nmservice.exe | 
"{ABF8BAB6-2887-4505-B62E-87AD36C866FE}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{CC1DE3D3-1BFE-4124-8D59-8B276EFD3C04}" = protocol=6 | dir=in | app=d:\cs\counter-strike online\bin\cstrike-online.exe | 
"{DE14FBC6-73A0-4742-B95A-E0BECEA5560A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 
"{E4D23B3E-E9EE-4508-93EB-ABA2702D9BF3}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"TCP Query User{05DDF842-5B11-4676-8CDB-12702A0189A3}C:\nexon\vindictus eu\en-eu\vindictus.exe" = protocol=6 | dir=in | app=c:\nexon\vindictus eu\en-eu\vindictus.exe | 
"TCP Query User{20B6B542-F665-44EB-9167-5CB1F3EFB951}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{27F4A48A-00E4-44B3-8CAF-8057CE4E34B0}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"TCP Query User{F56ACAB0-C53D-423E-BF01-92065EFEB103}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{2A9FF9F0-08D9-4083-A008-F9D6AA132591}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{8ED84E40-FD4F-4EB0-A33C-0A0F7DEFFEC7}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{A2EAFD0C-1AE9-41CA-A4B8-86082AA9DF1C}C:\nexon\vindictus eu\en-eu\vindictus.exe" = protocol=17 | dir=in | app=c:\nexon\vindictus eu\en-eu\vindictus.exe | 
"UDP Query User{E6FFE57C-F674-458A-BE36-0CB3FBEA1B6E}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{02E5BCCA-317C-418F-9E06-42526E050829}" = Windows Live Family Safety
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{287134AD-092F-4BD0-A6F4-911B0B351E87}" = Windows Live Family Safety
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{46CCB0D4-A98F-4009-B5A5-DE38A667D068}" = Windows Live Family Safety
"{48491B19-3759-428B-9560-7AE4697B8FFF}" = Windows Live Family Safety
"{4BD299B4-0A29-3706-B6B1-02DC71D47E26}" = Microsoft .NET Framework 4 Client Profile TRK Language Pack
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7AD6F7FC-9C8A-4413-860C-E0668B7A8E15}" = Windows Live Family Safety
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8832CAA2-4934-4916-A8BF-A9A51C6B58B3}" = Windows Live Family Safety
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Denetim Masası 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafik Sürücüsü 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX Sistem Yazılımı 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Güncelleştirmeleri 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BFBE6E95-5724-47EC-85A0-74D436AD938F}" = Windows Live Family Safety
"{C61D639C-3A1B-4654-901F-08927C804321}" = Windows Live Family Safety
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile TRK Language Pack" = Microsoft .NET Framework 4 İstemci Profili TRK Dil Paketi
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{066219C8-4BE6-46D7-9E01-60FCFA6B32DC}" = Messenger Companion
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D49C296-BCCA-4800-BAF6-A0269EBDCF74}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{3889988F-762B-4B85-AB17-71C9CC3AE445}" = Messenger Companion
"{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}" = Controle ActiveX do Windows Live Mesh para Conexões Remotas
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7F061FA8-5A87-4758-876B-17EE28B358D0}" = Messenger 浏览器插件
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{847C879C-1467-4924-A491-1302B4C58F70}" = Messenger Companion
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{9011041F-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
"{95140000-007A-0401-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007A-0404-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007A-041E-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007A-041F-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007A-0804-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A2EDAEEB-C981-46D5-8163-CF8F5F640EEE}" = ตัวควบคุม ActiveX ใน Windows Live Mesh สำหรับการเชื่อมต่อระยะไกล (ไทย)
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF088261-BC81-4FB9-9BA0-7B5B9602D01A}" = Messenger 分享元件
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D58E381C-DE02-46A9-B9D1-A2CB807D2676}" = Messenger Companion
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2F7D8E1-03A2-11E1-AA2E-F04DA23A5C58}" = MSVCRT Redists
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F992409C-9D10-4AE2-BAEB-B5409AD3785E}" = 用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文)
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"ASUS K3 Series ScreenSaver" = ASUS K3 Series ScreenSaver
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"Avira AntiVir Desktop" = Avira Free Antivirus
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Counter-Strike Online" = Counter-Strike Online
"DivX Setup" = DivX-Setup
"Free YouTube Download_is1" = Free YouTube Download version 3.1.39.1015
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1015
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"Software Plate" = Software Plate
"Vindictus EU" = Vindictus EU
"Warrock EU" = WarRock
"WinLiveSuite" = Windows Live Temel Parçalar
"WinRAR archiver" = WinRAR 4.10 (32-Bit)
"World of Goo" = World of Goo
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
 
< End of report >
         
--- --- ---

Alt 04.04.2013, 13:16   #5
vertualx
 
FB konto wurde gehackt / keylooger? - Standard

FB konto wurde gehackt / keylooger?



Hier die logs :

OTL.txOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 4/4/2013 1:59:01 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\mücahit\Desktop
64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: ABD | Language: ENU | Date Format: M/d/yyyy
 
2.91 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 46.04% Memory free
5.83 Gb Paging File | 3.77 Gb Available in Paging File | 64.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186.30 Gb Total Space | 110.43 Gb Free Space | 59.27% Space Free | Partition Type: NTFS
Drive D: | 254.45 Gb Total Space | 250.91 Gb Free Space | 98.61% Space Free | Partition Type: NTFS
 
Computer Name: MUCAHIT | User Name: mücahit | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\mücahit\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Software Plate\svcgdp.exe (Beijing ELEX Technology Co., Ltd.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\syncables\syncables desktop\syncables.exe (syncables, LLC)
PRC - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe ()
MOD - C:\Users\mücahit\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\mücahit\AppData\Local\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\mücahit\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll ()
MOD - C:\Users\mücahit\AppData\Local\Google\Chrome\Application\26.0.1410.43\libglesv2.dll ()
MOD - C:\Users\mücahit\AppData\Local\Google\Chrome\Application\26.0.1410.43\libegl.dll ()
MOD - C:\Users\mücahit\AppData\Local\Google\Chrome\Application\26.0.1410.43\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (svcgdp) -- C:\Program Files (x86)\Software Plate\svcgdp.exe (Beijing ELEX Technology Co., Ltd.)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (Atheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (HssDRV6) -- C:\Windows\SysNative\drivers\hssdrv6.sys (AnchorFree Inc.)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (SecDrv) -- C:\Windows\SysWOW64\drivers\SECDRV.SYS (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = Certified-Toolbar Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = Certified-Toolbar Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = Certified-Toolbar Search
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = Certified-Toolbar Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Homepage.com.tr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = Certified-Toolbar Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = Certified-Toolbar Search
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKCU\..\URLSearchHook: {983e3779-31f8-4e9e-bfbd-c415842586ba} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll File not found
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\mücahit\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\mücahit\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\mücahit\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2012/05/14 17:45:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012/05/14 17:45:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2012/05/14 17:45:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/12 12:51:49 | 000,000,000 | ---D | M]
 
