TechSpot

Bitcoinminer.exe infected msupdate71/dwm.exe

By Emel*
Sep 17, 2014
  1. Hi,

    My laptop is infected with TR/Bitcoinminer.exe, I searched forum pages and find someone like me but I dont want to follow the steps without asking you. I have Avira Antivirus installed but in every 5 minutes a pop up opens and gives security warning for infected dwm.exe. My system info is below, I would be very appreciate if you could help me.

    Windows 8 Pro x64
    Intel Core i7-3537U CPU
    8,00 GB Ram
    Avira Antivirus 14.0.6.570
     
  2. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. Emel*

    Emel* TS Rookie Topic Starter

    Step 1 MBAM

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 18.9.2014
    Scan Time: 09:02:14
    Logfile: mam.txt
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.09.18.01
    Rootkit Database: v2014.09.15.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 8
    CPU: x64
    File System: NTFS
    User: Emel

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 355831
    Time Elapsed: 32 min, 2 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 1
    PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-4075898193-2291822166-3250366710-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nikpibnbobmbdbheedjfogjlikpgpnhp, Delete-on-Reboot, [35e46887b2c9c1750b740ff2cf34ee12],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    Step 2 DDS
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.51.2
    Run by Emel at 10:52:06 on 2014-09-18
    Microsoft Windows 8 Pro 6.2.9200.0.1254.90.1055.18.8078.4843 [GMT 3:00]
    .
    AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
    AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\dwm.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
    C:\Windows\system32\AdminService.exe
    C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
    C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
    C:\Windows\system32\dashost.exe
    C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
    C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
    C:\Windows\system32\taskhostex.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    C:\Program Files\ASUS\P4G\BatteryLife.exe
    C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
    C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
    C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
    C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\aetcrss1.exe
    C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Users\Emel\AppData\Local\Akamai\netsession_win.exe
    C:\Users\Emel\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
    C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    C:\Windows\system32\RunDll32.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\sysWow64\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uProxyOverride = <local>
    mWinlogon: Userinit = userinit.exe
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
    BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: DVDVideoSoft IE Extension: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
    TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
    TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll
    uRun: [Facebook Update] "C:\Users\Emel\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [Akamai NetSession Interface] "C:\Users\Emel\AppData\Local\Akamai\netsession_win.exe"
    uRun: [cykmswiqcx] wscript.exe //B "C:\Users\Emel\AppData\Local\Temp\cykmswiqcx.vbs"
    uRun: [uTorrent] "C:\Users\Emel\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
    uRun: [AkisSIL.exe] D:\Palma\AkisSIL.exe
    uRun: [AVG-Secure-Search-Update_0414c] "C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe" /PROMPT /CMPID=0414c
    uRun: [GoogleChromeAutoLaunch_DCBD1231C63BF0E76FC0BA0227F92F49] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [AKISYukle] "D:\Palma\AkisSertifikaYukleyici.exe"
    mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [Net iD] C:\Windows\System32\iid.exe
    StartupFolder: C:\Users\Emel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    StartupFolder: C:\Users\Emel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITR~1.LNK - C:\Windows\System32\RunDll32.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\CARDOS~1.LNK - C:\Program Files\Siemens\CardOS API\bin\siecacst.exe
    mPolicies-System: PromptOnSecureDesktop = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    IE: Bu sayfayı kırp - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
    IE: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
    IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
    IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
    IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
    IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    IE: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
    IE: Görüntüyü kırp - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
    IE: kırp' - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
    IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
    IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    IE: Seçimi kırp - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
    IE: URL - <no file>
    IE: Yeni not - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
    IE: yi - <no file>
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
    IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
    DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxp://titubb.titck.gov.tr/Reserved.ReportViewerWebControl.axd?Culture=1055&CultureOverrides=True&UICulture=1055&UICultureOverrides=True&ReportStack=1&ControlID=b00ffb180a08478ca289e1a520725be9&Mode=true&OpType=PrintCab&Arch=X86
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{2D768DA1-BDA1-48C4-A495-35568B738E5B} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{2D768DA1-BDA1-48C4-A495-35568B738E5B}\07F6C69637566796 : DHCPNameServer = 37.220.8.189 37.220.8.190
    TCP: Interfaces\{2D768DA1-BDA1-48C4-A495-35568B738E5B}\45F607C616E64796F5F646163796 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{2D768DA1-BDA1-48C4-A495-35568B738E5B}\C496D61613 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{2D768DA1-BDA1-48C4-A495-35568B738E5B}\E45627F6D65646 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{2D768DA1-BDA1-48C4-A495-35568B738E5B}\E4F4B4941402C457D696160213332303F533131353 : DHCPNameServer = 192.168.137.1
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
    AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
    x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-BHO: DVDVideoSoft IE Extension: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
    x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
    x64-Run: [CertificateRegistration] aetcrss1.exe
    x64-Run: [MFNetworkScanUtility] C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
    x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
    x64-mPolicies-System: PromptOnSecureDesktop = dword:0
    x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
    x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
    x64-IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2013-11-28 647736]
    R0 nvpciflt;nvpciflt;C:\Windows\System32\Drivers\nvpciflt.sys [2014-1-8 32544]
    R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
    R1 avgtp;avgtp;C:\Windows\System32\Drivers\avgtpx64.sys [2014-2-21 50976]
    R1 avkmgr;avkmgr;C:\Windows\System32\Drivers\avkmgr.sys [2013-11-27 28600]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\Drivers\dtsoftbus01.sys [2014-8-22 283064]
    R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
    R2 avgntflt;avgntflt;C:\Windows\System32\Drivers\avgntflt.sys [2013-11-27 117712]
    R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\Drivers\AiCharger.sys [2012-9-18 17152]
    R3 ATP;ASUS Input Device;C:\Windows\System32\Drivers\AsusTP.sys [2013-9-23 70416]
    R3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2012-8-29 565760]
    R3 BthLEEnum;Bluetooth Düşük Enerji Sürücüsü;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]
    R3 HIDSwitch;ASUS Wireless Radio Control;C:\Windows\System32\Drivers\AsHIDSwitch64.sys [2013-10-9 20280]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2014-9-18 25816]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\Drivers\MBAMSwissArmy.sys [2014-9-18 122584]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\Drivers\mwac.sys [2014-9-18 64216]
    R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\Drivers\nvvad64v.sys [2014-1-8 39200]
    R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\Drivers\RtsBaStor.sys [2013-11-28 298640]
    R3 RTL8168;Realtek 8168 NT Sürücüsü;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
    R3 WSDScan;WSD Tarama DesteğI;C:\Windows\System32\Drivers\WSDScan.sys [2013-11-28 23552]
    R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
    S3 A38CCID;CCID USB Smart Card Reader;C:\Windows\System32\Drivers\a38ccid.sys [2014-3-24 62592]
    S3 cxbu0x64;OMNIKEY 6121;C:\Windows\System32\Drivers\cxbu0x64.sys [2013-8-19 143360]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudbus.sys [2014-1-22 108800]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudmdm.sys [2014-1-22 206080]
    S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\Drivers\taphss6.sys [2014-3-19 42184]
    S3 vmbusr;Sanal Makine Veri Yolu Sağlayıcısı;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248]
    .
    =============== Created Last 30 ================
    .