[2012/07/11 16:34:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mücahit\AppData\Roaming\mozilla\Firefox\extensions
[2012/07/11 16:34:15 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\mücahit\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: Homepage.com.tr
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\m\u00FCcahit\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\m\u00FCcahit\AppData\Local\Google\Chrome\Application\26.0.1410.43\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\m\u00FCcahit\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\m\u00FCcahit\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\m\u00FCcahit\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\m\u00FCcahit\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekobafpjjhenlpaamnojkagajfdpoelj\10.11.21.5_0\plugins/np-cwmp.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
CHR - plugin: WEBZEN Browser Extension (Enabled) = C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
CHR - Extension: Dark Legends = C:\Users\mücahit\AppData\Local\Google\Chrome\User Data\Default\Extensions\acfbekphmapfjpdkfedomagjpccekhaa\2.0.0.0_0\
CHR - Extension: GFACE Experience Plugin = C:\Users\mücahit\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdlfmdbdibkbfdpjocdaolcheehmpol\0.29.0_0\
CHR - Extension: Blue Exorcist Theme = C:\Users\mücahit\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgoiipfcgeibblincnkdfpicpmciinmg\1_0\
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKCU..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.)
O4 - HKCU..\Run: [MicroUpdate] C:\Users\mücahit\Documents\MSDCSC\msdcsc.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe (syncables, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\mücahit\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\mücahit\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\mücahit\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\mücahit\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFAA50F8-E654-422A-A7F2-2E7D227797B7}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/04/04 13:58:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\mücahit\Desktop\OTL.exe
[2013/04/04 13:50:22 | 000,000,000 | ---D | C] -- C:\Users\mücahit\Documents\ProcAlyzer Dumps
[2013/04/04 13:33:19 | 000,000,000 | R--D | C] -- C:\Users\mücahit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013/04/03 10:37:22 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{7853D9E3-47CA-411F-99F5-DD5E79631EBE}
[2013/04/02 12:30:23 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{234C0AA9-C8BC-46FD-B56A-1CE97E0ADFE8}
[2013/04/01 20:58:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/04/01 20:57:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/04/01 20:57:46 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/04/01 20:57:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/04/01 20:56:33 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\Programs
[2013/04/01 19:59:34 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/04/01 13:46:51 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{A5548ECB-F56A-4D61-83F8-997AB7CDBFE6}
[2013/03/30 23:33:35 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Roaming\Avira
[2013/03/30 23:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013/03/30 23:27:39 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013/03/30 23:27:39 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013/03/30 23:27:39 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013/03/30 23:27:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013/03/30 23:27:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013/03/30 13:34:19 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{709012FE-1294-4B46-BE4F-25352E83CDD1}
[2013/03/28 13:34:10 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{428E2F38-73C5-4625-A02C-C3011F6A3E80}
[2013/03/27 13:44:27 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{205B9318-7907-4C33-B491-9DC649600D88}
[2013/03/26 13:38:28 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{F6E5EA24-915D-4D58-BDE9-55387DA8BF6C}
[2013/03/25 14:23:55 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{B0A55BD4-979E-42F2-87E1-C925826CAD62}
[2013/03/24 23:31:31 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{1B205DA7-057A-48A4-8744-85611CD0612D}
[2013/03/24 13:39:46 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{94002463-58B9-4A9B-8A02-64AA02FE7D33}
[2013/03/23 12:32:50 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{A8FEAA69-A96F-4B67-A46E-CFF42639DA8F}
[2013/03/22 14:28:17 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{DBE3A7E6-5713-439D-84E6-524A807CADD0}
[2013/03/21 14:17:45 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{12D23E8A-BD66-4CA2-A858-BB25871FD3DD}
[2013/03/20 12:43:51 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{5D4B5235-2D99-4364-B607-2C6F706DE398}
[2013/03/18 12:43:25 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{9E3CF699-8D60-46E0-B7EA-69127A753996}
[2013/03/17 18:50:34 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{98204B9A-72B6-41EB-AD6A-FF8A08C95E5E}
[2013/03/17 14:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\GFACE
[2013/03/17 13:56:51 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/03/17 13:07:36 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{CE557EAC-FBD3-4D85-8B9E-4422B0B07B94}
[2013/03/16 12:29:15 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{9A49BFE5-A300-4CA6-A17E-0DE66932F929}
[2013/03/16 09:56:42 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{0E6C6D0C-95F9-49EC-AE77-13834B69CBF8}
[2013/03/14 20:22:21 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/03/14 20:22:21 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/03/14 20:22:20 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/03/14 20:22:20 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/03/14 20:22:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/03/14 20:22:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/03/14 20:22:20 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/03/14 20:22:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/03/14 20:22:19 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/03/14 20:22:19 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/03/14 20:22:19 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/03/14 20:22:19 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/03/14 20:22:18 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/03/14 20:22:18 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/03/14 20:22:17 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/03/14 14:24:06 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{6E891397-6DB9-41AF-A073-0DA68ABF95CC}
[2013/03/13 13:50:05 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{B24AB343-2580-4702-8F02-0C29F391970D}
[2013/03/12 14:36:14 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{F64F1266-E249-42F4-8B21-A8E80774551B}
[2013/03/09 13:43:01 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{E01591F4-A6F5-4AB5-B6C5-422CDB5328ED}
[2013/03/08 14:31:01 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{A4E571F9-847F-4B5A-9A13-154FCAD592DD}
[2013/03/07 22:46:01 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/03/07 22:45:34 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/03/07 22:45:34 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/03/07 22:45:34 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/03/07 22:45:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/03/07 16:45:45 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{100BEA43-B1C5-4478-8A3D-2F79DD41BCCF}
[2013/03/06 13:48:46 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{960DACB2-914D-454C-8ED9-8D7D99D6D1A8}
[2013/03/05 14:28:50 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{54C28E9A-5DB3-49F9-90B3-B0AD63ED32F8}
 
========== Files - Modified Within 30 Days ==========
 
[2013/04/04 13:52:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mücahit\Desktop\OTL.exe
[2013/04/04 13:40:28 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/04 13:40:28 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/04 13:38:50 | 001,684,052 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/04 13:38:50 | 000,701,940 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat
[2013/04/04 13:38:50 | 000,691,274 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/04 13:38:50 | 000,155,006 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat
[2013/04/04 13:38:50 | 000,137,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/04 13:32:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/04 13:32:41 | 2346,545,152 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/02 12:29:05 | 000,001,414 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2013/04/02 12:28:51 | 000,002,290 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2013/04/01 20:58:05 | 000,000,632 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/04/01 20:58:05 | 000,000,628 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/04/01 20:58:05 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/04/01 20:57:54 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/03/30 23:26:20 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013/03/30 23:26:20 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013/03/30 23:26:20 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013/03/28 23:50:30 | 000,002,340 | ---- | M] () -- C:\Users\mücahit\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/03/07 22:45:24 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/03/07 22:45:23 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/03/07 22:45:23 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/03/07 22:45:23 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/03/07 22:45:23 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/03/07 22:45:23 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
 
========== Files Created - No Company Name ==========
 
[2013/04/01 20:58:05 | 000,000,632 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/04/01 20:58:05 | 000,000,628 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/04/01 20:58:05 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/04/01 20:57:54 | 000,002,187 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/04/01 20:57:54 | 000,002,175 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/04/01 20:04:28 | 000,002,617 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
[2013/04/01 20:04:28 | 000,002,062 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
[2012/11/26 20:25:01 | 000,234,544 | ---- | C] () -- C:\Windows\RegBootClean64.exe
[2012/11/04 11:39:31 | 000,000,254 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/11/04 11:37:19 | 000,000,036 | ---- | C] () -- C:\Users\mücahit\AppData\Local\housecall.guid.cache
[2012/08/25 23:48:16 | 000,000,054 | ---- | C] () -- C:\Users\mücahit\AppData\Roaming\updater.cfg
[2012/07/31 16:44:38 | 000,000,035 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2012/07/25 01:33:52 | 001,574,032 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/28 18:15:10 | 000,045,270 | ---- | C] () -- C:\Users\mücahit\AppData\Roaming\room_v3.dat
[2012/04/04 12:46:21 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/04/04 12:46:17 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/03/19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/03/19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/03/19 23:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/03/19 22:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/02/26 18:26:13 | 000,004,096 | -H-- | C] () -- C:\Users\mücahit\AppData\Local\keyfile3.drm
[2012/02/05 00:50:13 | 000,000,012 | ---- | C] () -- C:\Users\mücahit\intlname.ols
[2011/10/24 03:29:22 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2011/10/16 21:15:35 | 000,000,396 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/05/31 08:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011/05/31 08:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011/04/22 09:38:08 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/04/22 09:36:38 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/01/12 22:54:28 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:41099CE9
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:D20FFA63

< End of report >
         
--- --- ---

EXTRAS.txOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 4/4/2013 1:59:01 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\mücahit\Desktop
64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: ABD | Language: ENU | Date Format: M/d/yyyy
 
2.91 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 46.04% Memory free
5.83 Gb Paging File | 3.77 Gb Available in Paging File | 64.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186.30 Gb Total Space | 110.43 Gb Free Space | 59.27% Space Free | Partition Type: NTFS
Drive D: | 254.45 Gb Total Space | 250.91 Gb Free Space | 98.61% Space Free | Partition Type: NTFS
 
Computer Name: MUCAHIT | User Name: mücahit | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{43C8809D-3DEF-49BA-90A9-E232D1794B7C}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | 
"{60F08968-0884-42C8-A7E2-4ADAB2980E54}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{948F2C24-4B83-4632-91FB-872BB8516AA3}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | 
"{D5C9ED20-3C2B-4BF2-BD66-FD895790AB56}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A2076E6-2CB2-4B0B-BCC0-E4B389B79871}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{21A5670D-E724-4061-BB04-F1B5B34953E7}" = protocol=6 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe | 
"{21C78642-4ADA-4394-B9C2-FA748008D9B2}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{272C17AB-3BEA-4274-BD1C-505170A92A75}" = protocol=6 | dir=in | app=c:\nexon\vindictus eu\en-eu\nmservice.exe | 
"{35FDFCC9-50DC-461E-8924-5EB1A793B604}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 
"{433F19B3-B427-4EEB-9BB9-B1EAAB4C7D28}" = protocol=6 | dir=in | app=d:\cs\counter-strike online\bin\nmservice.exe | 
"{47B148B9-E0EA-4596-8ABF-3BF73FE88DFF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{5C4EB111-6579-4D2C-9B4A-764C123DB180}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{62A5C9D2-5845-4AA3-8274-260183CB9E12}" = protocol=17 | dir=in | app=d:\cs\counter-strike online\bin\nmservice.exe | 
"{692FA98B-8E83-4EE0-919F-435FFAB12A0D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{6B4C5282-C580-4EEB-8BDE-7E2DF4DB5B77}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{7EC9EFFE-4AFC-44EB-8ED5-61E492CAABBC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{94E36A8E-D675-4275-9A9C-D4C52CEAF48F}" = protocol=17 | dir=in | app=d:\cs\counter-strike online\bin\cstrike-online.exe | 
"{99C1874C-9D03-40EA-92F5-9CF52A30A653}" = protocol=17 | dir=in | app=c:\nexon\vindictus eu\en-eu\nmservice.exe | 
"{ABF8BAB6-2887-4505-B62E-87AD36C866FE}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{CC1DE3D3-1BFE-4124-8D59-8B276EFD3C04}" = protocol=6 | dir=in | app=d:\cs\counter-strike online\bin\cstrike-online.exe | 
"{DE14FBC6-73A0-4742-B95A-E0BECEA5560A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 
"{E4D23B3E-E9EE-4508-93EB-ABA2702D9BF3}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"TCP Query User{05DDF842-5B11-4676-8CDB-12702A0189A3}C:\nexon\vindictus eu\en-eu\vindictus.exe" = protocol=6 | dir=in | app=c:\nexon\vindictus eu\en-eu\vindictus.exe | 
"TCP Query User{20B6B542-F665-44EB-9167-5CB1F3EFB951}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{27F4A48A-00E4-44B3-8CAF-8057CE4E34B0}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"TCP Query User{F56ACAB0-C53D-423E-BF01-92065EFEB103}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{2A9FF9F0-08D9-4083-A008-F9D6AA132591}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{8ED84E40-FD4F-4EB0-A33C-0A0F7DEFFEC7}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{A2EAFD0C-1AE9-41CA-A4B8-86082AA9DF1C}C:\nexon\vindictus eu\en-eu\vindictus.exe" = protocol=17 | dir=in | app=c:\nexon\vindictus eu\en-eu\vindictus.exe | 
"UDP Query User{E6FFE57C-F674-458A-BE36-0CB3FBEA1B6E}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{02E5BCCA-317C-418F-9E06-42526E050829}" = Windows Live Family Safety
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{287134AD-092F-4BD0-A6F4-911B0B351E87}" = Windows Live Family Safety
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{46CCB0D4-A98F-4009-B5A5-DE38A667D068}" = Windows Live Family Safety
"{48491B19-3759-428B-9560-7AE4697B8FFF}" = Windows Live Family Safety
"{4BD299B4-0A29-3706-B6B1-02DC71D47E26}" = Microsoft .NET Framework 4 Client Profile TRK Language Pack
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7AD6F7FC-9C8A-4413-860C-E0668B7A8E15}" = Windows Live Family Safety
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8832CAA2-4934-4916-A8BF-A9A51C6B58B3}" = Windows Live Family Safety
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Denetim Masası 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafik Sürücüsü 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX Sistem Yazılımı 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Güncelleştirmeleri 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BFBE6E95-5724-47EC-85A0-74D436AD938F}" = Windows Live Family Safety
"{C61D639C-3A1B-4654-901F-08927C804321}" = Windows Live Family Safety
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile TRK Language Pack" = Microsoft .NET Framework 4 İstemci Profili TRK Dil Paketi
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{066219C8-4BE6-46D7-9E01-60FCFA6B32DC}" = Messenger Companion
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = Sonic Focus
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D49C296-BCCA-4800-BAF6-A0269EBDCF74}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{3889988F-762B-4B85-AB17-71C9CC3AE445}" = Messenger Companion
"{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}" = Controle ActiveX do Windows Live Mesh para Conexões Remotas
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7F061FA8-5A87-4758-876B-17EE28B358D0}" = Messenger 浏览器插件
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{847C879C-1467-4924-A491-1302B4C58F70}" = Messenger Companion
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{9011041F-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
"{95140000-007A-0401-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007A-0404-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007A-041E-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007A-041F-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007A-0804-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A2EDAEEB-C981-46D5-8163-CF8F5F640EEE}" = ตัวควบคุม ActiveX ใน Windows Live Mesh สำหรับการเชื่อมต่อระยะไกล (ไทย)
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF088261-BC81-4FB9-9BA0-7B5B9602D01A}" = Messenger 分享元件
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D58E381C-DE02-46A9-B9D1-A2CB807D2676}" = Messenger Companion
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5F05232-96B6-4552-A480-785A60A94B21}" = System Requirements Lab CYRI
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2F7D8E1-03A2-11E1-AA2E-F04DA23A5C58}" = MSVCRT Redists
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F992409C-9D10-4AE2-BAEB-B5409AD3785E}" = 用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文)
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"ASUS K3 Series ScreenSaver" = ASUS K3 Series ScreenSaver
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"Avira AntiVir Desktop" = Avira Free Antivirus
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Counter-Strike Online" = Counter-Strike Online
"DivX Setup" = DivX-Setup
"Free YouTube Download_is1" = Free YouTube Download version 3.1.39.1015
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1015
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"Software Plate" = Software Plate
"Vindictus EU" = Vindictus EU
"Warrock EU" = WarRock
"WinLiveSuite" = Windows Live Temel Parçalar
"WinRAR archiver" = WinRAR 4.10 (32-Bit)
"World of Goo" = World of Goo
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
OTL encountered an error while reading this event log. It may be corrupt.
 
< End of report >
         
--- --- ---


Alt 04.04.2013, 17:14   #6
Ryko
 
FB konto wurde gehackt / keylooger? - Standard

FB konto wurde gehackt / keylooger?



Guten Tag vertualx,

Okay ist schon in Ordnung.Bezüglich der Avira Logs guck mal in den Ordner und poste die Logfiles hier.
Code:
ATTFilter
C:\Program Files (x86)\Avira\AntiVir Desktop\LOGFILES
         

Das dürfte daran liegen das die UAC ausgeschaltet ist.