    2014-09-18 05:58:26 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-09-18 05:57:59 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-09-18 05:57:59 64216 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-09-18 05:57:59 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-09-18 05:57:59 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-09-18 05:57:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-09-17 07:43:38 33512 ----a-w- C:\Windows\SysWow64\drivers\TrueSight.sys
    2014-09-17 07:43:36 -------- d-----w- C:\ProgramData\RogueKiller
    2014-09-16 12:56:05 -------- d-----w- C:\Users\Emel\EgaApi
    2014-09-12 14:30:59 1868128 ----a-w- C:\Windows\SysWow64\d3dcsx_43.dll
    2014-09-12 14:30:58 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
    2014-09-12 13:52:58 -------- d-----w- C:\ProgramData\Nero
    2014-09-11 05:52:14 305832 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10246.bin
    2014-09-10 12:34:03 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-09-10 12:34:02 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-09-10 11:58:06 1287680 ----a-w- C:\Windows\System32\schedsvc.dll
    2014-09-10 11:56:54 26218496 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
    2014-09-10 11:56:48 25479168 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
    2014-09-10 11:56:34 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
    2014-09-10 11:56:33 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
    2014-08-28 06:04:54 4036096 ----a-w- C:\Windows\System32\win32k.sys
    2014-08-27 07:58:24 -------- d-----w- C:\Program Files (x86)\AVG Security Toolbar
    2014-08-27 07:58:16 -------- d-----w- C:\ProgramData\Avg_Update_0814tb
    2014-08-22 14:17:07 447752 ----a-r- C:\Windows\SysWow64\vp6vfw.dll
    2014-08-22 14:17:03 -------- d-----w- C:\Program Files (x86)\Microsoft WSE
    2014-08-22 14:16:41 3977496 ----a-w- C:\Windows\System32\d3dx9_31.dll
    2014-08-22 14:16:41 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll
    2014-08-22 14:04:22 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
    2014-08-22 14:04:13 -------- d-----w- C:\Users\Emel\AppData\Roaming\DAEMON Tools Lite
    2014-08-22 14:04:07 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
    2014-08-22 14:03:55 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
    2014-08-20 08:54:25 -------- d-----w- C:\Users\Emel\AppData\Local\EvernoteNW
    2014-08-20 06:04:29 11319200 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0F831CEC-5AB4-43F7-9B27-F41312877C93}\mpengine.dll
    2014-08-19 09:30:56 11319200 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    .
    ==================== Find3M ====================
    .
    2014-09-04 22:36:35 755712 ----a-w- C:\Windows\System32\aepdu.dll
    2014-09-03 01:49:12 556544 ----a-w- C:\Windows\System32\aeinv.dll
    2014-09-02 19:32:27 705480 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-09-02 19:32:27 104904 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-08-28 06:05:35 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
    2014-08-28 06:05:17 86528 ----a-w- C:\Windows\SysWow64\wudriver.dll
    2014-08-28 06:05:17 128000 ----a-w- C:\Windows\SysWow64\wuwebv.dll
    2014-08-28 06:02:15 40448 ----a-w- C:\Windows\System32\wuapp.exe
    2014-08-28 06:01:45 253440 ----a-w- C:\Windows\System32\WUSettingsProvider.dll
    2014-08-28 06:01:45 144384 ----a-w- C:\Windows\System32\wuwebv.dll
    2014-08-28 06:01:45 100352 ----a-w- C:\Windows\System32\wudriver.dll
    2014-08-28 06:01:44 17920 ----a-w- C:\Windows\System32\wuaext.dll
    2014-08-28 06:01:44 1623552 ----a-w- C:\Windows\System32\wucltux.dll
    2014-08-28 06:01:15 176640 ----a-w- C:\Windows\System32\storewuauth.dll
    2014-08-16 09:34:19 2239488 ----a-w- C:\Windows\System32\wininet.dll
    2014-08-16 09:34:10 915968 ----a-w- C:\Windows\System32\uxtheme.dll
    2014-08-16 09:32:57 3959296 ----a-w- C:\Windows\System32\jscript9.dll
    2014-08-16 09:32:05 1508864 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-08-16 07:37:20 1766400 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-08-16 07:36:19 2861568 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-08-16 07:35:44 1440768 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-08-12 08:27:45 50976 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
    2014-07-22 10:34:05 708168 ----a-w- C:\Windows\System32\drivers\WinUSBCoInstaller.dll
    2014-07-22 10:34:05 1490656 ----a-w- C:\Windows\System32\drivers\WdfCoInstaller01007.dll
    2014-07-15 23:03:48 1300992 ----a-w- C:\Windows\System32\gdi32.dll
    2014-07-15 22:51:05 71168 ----a-w- C:\Windows\System32\drivers\hdaudbus.sys
    2014-07-14 13:01:26 42040 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
    2014-07-14 13:01:22 117712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2014-07-12 02:36:04 1023488 ----a-w- C:\Windows\SysWow64\gdi32.dll
    2014-06-30 22:42:56 394240 ----a-w- C:\Windows\System32\devinv.dll
    2014-06-30 22:42:48 87552 ----a-w- C:\Windows\System32\aepic.dll
    .
    ============= FINISH: 10:53:35,53 ===============
    Attach.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 8 Pro
    Boot Device: \Device\HarddiskVolume1
    Install Date: 27.11.2013 12:07:09
    System Uptime: 18.9.2014 10:26:31 (0 hours ago)
    .
    Motherboard: ASUSTeK COMPUTER INC. | | X550CC
    Processor: Intel(R) Core(TM) i7-3537U CPU @ 2.00GHz | SOCKET 0 | 775/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 293 GiB total, 202,161 GiB free.
    D: is FIXED (NTFS) - 639 GiB total, 535,488 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    G: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: HP LaserJet Professional M1212nf MFP
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: Hewlett-Packard
    Name: HP LaserJet Professional M1212nf MFP
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: HP LaserJet 200 colorMFP M276nw
    Device ID: ROOT\MULTIFUNCTION\0001
    Manufacturer: Hewlett-Packard
    Name: HP LaserJet 200 colorMFP M276nw
    PNP Device ID: ROOT\MULTIFUNCTION\0001
    Service:
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: HP LaserJet Pro MFP M127fw
    Device ID: ROOT\MULTIFUNCTION\0002
    Manufacturer: Hewlett-Packard
    Name: HP LaserJet Pro MFP M127fw
    PNP Device ID: ROOT\MULTIFUNCTION\0002
    Service:
    .
    ==== System Restore Points ===================
    .
    RP51: 10.9.2014 15:11:38 - Windows Update
    RP52: 12.9.2014 16:52:03 - Installed Nero 9 Essentials 4.4.9.0
    RP53: 15.9.2014 09:40:13 - Removed Nero Burning ROM 2014.
    .
    ==== Installed Programs ======================
    .
    4K Video Downloader 3.4
    64 Bit HP CIO Components Installer
    ACR38/100/122 PC/SC Driver 1.1.2.0
    Adobe Reader XI (11.0.08) - Turkish
    Akamai NetSession Interface
    AKIS Yonetici (1.45)
    Altyazı Düzenleme
    ASUS InstantOn
    ASUS LifeFrame3
    ASUS Power4Gear Hybrid
    ASUS Smart Gesture
    ASUS Splendid Video Enhancement Technology
    ASUS USB Charger Plus
    ASUS Virtual Camera
    ATK Package
    µTorrent
    AVG SafeGuard toolbar
    Avira Free Antivirus
    calibre 64bit
    Canon MF Toolbox 4.9.1.1.mf16
    Canon MF4700 Series
    CardOS API
    CM Installer
    Corel PaintShop Pro X5
    DAEMON Tools Lite
    EDost
    ePUBee DRM Removal
    Evernote v. 5.5.3
    Extended Asian Language font pack for Adobe Reader XI
    Facebook Video Calling 3.1.0.521
    Foxit Cloud
    Foxit Reader
    Free YouTube Download version 3.2.42.716
    GeForce Experience NvStream Client Components
    GemPcCCID
    GIMP 2.8.10
    Google Chrome
    Google Update Helper
    HP Deskjet Ink Adv 2060 K110 Ürün Geliştirme Çalışması
    HP Deskjet Ink Adv 2060 K110 Temel Aygıt Yazılımı
    HP Deskjet Ink Adv 2060 K110 Yardım
    HP Photo Creations
    HP Update
    ICA
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel® Trusted Connect Service Client
    IPM_PSP_COM
    Java 7 Update 51
    Java Auto Updater
    Java(TM) 6 Update 25 (64-bit)
    JavaFX 2.1.1
    KIK İhale Bildirimi
    Labeljoy 5
    Malwarebytes Anti-Malware version 2.0.2.1012
    Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64)
    Microsoft Office Ev ve İş 2013 - tr-tr
    Microsoft OneDrive
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft WSE 3.0 Runtime
    neroxml
    Net iD 4.4
    NVIDIA Denetim Masası 332.21
    NVIDIA Güncelleştirmeleri 10.11.15
    NVIDIA GeForce Experience 1.8.1
    NVIDIA Grafik Sürücüsü 332.21
    NVIDIA HD Ses Sürücüsü 1.3.30.1
    NVIDIA Install Application
    NVIDIA LED Visualizer 1.0
    NVIDIA Network Service
    NVIDIA Optimus Update 10.11.15
    NVIDIA PhysX
    NVIDIA PhysX Sistem Yazılımı 9.13.0725
    NVIDIA ShadowPlay 10.11.15
    NVIDIA Update Core
    NVIDIA Virtual Audio 1.2.19
    Office 15 Click-to-Run Extensibility Component
    Office 15 Click-to-Run Licensing Component
    Office 15 Click-to-Run Localization Component
    OMNIKEY 3x21 PC/SC Driver
    Palma 2.0 sürümü
    PCL Printer Driver Uninstaller
    Pkcs11WrapperSetup64
    PSPPContent
    PSPPHelp
    PSPPro64
    REALTEK Bluetooth Driver
    Realtek High Definition Audio Driver
    Realtek PCIE Card Reader
    SafeSign
    SAMSUNG USB Driver for Mobile Phones
    Setup
    SHIELD Streaming
    Subtitle Workshop 2.51
    The Sims™ 3
    VLC media player 2.1.3
    Windows Sürücü Paketi - ACS (A38CCID) SmartCardReader (12/16/2009 1.1.6.5)
    Windows Sürücü Paketi - ACS (ACR122U) SmartCardReader (12/16/2009 1.1.6.3)
    Windows Sürücü Paketi - ACS (ACSSCR) SmartCardReader (12/15/2009 1.1.6.2)
    Windows Sürücü Paketi - ASUS (ATP) Mouse (09/17/2013 1.0.0.186)
    WinRAR 5.00 (32-bit)
    Yandex.Disk
    .
    ==== End Of File ===========================
     
  4. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [img=[url]http://www.imgdumper.nl/uploads6/51a5f31352f71/51a5f31352b88-icon_MBAR.png][/url]Malwarebytes Anti-Rootkit to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
     
  5. Emel*

    Emel* TS Rookie Topic Starter

    RogueKiller V9.2.11.0 [Sep 9 2014] by Adlice Software
    eposta : http://www.adlice.com/contact/
    Geribesleme : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    İşletim Sistemi : Windows 8 (6.2.9200 ) 64 bits version
    Zamanında başladı : Normal mod
    Kullanıcı : Emel [Yönetici Hakları]
    Mod : Tarama yap -- Tarih : 09/19/2014 08:57:52

    ¤¤¤ Kötü Niyetli İşlemler : 0 ¤¤¤

    ¤¤¤ Kayıt Defteri Girişleri : 26 ¤¤¤
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> BULUNDU
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> BULUNDU
    [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> BULUNDU
    [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> BULUNDU
    [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> BULUNDU
    [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> BULUNDU
    [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> BULUNDU
    [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> BULUNDU
    [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> BULUNDU
    [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> BULUNDU
    [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> BULUNDU
    [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> BULUNDU
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> BULUNDU
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> BULUNDU
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> BULUNDU
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> BULUNDU
    [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> BULUNDU
    [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> BULUNDU
    [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> BULUNDU
    [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> BULUNDU
    [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> BULUNDU
    [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> BULUNDU
    [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> BULUNDU
    [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> BULUNDU
    [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> BULUNDU
    [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> BULUNDU

    ¤¤¤ Planlanmış Görevler : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ HOSTS Dosyası : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: YÜKLENMEDİ [0x20]) ¤¤¤

    ¤¤¤ Web Tarayıcıları : 0 ¤¤¤

    ¤¤¤ MBR Denetimi : ¤¤¤
    +++++ PhysicalDrive0: +++++
    --- User ---
    [MBR] 1397381ecea692e90b693575a3af5456
    [BSP] f3800c578bb41bc1a2a758cfa9ed6b9c : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 299650 MB
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 614402048 | Size: 653866 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: +++++
    --- User ---
    [MBR] 394175a5441954ca4e19c0596027055d
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
    Partition table:
    0 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 8192 | Size: 3808 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] ?stek desteklenmiyor. )


    ============================================
    RKreport_DEL_09172014_105516.log - RKreport_SCN_09172014_105355.log - RKreport_SCN_09182014_183521.log




    RogueKiller V9.2.11.0 [Sep 9 2014] by Adlice Software
    eposta : http://www.adlice.com/contact/
    Geribesleme : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    İşletim Sistemi : Windows 8 (6.2.9200 ) 64 bits version
    Zamanında başladı : Normal mod
    Kullanıcı : Emel [Yönetici Hakları]
    Mod : Temizle -- Tarih : 09/19/2014 09:07:09

    ¤¤¤ Kötü Niyetli İşlemler : 0 ¤¤¤

    ¤¤¤ Kayıt Defteri Girişleri : 26 ¤¤¤
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> SEÇİLMEDİ
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> SEÇİLMEDİ
    [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> SEÇİLMEDİ
    [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> SEÇİLMEDİ
    [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> SEÇİLMEDİ
    [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> SEÇİLMEDİ
    [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> SEÇİLMEDİ
    [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> SEÇİLMEDİ
    [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> SEÇİLMEDİ
    [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> SEÇİLMEDİ
    [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> SEÇİLMEDİ
    [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> SEÇİLMEDİ
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> SEÇİLMEDİ
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> SEÇİLMEDİ
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> SEÇİLMEDİ
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> SEÇİLMEDİ
    [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> SEÇİLMEDİ
    [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> SEÇİLMEDİ
    [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> SEÇİLMEDİ
    [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> SEÇİLMEDİ
    [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> SEÇİLMEDİ
    [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> SEÇİLMEDİ
    [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> SEÇİLMEDİ
    [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> SEÇİLMEDİ
    [PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> SEÇİLMEDİ
    [PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> SEÇİLMEDİ

    ¤¤¤ Planlanmış Görevler : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ HOSTS Dosyası : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: YÜKLENMEDİ [0x20]) ¤¤¤

    ¤¤¤ Web Tarayıcıları : 0 ¤¤¤

    ¤¤¤ MBR Denetimi : ¤¤¤
    +++++ PhysicalDrive0: +++++
    --- User ---
    [MBR] 1397381ecea692e90b693575a3af5456
    [BSP] f3800c578bb41bc1a2a758cfa9ed6b9c : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 299650 MB
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 614402048 | Size: 653866 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: +++++
    --- User ---
    [MBR] 394175a5441954ca4e19c0596027055d
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
    Partition table:
    0 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 8192 | Size: 3808 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] ?stek desteklenmiyor. )


    ============================================
    RKreport_DEL_09172014_105516.log - RKreport_SCN_09172014_105355.log - RKreport_SCN_09182014_183521.log - RKreport_SCN_09192014_085752.log





    Malwarebytes Anti-Rootkit BETA 1.07.0.1012
    www.malwarebytes.org

    Database version: v2014.09.19.02

    Windows 8 x64 NTFS
    Internet Explorer 10.0.9200.17088
    Emel :: ASUS [administrator]

    19.9.2014 09:23:01
    mbar-log-2014-09-19 (09-23-01).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 360120
    Time elapsed: 32 minute(s), 37 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1012

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.2.9200 Windows 8 x64

    Account is Administrative

    Internet Explorer version: 10.0.9200.17088

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 2.494000 GHz
    Memory total: 8470065152, free: 4057907200

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1012

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.2.9200 Windows 8 x64

    Account is Administrative

    Internet Explorer version: 10.0.9200.17088

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 2.494000 GHz
    Memory total: 8470065152, free: 4070170624

    =======================================
    Initializing...
    Could not initialize database
    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1012

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.2.9200 Windows 8 x64

    Account is Administrative

    Internet Explorer version: 10.0.9200.17088

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 2.494000 GHz
    Memory total: 8470065152, free: 4201594880

    Downloaded database version: v2014.09.19.02
    Downloaded database version: v2014.09.18.01
    Initializing...
    ======================
    Done!
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 2BFB4DC8

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 716800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 718848 Numsec = 613683200

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 614402048 Numsec = 1339117568

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 1000204886016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
    Done!
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 0

    Partition information:

    Partition 0 type is Other (0xb)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 8192 Numsec = 7798784

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 3997171712 bytes
    Sector size: 512 bytes