Schritt 1:
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2:
  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
O4 - HKCU..\Run: [MicroUpdate] C:\Users\mücahit\Documents\MSDCSC\msdcsc.exe (Microsoft Corporation)
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:41099CE9 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:D20FFA63
C:\Users\mücahit\AppData\Local\keyfile3.drm
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 
:Commands
[emptytemp]
         
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Schritt 3:
Starte bitte OTL.exe und drücke den Quick Scan Button.
Poste die OTL.txt hier in deinen Thread.
__________________
--> FB konto wurde gehackt / keylooger?

Alt 04.04.2013, 17:54   #7
vertualx
 
FB konto wurde gehackt / keylooger? - Standard

FB konto wurde gehackt / keylooger?



Die avira logfiles finde ich einfach nicht in AntiVir Desktop datei ist nichts drin.


OTL Log

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MicroUpdate deleted successfully.
C:\Users\mücahit\Documents\MSDCSC\msdcsc.exe moved successfully.
ADS C:\ProgramData\Temp:41099CE9 deleted successfully.
ADS C:\ProgramData\Temp20FFA63 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: mcahit

User: m³cahit

User: mücahit
->Temp folder emptied: 53078 bytes
->Temporary Internet Files folder emptied: 787554 bytes
->Java cache emptied: 578621 bytes
->Google Chrome cache emptied: 374513443 bytes
->Flash cache emptied: 506 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36030391 bytes
RecycleBin emptied: 156846 bytes

Total Files Cleaned = 393.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04042013_182720

Files\Folders moved on Reboot...
C:\Users\mücahit\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

adwcleaner logs ist zwar auf Türkisch aber ich schicke es trotzdem

# AdwCleaner v2.200 - Bu rapor 04/04/2013 tarihinde 18:19:16'te olusturuldu
# Son güncelleme 02/04/2013 tarihinde, Xplode tarafindan
# Isletim sistemi : Windows 7 Home Basic Service Pack 1 (64 bits)
# Kullanici : mücahit - MUCAHIT
# Mod : Normal
# Dosya konumu : C:\Users\mücahit\Desktop\adwcleaner.exe
# Seçenek [Sil]


***** [Servisler] *****


***** [Dosyalar / Klasörler] *****

Dosya Silindi : C:\Windows\Tasks\YourFile Update.job
Klasör Silindi : C:\Program Files (x86)\1ClickDownload
Klasör Silindi : C:\Program Files (x86)\Conduit
Klasör Silindi : C:\Program Files (x86)\Red Sky
Klasör Silindi : C:\ProgramData\Partner
Klasör Silindi : C:\Users\mücahit\AppData\Local\Conduit
Klasör Silindi : C:\Users\mücahit\AppData\Local\DownTango
Klasör Silindi : C:\Users\mücahit\AppData\LocalLow\Conduit
Klasör Silindi : C:\Users\mücahit\AppData\Roaming\dvdvideosoftiehelpers
Klasör Silindi : C:\Users\mücahit\AppData\Roaming\OpenCandy
Klasör Silindi : C:\Users\mücahit\AppData\Roaming\yourfiledownloader

***** [Registry] *****

Registry Key'i Silindi : HKCU\Software\1ClickDownload
Registry Key'i Silindi : HKCU\Software\AppDataLow\Software\Conduit
Registry Key'i Silindi : HKCU\Software\AppDataLow\Software\Crossrider
Registry Key'i Silindi : HKCU\Software\AppDataLow\Software\SmartBar
Registry Key'i Silindi : HKCU\Software\Conduit
Registry Key'i Silindi : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Registry Key'i Silindi : HKCU\Software\ProtectedSearch
Registry Key'i Silindi : HKCU\Software\Softonic
Registry Key'i Silindi : HKCU\Software\YourFileDownloader
Registry Key'i Silindi : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Registry Key'i Silindi : HKLM\SOFTWARE\Classes\oneclick
Registry Key'i Silindi : HKLM\SOFTWARE\Classes\oneclickmg
Registry Key'i Silindi : HKLM\Software\Conduit
Registry Key'i Silindi : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASAPI32
Registry Key'i Silindi : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASMANCS
Registry Key'i Silindi : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Registry Key'i Silindi : HKLM\Software\YourFileDownloader
Registry Key'i Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

***** [Browser'lar] *****

-\\ Internet Explorer v9.0.8112.16470

De?i?tirildi : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592 --> hxxp://www.google.com
De?i?tirildi : [HKCU\Software\Microsoft\Internet Explorer\Search - Start Page] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592 --> hxxp://www.google.com
De?i?tirildi : [HKCU\Software\Microsoft\Internet Explorer\Search - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592 --> hxxp://www.google.com
De?i?tirildi : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Page] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592 --> hxxp://www.google.com
De?i?tirildi : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592 --> hxxp://www.google.com
De?i?tirildi : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - (Default)] = hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=592&q=%s --> hxxp://www.google.com
De?i?tirildi : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592 --> hxxp://www.google.com

-\\ Google Chrome v26.0.1410.43

Dosya : C:\Users\mücahit\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Dosya temiz.(Datei sauber)OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 4/4/2013 6:34:49 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\mücahit\Desktop
64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: ABD | Language: ENU | Date Format: M/d/yyyy
 
2.91 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 51.89% Memory free
5.83 Gb Paging File | 4.23 Gb Available in Paging File | 72.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186.30 Gb Total Space | 110.77 Gb Free Space | 59.46% Space Free | Partition Type: NTFS
Drive D: | 254.45 Gb Total Space | 250.91 Gb Free Space | 98.61% Space Free | Partition Type: NTFS
 
Computer Name: MUCAHIT | User Name: mücahit | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\mücahit\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Software Plate\svcgdp.exe (Beijing ELEX Technology Co., Ltd.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\syncables\syncables desktop\syncablesMAPI.exe (syncables, LLC)
PRC - C:\Program Files (x86)\syncables\syncables desktop\syncables.exe (syncables, LLC)
PRC - C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe ()
MOD - C:\Users\mücahit\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\mücahit\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll ()
MOD - C:\Users\mücahit\AppData\Local\Google\Chrome\Application\26.0.1410.43\libglesv2.dll ()
MOD - C:\Users\mücahit\AppData\Local\Google\Chrome\Application\26.0.1410.43\libegl.dll ()
MOD - C:\Users\mücahit\AppData\Local\Google\Chrome\Application\26.0.1410.43\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (svcgdp) -- C:\Program Files (x86)\Software Plate\svcgdp.exe (Beijing ELEX Technology Co., Ltd.)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (Atheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (HssDRV6) -- C:\Windows\SysNative\drivers\hssdrv6.sys (AnchorFree Inc.)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (SecDrv) -- C:\Windows\SysWOW64\drivers\SECDRV.SYS (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = Google
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = Google
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = Google
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Homepage.com.tr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = Google
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKCU\..\URLSearchHook: {983e3779-31f8-4e9e-bfbd-c415842586ba} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll File not found
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\mücahit\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\mücahit\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\mücahit\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2012/05/14 17:45:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012/05/14 17:45:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2012/05/14 17:45:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/12 12:51:49 | 000,000,000 | ---D | M]
 