    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
    Removal finished
     
  6. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  7. Emel*

    Emel* TS Rookie Topic Starter

    ComboFix 14-09-22.01 - Emel 22.09.2014 9:54.1.4 - x64
    Microsoft Windows 8 Pro 6.2.9200.0.1254.90.1055.18.8078.5154 [GMT 3:00]
    Running from: c:\users\Emel\Desktop\ComboFix.exe
    AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
    AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\ASUS
    c:\programdata\ASUS\LifeFrame\config0.cfg
    c:\programdata\ASUS\LifeFrame\config1.cfg
    c:\programdata\ASUS\LifeFrame\config2.cfg
    c:\programdata\ASUS\LifeFrame\config3.cfg
    c:\programdata\ASUS\LifeFrame\config4.cfg
    c:\programdata\ASUS\LifeFrame\config5.cfg
    c:\programdata\ASUS\LifeFrame\tmp0.img
    c:\programdata\ASUS\LifeFrame\tmp1.img
    c:\programdata\ASUS\LifeFrame\tmp2.img
    c:\programdata\ASUS\LifeFrame\tmp3.img
    c:\programdata\ASUS\LifeFrame\tmp4.img
    c:\programdata\ASUS\LifeFrame\tmp5.img
    c:\users\Emel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{02658F77-3DD8-41D7-8C60-29EB30F4EA1C}.xps
    c:\users\Emel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0CC81F16-3A8B-4AD1-8564-50D93A624E2B}.xps
    c:\users\Emel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1852BD9C-E39A-41CF-A113-6DCA265D827A}.xps
    c:\users\Emel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6D2D67E0-24E7-4FD4-8573-EFCE4FD3FDA5}.xps
    c:\users\Emel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7A2BAC5A-B562-4252-A5A7-24D454A3ECED}.xps
    c:\users\Emel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{942B3F50-ABF4-4EFF-B163-8C144D01545D}.xps
    c:\users\Emel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AABDE6B3-F357-4F7D-A82A-FB0F78993524}.xps
    c:\users\Emel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B710CBCC-93B4-452F-B0BA-5CE55FE691D1}.xps
    c:\users\Emel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BB991CD9-7C4B-4060-81D1-84D796E1F053}.xps
    c:\users\Emel\AppData\Local\Temp\7zS6F63\HPSLPSVC64.DLL
    D:\install.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_HPSLPSVC
    -------\Service_HPSLPSVC
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-08-22 to 2014-09-22 )))))))))))))))))))))))))))))))
    .
    .
    2014-09-22 07:07 . 2014-09-22 07:07 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-09-19 06:21 . 2014-09-19 07:12 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-09-18 15:26 . 2014-09-18 15:26 33512 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2014-09-18 15:07 . 2014-09-18 15:07 -------- d-----w- c:\users\Emel\EgaApi
    2014-09-18 05:58 . 2014-09-22 07:20 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-09-18 05:57 . 2014-09-19 06:19 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-09-18 05:57 . 2014-09-18 05:58 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2014-09-18 05:57 . 2014-09-18 05:57 -------- d-----w- c:\programdata\Malwarebytes
    2014-09-18 05:57 . 2014-05-12 04:26 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-09-18 05:57 . 2014-05-12 04:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-09-17 07:43 . 2014-09-17 07:43 33512 ----a-w- c:\windows\SysWow64\drivers\TrueSight.sys
    2014-09-17 07:43 . 2014-09-17 07:43 -------- d-----w- c:\programdata\RogueKiller
    2014-09-12 14:30 . 2010-05-26 08:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll
    2014-09-12 14:30 . 2010-05-26 08:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
    2014-09-12 13:56 . 2014-09-12 14:34 -------- d-----w- c:\users\Emel\AppData\Roaming\Nero
    2014-09-12 13:52 . 2014-09-15 06:42 -------- d-----w- c:\programdata\Nero
    2014-09-11 05:52 . 2014-09-11 05:52 305832 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10246.bin
    2014-09-10 12:34 . 2013-05-14 13:14 2706432 ----a-w- c:\windows\system32\mshtml.tlb
    2014-09-10 12:34 . 2014-08-16 09:33 97280 ----a-w- c:\windows\system32\mshtmled.dll
    2014-09-10 12:34 . 2013-05-14 09:23 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2014-09-10 12:34 . 2012-07-26 03:06 197120 ----a-w- c:\windows\system32\msrating.dll
    2014-09-10 12:32 . 2014-08-16 09:33 19280384 ----a-w- c:\windows\system32\mshtml.dll
    2014-09-10 11:58 . 2014-07-31 23:40 1287680 ----a-w- c:\windows\system32\schedsvc.dll
    2014-09-10 11:56 . 2014-07-26 02:19 26218496 ----a-w- c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
    2014-09-10 11:56 . 2014-07-26 01:52 25479168 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
    2014-09-10 11:56 . 2014-07-24 03:33 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
    2014-09-10 11:56 . 2014-07-24 03:33 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
    2014-08-28 06:04 . 2014-08-23 06:47 4036096 ----a-w- c:\windows\system32\win32k.sys
    2014-08-27 07:58 . 2014-08-27 07:58 -------- d-----w- c:\program files (x86)\AVG Security Toolbar
    2014-08-27 07:58 . 2014-08-27 07:58 -------- d-----w- c:\programdata\Avg_Update_0814tb
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-09-10 12:12 . 2013-11-28 10:50 101694776 ----a-w- c:\windows\system32\MRT.exe
    2014-09-02 19:32 . 2014-08-17 19:17 705480 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-09-02 19:32 . 2014-08-17 19:17 104904 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-08-29 10:42 . 2012-07-26 08:13 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2014-08-26 06:17 . 2013-11-27 10:15 590536 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
    2014-08-22 14:04 . 2014-08-22 14:04 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2014-08-12 08:27 . 2014-02-21 19:18 50976 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
    2014-08-10 20:17 . 2013-11-27 10:12 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
    2014-08-07 08:59 . 2014-08-20 06:04 11319200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0F831CEC-5AB4-43F7-9B27-F41312877C93}\mpengine.dll
    2014-07-22 10:34 . 2014-07-22 10:34 708168 ----a-w- c:\windows\system32\drivers\WinUSBCoInstaller.dll
    2014-07-22 10:34 . 2014-07-22 10:34 1490656 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
    2014-07-15 23:03 . 2014-08-14 06:45 1300992 ----a-w- c:\windows\system32\gdi32.dll
    2014-07-15 22:51 . 2014-08-14 09:08 71168 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
    2014-07-14 13:01 . 2013-11-27 10:22 42040 ----a-w- c:\windows\system32\drivers\avnetflt.sys
    2014-07-14 13:01 . 2013-11-27 10:17 117712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2014-07-12 02:36 . 2014-08-14 06:45 1023488 ----a-w- c:\windows\SysWow64\gdi32.dll
    2014-06-30 22:42 . 2014-07-10 06:01 394240 ----a-w- c:\windows\system32\devinv.dll
    2014-06-30 22:42 . 2014-07-10 06:01 87552 ----a-w- c:\windows\system32\aepic.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2014-08-26 06:29 3627032 ----a-w- c:\program files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
    2014-07-16 13:56 297128 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll" [2014-08-26 3627032]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2014-03-08 08:49 222920 ----a-w- c:\users\Emel\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2014-03-08 08:49 222920 ----a-w- c:\users\Emel\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2014-03-08 08:49 222920 ----a-w- c:\users\Emel\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\SkyDriveShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Akamai NetSession Interface"="c:\users\Emel\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
    "uTorrent"="c:\users\Emel\AppData\Roaming\uTorrent\uTorrent.exe" [2014-07-04 1322832]
    "AkisSIL.exe"="d:\palma\AkisSIL.exe" [2010-08-11 24576]
    "AVG-Secure-Search-Update_0414c"="c:\program files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe" [2014-04-25 2725912]
    "GoogleChromeAutoLaunch_DCBD1231C63BF0E76FC0BA0227F92F49"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-09-04 852808]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-08-20 751184]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
    "vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2014-08-26 2640408]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
    "Net iD"="c:\windows\system32\iid.exe" [2007-02-12 77824]
    .
    c:\users\Emel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2014-7-25 1109344]
    Monitör Mürekkep Uyarıları - HP Deskjet Ink Adv 2060 K110.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet Ink Adv 2060 K110\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN23L33K9Y05M9;CONNECTION=USB;MONITOR=1; [2012-7-26 51712]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
    CardOS API.lnk - c:\program files\Siemens\CardOS API\bin\siecacst.exe [2014-1-25 81920]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "PromptOnSecureDesktop"= 0 (0x0)
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableCursorSuppression"= 1 (0x1)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "Userinit"="userinit.exe"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    R3 A38CCID;CCID USB Smart Card Reader;c:\windows\system32\DRIVERS\a38ccid.sys;c:\windows\SYSNATIVE\DRIVERS\a38ccid.sys [x]
    R3 cxbu0x64;OMNIKEY 6121;c:\windows\system32\DRIVERS\cxbu0x64.sys;c:\windows\SYSNATIVE\DRIVERS\cxbu0x64.sys [x]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
    R3 mdareDriver_43;mdareDriver_43;c:\program files (x86)\Fortinet\FortiClient\mdare64_43.sys;c:\program files (x86)\Fortinet\FortiClient\mdare64_43.sys [x]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
    R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
    R3 WSDScan;WSD Tarama DesteğI;c:\windows\System32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
    R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
    S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
    S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
    S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]
    S2 AntiVirSchedulerService;Avira Zamanlayıcı;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
    S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
    S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [x]
    S2 AtherosSvc;AtherosSvc;c:\windows\system32\AdminService.exe;c:\windows\SYSNATIVE\AdminService.exe [x]
    S2 ClickToRunSvc;Microsoft Office Tıklat-Çalıştır Hizmeti;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
    S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]
    S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
    S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [x]
    S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
    S3 ATP;ASUS Input Device;c:\windows\System32\drivers\AsusTP.sys;c:\windows\SYSNATIVE\drivers\AsusTP.sys [x]
    S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
    S3 BthLEEnum;Bluetooth Düşük Enerji Sürücüsü;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
    S3 HIDSwitch;ASUS Wireless Radio Control;c:\windows\System32\drivers\AsHIDSwitch64.sys;c:\windows\SYSNATIVE\drivers\AsHIDSwitch64.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
    S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
    S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]
    S3 RTL8168;Realtek 8168 NT Sürücüsü;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-09-15 06:12 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-09-22 c:\windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job
    - c:\program files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2014-04-25 08:16]
    .
    2014-09-22 c:\windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job
    - c:\program files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2014-04-25 08:16]
    .
    2014-09-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4075898193-2291822166-3250366710-1001Core.job
    - c:\users\Emel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-28 11:14]
    .
    2014-09-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4075898193-2291822166-3250366710-1001UA.job
    - c:\users\Emel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-28 11:14]
    .
    2014-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-28 09:45]
    .
    2014-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-28 09:45]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
    2014-05-27 14:49 357376 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2014-03-08 08:50 261832 ----a-w- c:\users\Emel\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2014-03-08 08:50 261832 ----a-w- c:\users\Emel\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2014-03-08 08:50 261832 ----a-w- c:\users\Emel\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2014-08-26 06:21 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2014-08-26 06:21 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2014-08-26 06:21 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0YndCase0Sync]
    @="{63D48440-63AB-44D0-B323-4731DFCDE9E9}"
    [HKEY_CLASSES_ROOT\CLSID\{63D48440-63AB-44D0-B323-4731DFCDE9E9}]
    2014-06-25 22:32 1300768 ----a-w- c:\program files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0YndCase1Modified]
    @="{7E7DC279-E6BE-4D57-9DEC-14FA0339DBC0}"
    [HKEY_CLASSES_ROOT\CLSID\{7E7DC279-E6BE-4D57-9DEC-14FA0339DBC0}]
    2014-06-25 22:32 1300768 ----a-w- c:\program files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0YndCase2Error]
    @="{FB2FE984-05F5-4512-9D9B-69D3DE61F6D9}"
    [HKEY_CLASSES_ROOT\CLSID\{FB2FE984-05F5-4512-9D9B-69D3DE61F6D9}]
    2014-06-25 22:32 1300768 ----a-w- c:\program files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0YndCase3Shared]
    @="{AF8D197E-7022-4c3d-BD88-68AD35C9C169}"
    [HKEY_CLASSES_ROOT\CLSID\{AF8D197E-7022-4c3d-BD88-68AD35C9C169}]
    2014-06-25 22:32 1300768 ----a-w- c:\program files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
    "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
    "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]
    "CertificateRegistration"="aetcrss1.exe" [2012-03-13 191488]
    "MFNetworkScanUtility"="c:\program files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE" [2012-09-27 486552]
    "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 3933496]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-05-30 13550152]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    IE: Bu sayfayı kırp - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
    IE: Clip Image - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
    IE: Clip selection - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
    IE: Clip this page - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
    IE: Clip URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
    IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
    IE: Görüntüyü kırp - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
    IE: kırp' - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
    IE: New Note - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
    IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    IE: Seçimi kırp - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
    IE: URL
    IE: Yeni not - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
    IE: yi
    IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
    TCP: DhcpNameServer = 192.168.1.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
    DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxp://titubb.titck.gov.tr/Reserved.ReportViewerWebControl.axd?Culture=1055&CultureOverrides=True&UICulture=1055&UICultureOverrides=True&ReportStack=1&ControlID=b00ffb180a08478ca289e1a520725be9&Mode=true&OpType=PrintCab&Arch=X86
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-AKISYukle - d:\palma\AkisSertifikaYukleyici.exe
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    AddRemove-Net iD - c:\windows\system32\iid.exe
    AddRemove-{9D3D8C60-A5EF-4123-B2B9-172095903AB} - c:\program files (x86)\InstallShield Installation Information\{9D3D8C60-A5EF-4123-B2B9-172095903AB}\Install.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    @SACL=(02 0000)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
    c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
    c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    c:\program files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
    c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
    c:\program files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2014-09-22 10:29:48 - machine was rebooted
    ComboFix-quarantined-files.txt 2014-09-22 07:29
    .
    Pre-Run: 220.630.085.632 bytes free
    Post-Run: 222.758.006.784 bytes free
    .
    - - End Of File - - E1046B3802DB2F0A3332CE970DD473FF
     
  8. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Looks good.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  9. Emel*

    Emel* TS Rookie Topic Starter

    # AdwCleaner v3.310 - Rapor olusturuldu 24/09/2014 tarihinde 08:45:36
    # Guncellendi 12/09/2014 tarafindan Xplode
    # Isletim sistemi : Windows 8 Pro (64 bits)
    # Kullanici adi : Emel - ASUS
    # Adwcleaner konumu : C:\Users\Emel\Desktop\adwcleaner_3.310.exe
    # Tarama turu : Temizle

    ***** [ Servisler ] *****


    ***** [ Dosyalar / Klasorler ] *****

    Klasor Silindi : C:\ProgramData\AVG SafeGuard toolbar
    Klasor Silindi : C:\ProgramData\AVG Secure Search
    Klasor Silindi : C:\Program Files (x86)\AVG SafeGuard toolbar
    Klasor Silindi : C:\Program Files (x86)\AVG Security Toolbar
    Klasor Silindi : C:\Program Files (x86)\Common Files\AVG Secure Search
    Klasor Silindi : C:\Windows\SysWOW64\hotspot shield
    [!] Klasor Silindi : C:\Users\Emel\AppData\Local\AVG SafeGuard toolbar
    Klasor Silindi : C:\Users\Emel\AppData\LocalLow\AVG SafeGuard toolbar

    ***** [ Görevler ] *****


    ***** [ Kisayollar ] *****


    ***** [ Registry ] *****

    Deger Silindi : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    Registry Key Silindi : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Registry Key Silindi : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
    Registry Key Silindi : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
    Registry Key Silindi : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
    Registry Key Silindi : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
    Registry Key Silindi : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
    Registry Key Silindi : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Registry Key Silindi : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Registry Key Silindi : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Registry Key Silindi : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Deger Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
    Registry Key Silindi : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Registry Key Silindi : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Registry Key Silindi : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Registry Key Silindi : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Registry Key Silindi : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Registry Key Silindi : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Registry Key Silindi : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Registry Key Silindi : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Registry Key Silindi : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
    Registry Key Silindi : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Registry Key Silindi : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Registry Key Silindi : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Registry Key Silindi : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Registry Key Silindi : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Registry Key Silindi : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Registry Key Silindi : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Registry Key Silindi : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Registry Key Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Registry Key Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
    Registry Key Silindi : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Registry Key Silindi : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
    Registry Key Silindi : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Registry Key Silindi : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Registry Key Silindi : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
    Registry Key Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Registry Key Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Registry Key Silindi : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
    Registry Key Silindi : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Registry Key Silindi : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Registry Key Silindi : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Deger Silindi : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Registry Key Silindi : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
    Registry Key Silindi : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Registry Key Silindi : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Registry Key Silindi : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Registry Key Silindi : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Registry Key Silindi : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
    Registry Key Silindi : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Registry Key Silindi : HKCU\Software\anchorfree
    Registry Key Silindi : HKCU\Software\AVG SafeGuard toolbar
    Registry Key Silindi : HKCU\Software\AVG Security Toolbar
    Registry Key Silindi : HKLM\SOFTWARE\AVG SafeGuard toolbar
    Registry Key Silindi : HKLM\SOFTWARE\AVG Security Toolbar
    Registry Key Silindi : HKLM\SOFTWARE\Description
    Registry Key Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar

    ***** [ Tarayicilar ] *****

    -\\ Internet Explorer v10.0.9200.16537


    -\\ Google Chrome v37.0.2062.120

    *************************

    AdwCleaner[R0].txt - [7117 octets] - [24/09/2014 08:41:38]
    AdwCleaner[S0].txt - [6617 octets] - [24/09/2014 08:45:36]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6677 octets] ##########

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.2.0 (09.22.2014:1)
    OS: Windows 8 Pro x64
    Ran by Emel on €ar 24.09.2014 at 9:00:21,21
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
    Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001\Software\Microsoft\Internet Explorer\Main\\Start Page



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on €ar 24.09.2014 at 9:06:01,75
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  10. Emel*