[2012/07/11 16:34:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mücahit\AppData\Roaming\mozilla\Firefox\extensions
[2012/07/11 16:34:15 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\mücahit\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: Homepage.com.tr
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\m\u00FCcahit\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\m\u00FCcahit\AppData\Local\Google\Chrome\Application\26.0.1410.43\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\m\u00FCcahit\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\m\u00FCcahit\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\m\u00FCcahit\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\m\u00FCcahit\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekobafpjjhenlpaamnojkagajfdpoelj\10.11.21.5_0\plugins/np-cwmp.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
CHR - plugin: WEBZEN Browser Extension (Enabled) = C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
CHR - Extension: Dark Legends = C:\Users\mücahit\AppData\Local\Google\Chrome\User Data\Default\Extensions\acfbekphmapfjpdkfedomagjpccekhaa\2.0.0.0_0\
CHR - Extension: GFACE Experience Plugin = C:\Users\mücahit\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdlfmdbdibkbfdpjocdaolcheehmpol\0.29.0_0\
CHR - Extension: Blue Exorcist Theme = C:\Users\mücahit\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgoiipfcgeibblincnkdfpicpmciinmg\1_0\
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKCU..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.)
O4 - HKCU..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe (syncables, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\mücahit\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\mücahit\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\mücahit\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\mücahit\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFAA50F8-E654-422A-A7F2-2E7D227797B7}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/04/04 18:30:41 | 000,000,000 | R--D | C] -- C:\Users\mücahit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013/04/04 18:27:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/04 13:58:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\mücahit\Desktop\OTL.exe
[2013/04/04 13:50:22 | 000,000,000 | ---D | C] -- C:\Users\mücahit\Documents\ProcAlyzer Dumps
[2013/04/03 10:37:22 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{7853D9E3-47CA-411F-99F5-DD5E79631EBE}
[2013/04/02 12:30:23 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{234C0AA9-C8BC-46FD-B56A-1CE97E0ADFE8}
[2013/04/01 20:58:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/04/01 20:57:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/04/01 20:57:46 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/04/01 20:57:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/04/01 20:56:33 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\Programs
[2013/04/01 19:59:34 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/04/01 13:46:51 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{A5548ECB-F56A-4D61-83F8-997AB7CDBFE6}
[2013/03/30 23:33:35 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Roaming\Avira
[2013/03/30 23:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013/03/30 23:27:39 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013/03/30 23:27:39 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013/03/30 23:27:39 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013/03/30 23:27:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013/03/30 23:27:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013/03/30 13:34:19 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{709012FE-1294-4B46-BE4F-25352E83CDD1}
[2013/03/28 13:34:10 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{428E2F38-73C5-4625-A02C-C3011F6A3E80}
[2013/03/27 13:44:27 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{205B9318-7907-4C33-B491-9DC649600D88}
[2013/03/26 13:38:28 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{F6E5EA24-915D-4D58-BDE9-55387DA8BF6C}
[2013/03/25 14:23:55 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{B0A55BD4-979E-42F2-87E1-C925826CAD62}
[2013/03/24 23:31:31 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{1B205DA7-057A-48A4-8744-85611CD0612D}
[2013/03/24 13:39:46 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{94002463-58B9-4A9B-8A02-64AA02FE7D33}
[2013/03/23 12:32:50 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{A8FEAA69-A96F-4B67-A46E-CFF42639DA8F}
[2013/03/22 14:28:17 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{DBE3A7E6-5713-439D-84E6-524A807CADD0}
[2013/03/21 14:17:45 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{12D23E8A-BD66-4CA2-A858-BB25871FD3DD}
[2013/03/20 12:43:51 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{5D4B5235-2D99-4364-B607-2C6F706DE398}
[2013/03/18 12:43:25 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{9E3CF699-8D60-46E0-B7EA-69127A753996}
[2013/03/17 18:50:34 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{98204B9A-72B6-41EB-AD6A-FF8A08C95E5E}
[2013/03/17 14:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\GFACE
[2013/03/17 13:07:36 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{CE557EAC-FBD3-4D85-8B9E-4422B0B07B94}
[2013/03/16 12:29:15 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{9A49BFE5-A300-4CA6-A17E-0DE66932F929}
[2013/03/16 09:56:42 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{0E6C6D0C-95F9-49EC-AE77-13834B69CBF8}
[2013/03/14 14:24:06 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{6E891397-6DB9-41AF-A073-0DA68ABF95CC}
[2013/03/13 13:50:05 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{B24AB343-2580-4702-8F02-0C29F391970D}
[2013/03/12 14:36:14 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{F64F1266-E249-42F4-8B21-A8E80774551B}
[2013/03/09 13:43:01 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{E01591F4-A6F5-4AB5-B6C5-422CDB5328ED}
[2013/03/08 14:31:01 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{A4E571F9-847F-4B5A-9A13-154FCAD592DD}
[2013/03/07 22:45:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/03/07 16:45:45 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{100BEA43-B1C5-4478-8A3D-2F79DD41BCCF}
[2013/03/06 13:48:46 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{960DACB2-914D-454C-8ED9-8D7D99D6D1A8}
 
========== Files - Modified Within 30 Days ==========
 
[2013/04/04 18:38:08 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/04 18:38:08 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/04 18:29:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/04 18:28:55 | 2346,545,152 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/04 18:17:06 | 000,613,083 | ---- | M] () -- C:\Users\mücahit\Desktop\adwcleaner.exe
[2013/04/04 13:52:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mücahit\Desktop\OTL.exe
[2013/04/04 13:38:50 | 001,684,052 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/04 13:38:50 | 000,701,940 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat
[2013/04/04 13:38:50 | 000,691,274 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/04 13:38:50 | 000,155,006 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat
[2013/04/04 13:38:50 | 000,137,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/02 12:29:05 | 000,001,414 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2013/04/02 12:28:51 | 000,002,290 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2013/04/01 20:58:05 | 000,000,632 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/04/01 20:58:05 | 000,000,628 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/04/01 20:58:05 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/04/01 20:57:54 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/03/30 23:26:20 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013/03/30 23:26:20 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013/03/30 23:26:20 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013/03/28 23:50:30 | 000,002,340 | ---- | M] () -- C:\Users\mücahit\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
 
========== Files Created - No Company Name ==========
 
[2013/04/04 18:17:26 | 000,613,083 | ---- | C] () -- C:\Users\mücahit\Desktop\adwcleaner.exe
[2013/04/01 20:58:05 | 000,000,632 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/04/01 20:58:05 | 000,000,628 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/04/01 20:58:05 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/04/01 20:57:54 | 000,002,187 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/04/01 20:57:54 | 000,002,175 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/04/01 20:04:28 | 000,002,617 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
[2013/04/01 20:04:28 | 000,002,062 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
[2012/11/26 20:25:01 | 000,234,544 | ---- | C] () -- C:\Windows\RegBootClean64.exe
[2012/11/04 11:39:31 | 000,000,254 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/11/04 11:37:19 | 000,000,036 | ---- | C] () -- C:\Users\mücahit\AppData\Local\housecall.guid.cache
[2012/08/25 23:48:16 | 000,000,054 | ---- | C] () -- C:\Users\mücahit\AppData\Roaming\updater.cfg
[2012/07/31 16:44:38 | 000,000,035 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2012/07/25 01:33:52 | 001,574,032 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/28 18:15:10 | 000,045,270 | ---- | C] () -- C:\Users\mücahit\AppData\Roaming\room_v3.dat
[2012/04/04 12:46:21 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/04/04 12:46:17 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/03/19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/03/19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/03/19 23:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/03/19 22:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/02/26 18:26:13 | 000,004,096 | -H-- | C] () -- C:\Users\mücahit\AppData\Local\keyfile3.drm
[2012/02/05 00:50:13 | 000,000,012 | ---- | C] () -- C:\Users\mücahit\intlname.ols
[2011/10/24 03:29:22 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2011/10/16 21:15:35 | 000,000,396 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/05/31 08:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011/05/31 08:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011/04/22 09:38:08 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/04/22 09:36:38 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/01/12 22:54:28 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/01/02 23:24:44 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\.minecraft
[2012/02/21 22:56:13 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\Asus WebStorage
[2012/08/06 16:24:50 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\DAEMON Tools Lite
[2012/06/16 00:04:42 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\dclogs
[2012/10/29 16:14:46 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\DVDVideoSoft
[2012/02/21 22:56:23 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\EeeStorageUploader
[2012/06/30 19:30:43 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\GarenaPlus
[2012/09/28 21:17:16 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\IObit
[2012/08/01 15:31:47 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\Need for Speed World
[2011/10/24 03:41:59 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\Nuance
[2012/09/27 10:40:24 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\Origin
[2012/03/18 12:34:13 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\PlayFirst
[2012/06/15 17:26:50 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\Publish Providers
[2012/08/25 23:47:19 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\Red Giant Link
[2012/08/26 15:49:25 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\Sony
[2012/11/04 16:16:44 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\SystemRequirementsLab
[2012/08/02 03:13:17 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\TeamViewer
[2012/02/21 22:56:20 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\temp
[2012/07/18 08:14:14 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\TuneUp Software
[2012/09/12 13:32:09 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\Tunngle
[2013/01/13 01:17:26 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\Unity
[2012/08/06 16:24:47 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\uTorrent
[2012/05/21 09:53:04 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\Windows Live Writer
[2012/08/06 15:29:24 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\ZalmanInstaller_otshot
[2011/10/24 03:41:57 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\Zeon
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Alt 04.04.2013, 18:47   #8
Ryko
 
FB konto wurde gehackt / keylooger? - Standard

FB konto wurde gehackt / keylooger?