    Emel* TS Rookie Topic Starter

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
    Ran by Emel (administrator) on ASUS on 24-09-2014 09:32:54
    Running from C:\Users\Emel\Desktop
    Platform: Windows 8 Pro (X64) OS Language: Türkçe (Türkiye)
    Internet Explorer Version 10
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
    (Atheros Commnucations) C:\Windows\System32\AdminService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
    (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
    () C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (A.E.T. Europe B.V.) C:\Windows\System32\aetcrss1.exe
    (CANON INC.) C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Akamai Technologies, Inc.) C:\Users\Emel\AppData\Local\Akamai\netsession_win.exe
    () C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
    (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    (Akamai Technologies, Inc.) C:\Users\Emel\AppData\Local\Akamai\netsession_win.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [CertificateRegistration] => C:\Windows\system32\aetcrss1.exe [191488 2012-03-13] (A.E.T. Europe B.V.)
    HKLM\...\Run: [MFNetworkScanUtility] => C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [486552 2012-09-27] (CANON INC.)
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13550152 2013-05-30] (Realtek Semiconductor)
    HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-20] (Avira Operations GmbH & Co. KG)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Net iD] => C:\Windows\SysWOW64\iid.exe [77824 2007-02-12] (NetMaker Consulting Group AB)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    Winlogon\Notify\ScCertProp: wlnotify.dll [X]
    HKU\S-1-5-21-4075898193-2291822166-3250366710-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Emel\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
    HKU\S-1-5-21-4075898193-2291822166-3250366710-1001\...\Run: [uTorrent] => C:\Users\Emel\AppData\Roaming\uTorrent\uTorrent.exe [1322832 2014-07-04] (BitTorrent Inc.)
    HKU\S-1-5-21-4075898193-2291822166-3250366710-1001\...\Run: [AkisSIL.exe] => D:\Palma\AkisSIL.exe [24576 2010-08-11] ()
    HKU\S-1-5-21-4075898193-2291822166-3250366710-1001\...\Run: [AVG-Secure-Search-Update_0414c] => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2725912 2014-04-25] ()
    HKU\S-1-5-21-4075898193-2291822166-3250366710-1001\...\Run: [GoogleChromeAutoLaunch_DCBD1231C63BF0E76FC0BA0227F92F49] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-09-04] (Google Inc.)
    HKU\S-1-5-21-4075898193-2291822166-3250366710-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CardOS API.lnk
    ShortcutTarget: CardOS API.lnk -> C:\Program Files\Siemens\CardOS API\bin\siecacst.exe (Siemens AG)
    Startup: C:\Users\Emel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
    ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    Startup: C:\Users\Emel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitör Mürekkep Uyarıları - HP Deskjet Ink Adv 2060 K110.lnk
    ShortcutTarget: Monitör Mürekkep Uyarıları - HP Deskjet Ink Adv 2060 K110.lnk -> C:\Program Files\HP\HP Deskjet Ink Adv 2060 K110\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
    ShellIconOverlayIdentifiers: 0YndCase0Sync -> {63D48440-63AB-44D0-B323-4731DFCDE9E9} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll ()
    ShellIconOverlayIdentifiers: 0YndCase1Modified -> {7E7DC279-E6BE-4D57-9DEC-14FA0339DBC0} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll ()
    ShellIconOverlayIdentifiers: 0YndCase2Error -> {FB2FE984-05F5-4512-9D9B-69D3DE61F6D9} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll ()
    ShellIconOverlayIdentifiers: 0YndCase3Shared -> {AF8D197E-7022-4c3d-BD88-68AD35C9C169} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll ()

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBACBB0C858EBCE01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = tr-TR
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    DPF: HKLM-x32 {5554DCB0-700B-498D-9B58-4E40E5814405} http://titubb.titck.gov.tr/Reserved...a520725be9&Mode=true&OpType=PrintCab&Arch=X86
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Emel\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
    FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-07-24]