Schritt 1:
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



Schritt 2:

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Mit Freundlichen Grüßen Ryko

Alt 04.04.2013, 21:03   #9
vertualx
 
FB konto wurde gehackt / keylooger? - Standard

FB konto wurde gehackt / keylooger?



Malwarebytes Anti-Malware (Test) 1.70.0.1100
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.04.04.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
mücahit :: MUCAHIT [Administrator]

Schutz: Aktiviert

4/4/2013 8:01:13 PM
mbam-log-2013-04-04 (20-01-13).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 239537
Laufzeit: 4 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\mücahit\AppData\Roaming\dclogs (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 4
C:\Users\mücahit\AppData\Roaming\ZalmanInstaller_otshot\otshotcomponent0.exe (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\mücahit\Downloads\Download TV Channels.exe (PUP.BundleInstaller.SOL) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\mücahit\AppData\Roaming\dclogs\2012-06-15-6.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\mücahit\AppData\Roaming\dclogs\2012-06-16-7.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

ESET Scanner dauert noch lange , schicke ich morgen

So eset scann ist auch fertig....List of found threats stand da garnicht konnte nur FİNİSH machen es wurde aber nichts gefunden

Alt 05.04.2013, 09:16   #10
Ryko
 
FB konto wurde gehackt / keylooger? - Standard

FB konto wurde gehackt / keylooger?



Guten Tag vertualx,
Eset sollte trotzdem ein Log erstellt haben,das findest du unter:
Code:
ATTFilter
C:\Program Files\ESET\ESET Online Scanner\log.txt
         
Poste mir das bitte in deiner nächsten Antwort.
__________________
Mit Freundlichen Grüßen Ryko

Alt 05.04.2013, 11:37   #11
vertualx
 
FB konto wurde gehackt / keylooger? - Standard

FB konto wurde gehackt / keylooger?



Oh ich habs hier

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=85c2c50b7bff2b4ebbaffb43070979e0
# engine=13553
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-04 09:15:52
# local_time=2013-04-04 11:15:52 )
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 11216 435443 5821 0
# compatibility_mode=5893 16776574 100 94 434876 116740002 0 0
# scanned=261939
# found=0
# cleaned=0
# scan_time=8195

Alt 05.04.2013, 12:58   #12
Ryko
 
FB konto wurde gehackt / keylooger? - Standard

FB konto wurde gehackt / keylooger?



Guten Tag vertualx,

Schritt 1:
Starte bitte OTL.exe und drücke den Quick Scan Button.
Poste die OTL.txt hier in deinen Thread.
__________________
Mit Freundlichen Grüßen Ryko

Alt 05.04.2013, 13:26   #13
vertualx
 
FB konto wurde gehackt / keylooger? - Standard

FB konto wurde gehackt / keylooger?



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 4/5/2013 2:11:05 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\mücahit\Desktop
64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: ABD | Language: ENU | Date Format: M/d/yyyy
 
2.91 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 46.05% Memory free
5.83 Gb Paging File | 3.68 Gb Available in Paging File | 63.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186.30 Gb Total Space | 109.34 Gb Free Space | 58.69% Space Free | Partition Type: NTFS
Drive D: | 254.45 Gb Total Space | 250.91 Gb Free Space | 98.61% Space Free | Partition Type: NTFS
 
Computer Name: MUCAHIT | User Name: mücahit | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\mücahit\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe ()
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Software Plate\svcgdp.exe (Beijing ELEX Technology Co., Ltd.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\syncables\syncables desktop\syncablesMAPI.exe (syncables, LLC)
PRC - C:\Program Files (x86)\syncables\syncables desktop\syncables.exe (syncables, LLC)
PRC - C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe ()
MOD - C:\Users\mücahit\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\mücahit\AppData\Local\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\mücahit\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll ()
MOD - C:\Users\mücahit\AppData\Local\Google\Chrome\Application\26.0.1410.43\libglesv2.dll ()
MOD - C:\Users\mücahit\AppData\Local\Google\Chrome\Application\26.0.1410.43\libegl.dll ()
MOD - C:\Users\mücahit\AppData\Local\Google\Chrome\Application\26.0.1410.43\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (svcgdp) -- C:\Program Files (x86)\Software Plate\svcgdp.exe (Beijing ELEX Technology Co., Ltd.)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (Atheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (HssDRV6) -- C:\Windows\SysNative\drivers\hssdrv6.sys (AnchorFree Inc.)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (SecDrv) -- C:\Windows\SysWOW64\drivers\SECDRV.SYS (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = Google
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = Google
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = Google
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Homepage.com.tr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = Google
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKCU\..\URLSearchHook: {983e3779-31f8-4e9e-bfbd-c415842586ba} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll File not found
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\mücahit\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\mücahit\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\mücahit\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2012/05/14 17:45:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012/05/14 17:45:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2012/05/14 17:45:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/12 12:51:49 | 000,000,000 | ---D | M]
 