    Chrome:
    =======
    CHR Profile: C:\Users\Emel\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Wallet) - C:\Users\Emel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-28]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-20] (Avira Operations GmbH & Co. KG)
    R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-20] (Avira Operations GmbH & Co. KG)
    R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
    R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-29] (Atheros Commnucations)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
    R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [239680 2014-02-19] (Foxit Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
    R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
    R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
    S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
    R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
    S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
    S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]
    S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 A38CCID; C:\Windows\system32\DRIVERS\a38ccid.sys [62592 2014-03-24] (Advanced Card Systems Ltd.)
    R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70416 2013-09-23] (ASUS Corporation)
    R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-14] (Avira Operations GmbH & Co. KG)
    R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-12] (AVG Technologies)
    R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
    R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-13] (Avira Operations GmbH & Co. KG)
    R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
    S3 cxbu0x64; C:\Windows\system32\DRIVERS\cxbu0x64.sys [143360 2013-08-19] (HID Global Corporation)
    R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-08-22] (Disc Soft Ltd)
    R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
    R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
    S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-03-19] (Anchorfree Inc.)
    U3 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [33512 2014-09-18] ()
    U3 TrueSight; C:\Windows\SysWOW64\Drivers\TrueSight.sys [33512 2014-09-17] ()
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    S3 mdareDriver_43; \??\C:\Program Files (x86)\Fortinet\FortiClient\mdare64_43.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-09-24 09:32 - 2014-09-24 09:33 - 00017866 _____ () C:\Users\Emel\Desktop\FRST.txt
    2014-09-24 09:32 - 2014-09-24 09:32 - 00000000 ____D () C:\FRST
    2014-09-24 09:06 - 2014-09-24 09:06 - 00001351 _____ () C:\Users\Emel\Desktop\JRT.txt
    2014-09-24 09:00 - 2014-09-24 09:00 - 00000000 ____D () C:\Windows\ERUNT
    2014-09-24 08:50 - 2014-09-24 08:50 - 00006785 _____ () C:\Users\Emel\Desktop\AdwCleaner[S0].txt
    2014-09-24 08:41 - 2014-09-24 08:45 - 00000000 ____D () C:\AdwCleaner
    2014-09-23 14:15 - 2014-09-23 14:15 - 00000000 ____D () C:\Users\Emel\EgaApi
    2014-09-23 13:55 - 2014-09-23 13:55 - 02105856 _____ (Farbar) C:\Users\Emel\Desktop\FRST64.exe
    2014-09-23 13:55 - 2014-09-23 13:55 - 01024790 _____ (Thisisu) C:\Users\Emel\Desktop\JRT.exe
    2014-09-23 13:54 - 2014-09-23 13:55 - 01373475 _____ () C:\Users\Emel\Desktop\adwcleaner_3.310.exe
    2014-09-22 10:29 - 2014-09-22 10:29 - 00028439 _____ () C:\ComboFix.txt
    2014-09-22 09:49 - 2011-06-26 09:45 - 00256000 _____ () C:\Windows\PEV.exe
    2014-09-22 09:49 - 2010-11-07 20:20 - 00208896 _____ () C:\Windows\MBR.exe
    2014-09-22 09:49 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-09-22 09:49 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-09-22 09:49 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-09-22 09:49 - 2000-08-31 03:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
    2014-09-22 09:49 - 2000-08-31 03:00 - 00098816 _____ () C:\Windows\sed.exe
    2014-09-22 09:49 - 2000-08-31 03:00 - 00080412 _____ () C:\Windows\grep.exe
    2014-09-22 09:49 - 2000-08-31 03:00 - 00068096 _____ () C:\Windows\zip.exe
    2014-09-22 09:46 - 2014-09-22 10:29 - 00000000 ____D () C:\Qoobox
    2014-09-22 09:45 - 2014-09-22 10:23 - 00000000 ____D () C:\Windows\erdnt
    2014-09-22 02:08 - 2014-09-22 02:08 - 00285683 _____ () C:\Users\Emel\Desktop\LİMA STOK.xlsx
    2014-09-19 09:21 - 2014-09-19 10:12 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-09-18 18:26 - 2014-09-18 18:26 - 00033512 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2014-09-18 11:25 - 2014-09-18 11:25 - 00006835 _____ () C:\Users\Emel\Documents\DokumaninIndirildigineIliskinForm3.html
    2014-09-18 11:24 - 2014-09-18 11:25 - 05733513 _____ () C:\Users\Emel\Documents\ihale_dokumani_2014_109257.zip
    2014-09-18 11:20 - 2014-09-18 11:20 - 00006829 _____ () C:\Users\Emel\Documents\DokumaninIndirildigineIliskinForm1.html
    2014-09-18 11:19 - 2014-09-18 11:20 - 05990206 _____ () C:\Users\Emel\Documents\ihale_dokumani_2014_109585.zip
    2014-09-18 11:17 - 2014-09-18 11:17 - 00006821 _____ () C:\Users\Emel\Documents\DokumaninIndirildigineIliskinForm.html
    2014-09-18 08:57 - 2014-09-18 08:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-09-17 16:11 - 2014-09-18 08:35 - 00024415 _____ () C:\Users\Emel\Desktop\Standart İhale Evrakları.xlsx
    2014-09-17 10:43 - 2014-09-17 10:43 - 00033512 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
    2014-09-17 10:43 - 2014-09-17 10:43 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-09-16 15:57 - 2014-09-16 15:57 - 00001130 _____ () C:\Users\Emel\Documents\ihale_dokumani_2014_100341.zip
    2014-09-16 10:16 - 2014-09-16 10:16 - 03632135 _____ () C:\Users\Emel\Documents\ihale_dokumani_2014_92408.zip
    2014-09-12 20:55 - 2014-09-12 20:55 - 00039087 _____ () C:\Users\Emel\Documents\UDF1.nru
    2014-09-12 20:40 - 2014-09-12 20:40 - 00000000 ____D () C:\Users\Emel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.Disk
    2014-09-12 18:24 - 2014-09-12 18:24 - 00035869 _____ () C:\Users\Emel\Documents\KarışıkMod1.nrm
    2014-09-12 17:30 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
    2014-09-12 17:30 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
    2014-09-12 16:56 - 2014-09-12 17:34 - 00000000 ____D () C:\Users\Emel\AppData\Roaming\Nero
    2014-09-12 16:52 - 2014-09-15 09:42 - 00000000 ____D () C:\ProgramData\Nero
    2014-09-12 16:05 - 2014-09-12 16:05 - 00012750 _____ () C:\Users\Emel\Desktop\trek otw ubb.xlsx
    2014-09-12 12:09 - 2014-09-12 12:09 - 00000685 _____ () C:\Users\Emel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ipscan23.lnk
    2014-09-12 11:37 - 2014-09-12 11:37 - 00000497 _____ () C:\Users\Emel\Desktop\Elements.lnk
    2014-09-12 10:52 - 2014-09-16 12:11 - 01801790 _____ () C:\Users\Emel\Desktop\Lima Sagl_k Teklif Sablonu.xlsx
    2014-09-10 15:34 - 2014-08-16 12:33 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-09-10 15:34 - 2014-08-16 10:36 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-09-10 15:34 - 2014-03-07 03:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-09-10 15:34 - 2013-05-14 16:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-09-10 15:34 - 2013-05-14 12:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-09-10 15:34 - 2012-07-26 06:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-09-10 15:33 - 2014-08-16 12:34 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-09-10 15:33 - 2014-08-16 12:34 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-09-10 15:33 - 2014-08-16 12:34 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
    2014-09-10 15:33 - 2014-08-16 12:34 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-09-10 15:33 - 2014-08-16 12:33 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-09-10 15:33 - 2014-08-16 12:32 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-09-10 15:33 - 2014-08-16 12:32 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-09-10 15:33 - 2014-08-16 12:32 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-09-10 15:33 - 2014-08-16 12:32 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-09-10 15:33 - 2014-08-16 12:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2014-09-10 15:33 - 2014-08-16 12:32 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-09-10 15:33 - 2014-08-16 12:32 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-09-10 15:33 - 2014-08-16 12:32 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-09-10 15:33 - 2014-08-16 10:37 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-09-10 15:33 - 2014-08-16 10:37 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-09-10 15:33 - 2014-08-16 10:36 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-09-10 15:33 - 2014-08-16 10:36 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-09-10 15:33 - 2014-08-16 10:36 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-09-10 15:33 - 2014-08-16 10:36 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2014-09-10 15:33 - 2014-08-16 10:36 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-09-10 15:33 - 2014-08-16 10:36 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-09-10 15:33 - 2014-08-16 10:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-09-10 15:33 - 2014-08-16 10:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-09-10 15:33 - 2014-08-16 10:35 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-09-10 15:33 - 2013-05-16 01:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
    2014-09-10 15:33 - 2013-05-16 01:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
    2014-09-10 15:33 - 2013-02-21 13:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2014-09-10 15:33 - 2013-02-21 13:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-09-10 15:33 - 2013-02-21 13:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-09-10 15:33 - 2013-02-21 13:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-09-10 15:33 - 2013-02-21 13:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
    2014-09-10 15:33 - 2013-02-21 13:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-09-10 15:33 - 2013-02-19 12:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
    2014-09-10 15:33 - 2012-11-08 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-09-10 15:33 - 2012-11-08 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-09-10 15:32 - 2014-08-16 12:33 - 19280384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-09-10 15:32 - 2014-08-16 10:36 - 14369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-09-10 14:58 - 2014-08-01 02:40 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
    2014-09-10 14:57 - 2014-09-05 01:36 - 00755712 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-09-10 14:57 - 2014-09-03 04:49 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-09-10 14:57 - 2014-08-28 14:34 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2014-09-10 14:57 - 2014-08-28 09:05 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2014-09-10 14:57 - 2014-08-28 09:05 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2014-09-10 14:57 - 2014-08-28 09:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2014-09-10 14:57 - 2014-08-28 09:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2014-09-10 14:57 - 2014-08-28 09:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2014-09-10 14:57 - 2014-08-28 09:01 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2014-09-10 14:57 - 2014-08-28 09:01 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2014-09-10 14:57 - 2014-08-28 09:01 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2014-09-10 14:57 - 2014-08-28 09:01 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