[2012/07/11 16:34:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mücahit\AppData\Roaming\mozilla\Firefox\extensions
[2012/07/11 16:34:15 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\mücahit\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: Homepage.com.tr
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\m\u00FCcahit\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\m\u00FCcahit\AppData\Local\Google\Chrome\Application\26.0.1410.43\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\m\u00FCcahit\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\m\u00FCcahit\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\m\u00FCcahit\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\m\u00FCcahit\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekobafpjjhenlpaamnojkagajfdpoelj\10.11.21.5_0\plugins/np-cwmp.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
CHR - plugin: WEBZEN Browser Extension (Enabled) = C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
CHR - Extension: Dark Legends = C:\Users\mücahit\AppData\Local\Google\Chrome\User Data\Default\Extensions\acfbekphmapfjpdkfedomagjpccekhaa\2.0.0.0_0\
CHR - Extension: GFACE Experience Plugin = C:\Users\mücahit\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdlfmdbdibkbfdpjocdaolcheehmpol\0.29.0_0\
CHR - Extension: Blue Exorcist Theme = C:\Users\mücahit\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgoiipfcgeibblincnkdfpicpmciinmg\1_0\
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKCU..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.)
O4 - HKCU..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe (syncables, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\mücahit\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\mücahit\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\mücahit\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\mücahit\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFAA50F8-E654-422A-A7F2-2E7D227797B7}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/04/05 12:29:48 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{27A0E930-C9DF-4BD9-85EE-222B149D6617}
[2013/04/05 12:27:37 | 000,000,000 | R--D | C] -- C:\Users\mücahit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013/04/04 23:08:13 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warframe
[2013/04/04 23:08:12 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\Warframe
[2013/04/04 20:57:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/04/04 20:56:36 | 002,347,384 | ---- | C] (ESET) -- C:\Users\mücahit\Desktop\esetsmartinstaller_enu.exe
[2013/04/04 19:59:42 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Roaming\Malwarebytes
[2013/04/04 19:59:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/04 19:59:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/04 19:59:33 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/04 19:59:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/04/04 18:27:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/04 13:58:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\mücahit\Desktop\OTL.exe
[2013/04/04 13:50:22 | 000,000,000 | ---D | C] -- C:\Users\mücahit\Documents\ProcAlyzer Dumps
[2013/04/03 10:37:22 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{7853D9E3-47CA-411F-99F5-DD5E79631EBE}
[2013/04/02 12:30:23 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{234C0AA9-C8BC-46FD-B56A-1CE97E0ADFE8}
[2013/04/01 20:58:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/04/01 20:57:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/04/01 20:57:46 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/04/01 20:57:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/04/01 20:56:33 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\Programs
[2013/04/01 19:59:34 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/04/01 13:46:51 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{A5548ECB-F56A-4D61-83F8-997AB7CDBFE6}
[2013/03/30 23:33:35 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Roaming\Avira
[2013/03/30 23:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013/03/30 23:27:39 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013/03/30 23:27:39 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013/03/30 23:27:39 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013/03/30 23:27:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013/03/30 23:27:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013/03/30 13:34:19 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{709012FE-1294-4B46-BE4F-25352E83CDD1}
[2013/03/28 13:34:10 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{428E2F38-73C5-4625-A02C-C3011F6A3E80}
[2013/03/27 13:44:27 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{205B9318-7907-4C33-B491-9DC649600D88}
[2013/03/26 13:38:28 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{F6E5EA24-915D-4D58-BDE9-55387DA8BF6C}
[2013/03/25 14:23:55 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{B0A55BD4-979E-42F2-87E1-C925826CAD62}
[2013/03/24 23:31:31 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{1B205DA7-057A-48A4-8744-85611CD0612D}
[2013/03/24 13:39:46 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{94002463-58B9-4A9B-8A02-64AA02FE7D33}
[2013/03/23 12:32:50 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{A8FEAA69-A96F-4B67-A46E-CFF42639DA8F}
[2013/03/22 14:28:17 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{DBE3A7E6-5713-439D-84E6-524A807CADD0}
[2013/03/21 14:17:45 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{12D23E8A-BD66-4CA2-A858-BB25871FD3DD}
[2013/03/20 12:43:51 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{5D4B5235-2D99-4364-B607-2C6F706DE398}
[2013/03/18 12:43:25 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{9E3CF699-8D60-46E0-B7EA-69127A753996}
[2013/03/17 18:50:34 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{98204B9A-72B6-41EB-AD6A-FF8A08C95E5E}
[2013/03/17 14:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\GFACE
[2013/03/17 13:07:36 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{CE557EAC-FBD3-4D85-8B9E-4422B0B07B94}
[2013/03/16 12:29:15 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{9A49BFE5-A300-4CA6-A17E-0DE66932F929}
[2013/03/16 09:56:42 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{0E6C6D0C-95F9-49EC-AE77-13834B69CBF8}
[2013/03/14 14:24:06 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{6E891397-6DB9-41AF-A073-0DA68ABF95CC}
[2013/03/13 13:50:05 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{B24AB343-2580-4702-8F02-0C29F391970D}
[2013/03/12 14:36:14 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{F64F1266-E249-42F4-8B21-A8E80774551B}
[2013/03/09 13:43:01 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{E01591F4-A6F5-4AB5-B6C5-422CDB5328ED}
[2013/03/08 14:31:01 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{A4E571F9-847F-4B5A-9A13-154FCAD592DD}
[2013/03/07 22:45:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/03/07 16:45:45 | 000,000,000 | ---D | C] -- C:\Users\mücahit\AppData\Local\{100BEA43-B1C5-4478-8A3D-2F79DD41BCCF}
 
========== Files - Modified Within 30 Days ==========
 
[2013/04/05 12:26:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/05 12:26:18 | 2346,545,152 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/04 23:08:13 | 000,002,274 | ---- | M] () -- C:\Users\mücahit\Desktop\Warframe.lnk
[2013/04/04 21:52:00 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/04 21:52:00 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/04 20:56:12 | 002,347,384 | ---- | M] (ESET) -- C:\Users\mücahit\Desktop\esetsmartinstaller_enu.exe
[2013/04/04 20:51:45 | 000,001,440 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2013/04/04 19:59:35 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/04/04 18:17:06 | 000,613,083 | ---- | M] () -- C:\Users\mücahit\Desktop\adwcleaner.exe
[2013/04/04 13:52:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mücahit\Desktop\OTL.exe
[2013/04/04 13:38:50 | 001,684,052 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/04 13:38:50 | 000,701,940 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat
[2013/04/04 13:38:50 | 000,691,274 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/04 13:38:50 | 000,155,006 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat
[2013/04/04 13:38:50 | 000,137,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/02 12:28:51 | 000,002,290 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2013/04/01 20:58:05 | 000,000,632 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/04/01 20:58:05 | 000,000,628 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/04/01 20:58:05 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/04/01 20:57:54 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/03/30 23:26:20 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013/03/30 23:26:20 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013/03/30 23:26:20 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013/03/28 23:50:30 | 000,002,340 | ---- | M] () -- C:\Users\mücahit\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
 
========== Files Created - No Company Name ==========
 
[2013/04/04 23:08:13 | 000,002,274 | ---- | C] () -- C:\Users\mücahit\Desktop\Warframe.lnk
[2013/04/04 19:59:35 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/04/04 18:17:26 | 000,613,083 | ---- | C] () -- C:\Users\mücahit\Desktop\adwcleaner.exe
[2013/04/01 20:58:05 | 000,000,632 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/04/01 20:58:05 | 000,000,628 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/04/01 20:58:05 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/04/01 20:57:54 | 000,002,187 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/04/01 20:57:54 | 000,002,175 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/04/01 20:04:28 | 000,002,617 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk
[2013/04/01 20:04:28 | 000,002,062 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
[2012/11/26 20:25:01 | 000,234,544 | ---- | C] () -- C:\Windows\RegBootClean64.exe
[2012/11/04 11:39:31 | 000,000,254 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/11/04 11:37:19 | 000,000,036 | ---- | C] () -- C:\Users\mücahit\AppData\Local\housecall.guid.cache
[2012/08/25 23:48:16 | 000,000,054 | ---- | C] () -- C:\Users\mücahit\AppData\Roaming\updater.cfg
[2012/07/31 16:44:38 | 000,000,035 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2012/07/25 01:33:52 | 001,574,032 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/28 18:15:10 | 000,045,270 | ---- | C] () -- C:\Users\mücahit\AppData\Roaming\room_v3.dat
[2012/04/04 12:46:21 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/04/04 12:46:17 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/03/19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/03/19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/03/19 23:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/03/19 22:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/02/26 18:26:13 | 000,004,096 | -H-- | C] () -- C:\Users\mücahit\AppData\Local\keyfile3.drm
[2012/02/05 00:50:13 | 000,000,012 | ---- | C] () -- C:\Users\mücahit\intlname.ols
[2011/10/24 03:29:22 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2011/10/16 21:15:35 | 000,000,396 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/05/31 08:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011/05/31 08:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011/04/22 09:38:08 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/04/22 09:36:38 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/01/12 22:54:28 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/01/02 23:24:44 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\.minecraft
[2012/02/21 22:56:13 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\Asus WebStorage
[2012/08/06 16:24:50 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\DAEMON Tools Lite
[2012/10/29 16:14:46 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\DVDVideoSoft
[2012/02/21 22:56:23 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\EeeStorageUploader
[2012/06/30 19:30:43 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\GarenaPlus
[2012/09/28 21:17:16 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\IObit
[2012/08/01 15:31:47 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\Need for Speed World
[2011/10/24 03:41:59 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\Nuance
[2012/09/27 10:40:24 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\Origin
[2012/03/18 12:34:13 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\PlayFirst
[2012/06/15 17:26:50 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\Publish Providers
[2012/08/25 23:47:19 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\Red Giant Link
[2012/08/26 15:49:25 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\Sony
[2012/11/04 16:16:44 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\SystemRequirementsLab
[2012/08/02 03:13:17 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\TeamViewer
[2012/02/21 22:56:20 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\temp
[2012/07/18 08:14:14 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\TuneUp Software
[2012/09/12 13:32:09 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\Tunngle
[2013/01/13 01:17:26 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\Unity
[2012/08/06 16:24:47 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\uTorrent
[2012/05/21 09:53:04 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\Windows Live Writer
[2013/04/04 20:07:25 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\ZalmanInstaller_otshot
[2011/10/24 03:41:57 | 000,000,000 | ---D | M] -- C:\Users\mücahit\AppData\Roaming\Zeon
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Alt 05.04.2013, 15:00   #14
Ryko
 
FB konto wurde gehackt / keylooger? - Standard

FB konto wurde gehackt / keylooger?



Gehe auf Start->Systemsteuerung->Programme Deinstallieren und deinstalliere folgende Programme:
Code:
ATTFilter
Spybot - Search & Destroy
Eset Online Scanner
         
Schritt 1:
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Deinstallation.
  • Bestätige mit Ja.

Schritt 2:
Downloade dir bitte delfix auf deinen Desktop.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.
  • DelFix entfernt u. a. alle verwendeten Programme und löscht sich abschließend selbst.

Schritt 3:
Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.


Die Logfiles sind sauber und ich kann dich nun entlassen
Abschließend noch ein paar Tipps zur Absicherung deines Systems.


Zusätzlicher Schutz:
Malwarebytes Anti Malware
  • Malwarebytes Anti Malware ist ein kostenloses Anti-Malware Programm mit sehr guter Erkennungsrate.
  • Malwarebytes ist ein sogenanntes On- Demand (Bei Bedarf) Tool, d.h. du kannst es in regelmäßigen Abständen(1 mal in der Woche ist Perfekt) dein System scannen lassen.
  • Den Download findest du hier
  • Eine Anleitung zu Anwendung findest du hier
Sandboxie
ist ein Programm welches andere Programme wie z.B. Browser in einer Isolierten Umgebung startet.
Sandboxie bietet:
  • Sichereres Browsen im Internet
  • Verbesserte Privatsphäre beim surfen
  • Sichere E-Mails
Eine Anleitung zu Sandboxie findest du hier

Sicheres Browsen
Secure Banking
Secure Banking ist eine Anwendung welche den Browser vor Banking Trojaner schützt und überprüft.
  • Falls du fragen hast,Bugs findest oder anderes kannst du das in diesem Threadposten
  • Hier findest du die Offizielle Website von Secure Banking

Web of Trust
WOT ist ein Browser Addon welches dich warnt bevor du auf eine Schlecht eingestufte Website gehst.
  • WOT basiert auf User Bewertungen und muss nicht Bedeuten das die Seite nicht Infiziert ist.
  • Download für Chrome
  • Download für Firefox
  • Download für Internet Explorer
    Hinweis an Avast User : Avast! Free Antivirus beinhaltet schon ein Addon mit dem Namen Avast Web Reputation und übernimmt die selbe Funktion wie Web of Trust

Alternative Browser
Es gibt Browser die Sicherheitstechnisch etwas mehr draufhaben als der IE,Google Chrome z.B. verfügt über eine eigene Sandbox.Hier sind ein paar Alternative Browser
  • Google Chrome
    • Adblock blockiert nervige Werbebanner und Werbeanzeigen auf Websites und Videos.
    • Notscripts blockiert alle Scripts auf einer Seite und kann dich somit vor Exploits schützten.Du kannst verschiedene Scripts Manuell wieder aktivieren.
  • Mozilla Firefox
    • Adblock blockiert nervige Werbebanner und Werbeanzeigen auf Websites und Videos.
    • Noscript blockiert alle Scripts auf einer Seite und kann dich somit vor Exploits schützten.Du kannst verschiedene Scripts Manuell wieder aktivieren.
  • Opera
    • Adblock blockiert nervige Werbebanner und Werbeanzeigen auf Websites und Videos.
    • Notscripts blockiert alle Scripts auf einer Seite und kann dich somit vor Exploits schützten.Du kannst verschiedene Scripts Manuell wieder aktivieren.
Ich selber tendiere zu Chrome,da er schnell ist ,eine eingebaute Sandbox hat und durch Erweiterung stark ausbaubar ist.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )


So nun sind wir durch.Ich hoffe du warst zufrieden mit der Bereinigung.Falls du Kritik äussern möchtest oder ein Lob an das Team aussprechen willst kannst du einen Thread in dieses Unterforum posten.
Jetzt bleibt mir nur noch übrig dir viel Spaß beim Surfen zu wünschen!

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
Mit Freundlichen Grüßen Ryko

Alt 05.04.2013, 15:34   #15
vertualx
 
FB konto wurde gehackt / keylooger? - Standard

FB konto wurde gehackt / keylooger?



Results of screen317's Security Check version 0.99.61
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.70.0.1100
JavaFX 2.1.1
Java 7 Update 17
Adobe Flash Player 11.6.602.168
Google Chrome 25.0.1364.172
Google Chrome 26.0.1410.43
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Spybot Teatimer.exe is disabled!
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Antwort

Themen zu FB konto wurde gehackt / keylooger?
adware.gameplaylabs, ahnung, entdeck, entdeckt, facebook, gefunde, gehackt, gestern, geändert, keine ahnung, nicht sicher, problem, pup.bundleinstaller.sol, pup.gameplaylab, sachen, spybot, stolen.data, threads



Ähnliche Themen: FB konto wurde gehackt / keylooger?


  1. Email- Konto gehackt?
    Log-Analyse und Auswertung - 28.08.2015 (26)
  2. Email-Konto gehackt?
    Plagegeister aller Art und deren Bekämpfung - 02.06.2014 (2)
  3. Email-Konto gehackt?
    Plagegeister aller Art und deren Bekämpfung - 16.05.2014 (1)
  4. E-Mail Konto wurde anscheinend gehackt
    Plagegeister aller Art und deren Bekämpfung - 04.03.2014 (6)
  5. E-Mail Konto gehackt
    Plagegeister aller Art und deren Bekämpfung - 02.02.2014 (11)
  6. E-mail Konto gehackt
    Plagegeister aller Art und deren Bekämpfung - 27.01.2014 (17)
  7. mail gehackt - ebay-Konto missbraucht, Scans erhärten den Verdacht - System befallen!
    Log-Analyse und Auswertung - 06.01.2014 (15)
  8. Amazon-Konto gehackt! Ist mein PC infiziert?
    Log-Analyse und Auswertung - 10.04.2013 (1)
  9. Amazon-Konto gehackt, Passwort geändert
    Log-Analyse und Auswertung - 02.11.2012 (12)
  10. PayPal Konto gehackt!
    Log-Analyse und Auswertung - 08.10.2012 (23)
  11. Trojan.Mesdeh und Exploit.Java.CVE-2008.....Aol Konto gehackt und im sytem32Ordner Dateien mit asiatischen Schriftzeichen...Merkwürdig
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (15)
  12. Paypal Konto gehackt trojh gen
    Plagegeister aller Art und deren Bekämpfung - 03.09.2012 (1)
  13. Virus:Win32:InstallCore-AM ; E-Mail-Konto gehackt: Spams wurden versendet
    Plagegeister aller Art und deren Bekämpfung - 02.07.2012 (3)
  14. Nach Virus kein Internet mehr und dazu Ebay Konto gehackt!
    Mülltonne - 02.09.2011 (1)
  15. Wurde mein MSN Konto gehackt?
    Alles rund um Windows - 28.01.2011 (1)
  16. eBay und Sparkassen Konto gehackt
    Plagegeister aller Art und deren Bekämpfung - 15.10.2010 (9)
  17. paypal konto gehackt?
    Überwachung, Datenschutz und Spam - 26.06.2010 (1)

Zum Thema FB konto wurde gehackt / keylooger? - Hallo erstmal ich bin neu im forum , also ich habe ein problem gestern war jemand in meinem Facebook konto und hat 4-5 leute beleidigt.....İch habe danach all die passwörte - FB konto wurde gehackt / keylooger?...
Archiv
Du betrachtest: FB konto wurde gehackt / keylooger? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.