    2014-09-10 14:57 - 2014-08-28 09:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
    2014-09-10 14:57 - 2014-08-28 09:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2014-09-10 14:57 - 2014-08-28 09:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2014-09-10 14:57 - 2014-08-28 09:01 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
    2014-09-10 14:57 - 2014-06-05 04:12 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
    2014-09-10 14:57 - 2014-06-04 02:12 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
    2014-09-10 14:56 - 2014-07-24 06:33 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
    2014-09-10 14:56 - 2014-07-24 06:33 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
    2014-09-04 09:45 - 2014-09-04 09:46 - 00000873 _____ () C:\Users\Emel\Desktop\LTD ŞTİ.lnk
    2014-09-04 09:42 - 2014-09-04 09:42 - 00000851 _____ () C:\Users\Emel\Desktop\GoPlus.lnk
    2014-09-02 14:26 - 2014-09-23 18:17 - 00005036 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Asus-Emel Asus
    2014-08-28 09:04 - 2014-08-23 09:47 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-08-27 10:58 - 2014-08-27 10:58 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-09-24 09:33 - 2014-09-24 09:32 - 00017866 _____ () C:\Users\Emel\Desktop\FRST.txt
    2014-09-24 09:32 - 2014-09-24 09:32 - 00000000 ____D () C:\FRST
    2014-09-24 09:29 - 2013-11-27 13:20 - 00000000 ____D () C:\Users\Emel\Documents\Outlook Dosyaları
    2014-09-24 09:25 - 2013-11-28 12:45 - 00001026 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-09-24 09:25 - 2013-11-28 12:45 - 00001022 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-09-24 09:06 - 2014-09-24 09:06 - 00001351 _____ () C:\Users\Emel\Desktop\JRT.txt
    2014-09-24 09:06 - 2013-11-27 13:13 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4075898193-2291822166-3250366710-1001
    2014-09-24 09:04 - 2013-11-27 13:07 - 01768199 _____ () C:\Windows\WindowsUpdate.log
    2014-09-24 09:02 - 2013-11-27 14:28 - 05947392 ___SH () C:\Users\Emel\Desktop\Thumbs.db
    2014-09-24 09:00 - 2014-09-24 09:00 - 00000000 ____D () C:\Windows\ERUNT
    2014-09-24 09:00 - 2012-07-26 11:12 - 00000000 ____D () C:\Windows\system32\sru
    2014-09-24 08:57 - 2013-11-27 13:07 - 00000000 ____D () C:\Users\Emel\AppData\Local\Packages
    2014-09-24 08:50 - 2014-09-24 08:50 - 00006785 _____ () C:\Users\Emel\Desktop\AdwCleaner[S0].txt
    2014-09-24 08:48 - 2014-04-25 11:16 - 00000384 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job
    2014-09-24 08:48 - 2014-04-25 11:16 - 00000384 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job
    2014-09-24 08:48 - 2012-07-26 10:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-09-24 08:47 - 2014-02-21 22:19 - 00000000 ____D () C:\Users\Emel\AppData\Local\AVG SafeGuard toolbar
    2014-09-24 08:47 - 2013-11-27 13:03 - 00132130 _____ () C:\Windows\PFRO.log
    2014-09-24 08:45 - 2014-09-24 08:41 - 00000000 ____D () C:\AdwCleaner
    2014-09-23 18:17 - 2014-09-02 14:26 - 00005036 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Asus-Emel Asus
    2014-09-23 16:20 - 2013-11-28 14:15 - 00000934 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4075898193-2291822166-3250366710-1001UA.job
    2014-09-23 14:15 - 2014-09-23 14:15 - 00000000 ____D () C:\Users\Emel\EgaApi
    2014-09-23 14:15 - 2013-11-27 13:07 - 00000000 ____D () C:\Users\Emel
    2014-09-23 14:04 - 2013-11-28 17:23 - 00000000 ____D () C:\Users\Emel\AppData\Local\Deployment
    2014-09-23 13:55 - 2014-09-23 13:55 - 02105856 _____ (Farbar) C:\Users\Emel\Desktop\FRST64.exe
    2014-09-23 13:55 - 2014-09-23 13:55 - 01024790 _____ (Thisisu) C:\Users\Emel\Desktop\JRT.exe
    2014-09-23 13:55 - 2014-09-23 13:54 - 01373475 _____ () C:\Users\Emel\Desktop\adwcleaner_3.310.exe
    2014-09-23 13:20 - 2013-11-28 14:15 - 00000912 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4075898193-2291822166-3250366710-1001Core.job
    2014-09-23 10:27 - 2014-01-22 15:32 - 00167368 _____ () C:\Users\Emel\Desktop\İHALE SONUÇLARI.xlsx
    2014-09-23 10:25 - 2014-02-04 18:25 - 00078004 _____ () C:\Users\Emel\Documents\gpfax.adr
    2014-09-23 10:25 - 2014-02-04 18:25 - 00000624 _____ () C:\Users\Emel\Documents\gpfax.idx
    2014-09-23 08:46 - 2012-07-26 10:59 - 00000000 ____D () C:\Windows\CbsTemp
    2014-09-22 20:33 - 2012-07-26 13:03 - 00711712 _____ () C:\Windows\system32\perfh01F.dat
    2014-09-22 20:33 - 2012-07-26 13:03 - 00146728 _____ () C:\Windows\system32\perfc01F.dat
    2014-09-22 20:33 - 2012-07-26 10:28 - 01697282 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-09-22 15:37 - 2013-11-28 17:23 - 00000000 ____D () C:\Users\Emel\AppData\Local\Apps\2.0
    2014-09-22 15:16 - 2013-12-19 16:43 - 00018432 ___SH () C:\Users\Emel\Documents\Thumbs.db
    2014-09-22 10:48 - 2012-07-26 08:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
    2014-09-22 10:29 - 2014-09-22 10:29 - 00028439 _____ () C:\ComboFix.txt
    2014-09-22 10:29 - 2014-09-22 09:46 - 00000000 ____D () C:\Qoobox
    2014-09-22 10:29 - 2012-07-26 08:37 - 00000000 __RHD () C:\Users\Default
    2014-09-22 10:23 - 2014-09-22 09:45 - 00000000 ____D () C:\Windows\erdnt
    2014-09-22 10:21 - 2012-07-26 08:26 - 00000215 _____ () C:\Windows\system.ini
    2014-09-22 10:18 - 2012-07-26 08:26 - 81002496 _____ () C:\Windows\system32\config\SOFTWARE.bak
    2014-09-22 10:18 - 2012-07-26 08:26 - 16777216 _____ () C:\Windows\system32\config\SYSTEM.bak
    2014-09-22 10:18 - 2012-07-26 08:26 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
    2014-09-22 10:18 - 2012-07-26 08:26 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
    2014-09-22 10:18 - 2012-07-26 08:26 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
    2014-09-22 02:08 - 2014-09-22 02:08 - 00285683 _____ () C:\Users\Emel\Desktop\LİMA STOK.xlsx
    2014-09-21 13:43 - 2012-07-26 10:21 - 00064334 _____ () C:\Windows\setupact.log
    2014-09-20 09:33 - 2014-04-15 10:46 - 00000000 ____D () C:\Users\Emel\AppData\Local\CrashDumps
    2014-09-19 10:56 - 2014-05-21 13:20 - 00000000 ____D () C:\Program Files (x86)\Labeljoy 5
    2014-09-19 10:12 - 2014-09-19 09:21 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-09-18 18:30 - 2013-11-27 13:28 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2014-09-18 18:26 - 2014-09-18 18:26 - 00033512 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2014-09-18 12:18 - 2012-07-26 11:12 - 00000000 ____D () C:\Windows\rescache
    2014-09-18 11:25 - 2014-09-18 11:25 - 00006835 _____ () C:\Users\Emel\Documents\DokumaninIndirildigineIliskinForm3.html
    2014-09-18 11:25 - 2014-09-18 11:24 - 05733513 _____ () C:\Users\Emel\Documents\ihale_dokumani_2014_109257.zip
    2014-09-18 11:20 - 2014-09-18 11:20 - 00006829 _____ () C:\Users\Emel\Documents\DokumaninIndirildigineIliskinForm1.html
    2014-09-18 11:20 - 2014-09-18 11:19 - 05990206 _____ () C:\Users\Emel\Documents\ihale_dokumani_2014_109585.zip
    2014-09-18 11:17 - 2014-09-18 11:17 - 00006821 _____ () C:\Users\Emel\Documents\DokumaninIndirildigineIliskinForm.html
    2014-09-18 08:57 - 2014-09-18 08:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-09-18 08:35 - 2014-09-17 16:11 - 00024415 _____ () C:\Users\Emel\Desktop\Standart İhale Evrakları.xlsx
    2014-09-17 10:43 - 2014-09-17 10:43 - 00033512 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
    2014-09-17 10:43 - 2014-09-17 10:43 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-09-16 15:57 - 2014-09-16 15:57 - 00001130 _____ () C:\Users\Emel\Documents\ihale_dokumani_2014_100341.zip
    2014-09-16 12:11 - 2014-09-12 10:52 - 01801790 _____ () C:\Users\Emel\Desktop\Lima Sagl_k Teklif Sablonu.xlsx
    2014-09-16 10:24 - 2012-07-26 11:12 - 00000000 ____D () C:\Windows\AUInstallAgent
    2014-09-16 10:16 - 2014-09-16 10:16 - 03632135 _____ () C:\Users\Emel\Documents\ihale_dokumani_2014_92408.zip
    2014-09-15 09:42 - 2014-09-12 16:52 - 00000000 ____D () C:\ProgramData\Nero
    2014-09-15 09:34 - 2014-07-25 15:54 - 00000000 ___RD () C:\Users\Emel\YandexDisk
    2014-09-15 09:26 - 2014-07-16 08:46 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-09-15 09:26 - 2012-07-26 11:12 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-09-12 20:55 - 2014-09-12 20:55 - 00039087 _____ () C:\Users\Emel\Documents\UDF1.nru
    2014-09-12 20:40 - 2014-09-12 20:40 - 00000000 ____D () C:\Users\Emel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.Disk
    2014-09-12 18:24 - 2014-09-12 18:24 - 00035869 _____ () C:\Users\Emel\Documents\KarışıkMod1.nrm
    2014-09-12 17:34 - 2014-09-12 16:56 - 00000000 ____D () C:\Users\Emel\AppData\Roaming\Nero
    2014-09-12 16:05 - 2014-09-12 16:05 - 00012750 _____ () C:\Users\Emel\Desktop\trek otw ubb.xlsx
    2014-09-12 12:09 - 2014-09-12 12:09 - 00000685 _____ () C:\Users\Emel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ipscan23.lnk
    2014-09-12 12:06 - 2014-02-25 19:33 - 00000000 ____D () C:\Users\Emel\olesa
    2014-09-12 11:37 - 2014-09-12 11:37 - 00000497 _____ () C:\Users\Emel\Desktop\Elements.lnk
    2014-09-10 15:32 - 2013-11-28 13:50 - 00000000 ____D () C:\Windows\system32\MRT
    2014-09-10 15:12 - 2013-11-28 13:50 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-09-08 11:12 - 2013-11-27 15:02 - 00000000 ____D () C:\Users\Emel\EMEL
    2014-09-06 13:59 - 2014-08-20 11:54 - 00000000 ____D () C:\Users\Emel\AppData\Local\EvernoteNW
    2014-09-05 01:36 - 2014-09-10 14:57 - 00755712 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-09-04 09:46 - 2014-09-04 09:45 - 00000873 _____ () C:\Users\Emel\Desktop\LTD ŞTİ.lnk
    2014-09-04 09:42 - 2014-09-04 09:42 - 00000851 _____ () C:\Users\Emel\Desktop\GoPlus.lnk
    2014-09-03 04:49 - 2014-09-10 14:57 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-09-02 22:32 - 2014-08-17 22:17 - 00705480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-09-02 22:32 - 2014-08-17 22:17 - 00104904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-09-02 11:23 - 2014-07-16 11:11 - 00317680 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-08-29 15:45 - 2014-04-06 00:02 - 00000000 ____D () C:\Users\Emel\AppData\Roaming\HpUpdate
    2014-08-28 14:34 - 2014-09-10 14:57 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2014-08-28 09:05 - 2014-09-10 14:57 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2014-08-28 09:05 - 2014-09-10 14:57 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2014-08-28 09:05 - 2014-09-10 14:57 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2014-08-28 09:05 - 2014-09-10 14:57 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2014-08-28 09:02 - 2014-09-10 14:57 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2014-08-28 09:01 - 2014-09-10 14:57 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2014-08-28 09:01 - 2014-09-10 14:57 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2014-08-28 09:01 - 2014-09-10 14:57 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2014-08-28 09:01 - 2014-09-10 14:57 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
    2014-08-28 09:01 - 2014-09-10 14:57 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
    2014-08-28 09:01 - 2014-09-10 14:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2014-08-28 09:01 - 2014-09-10 14:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2014-08-28 09:01 - 2014-09-10 14:57 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
    2014-08-27 10:58 - 2014-08-27 10:58 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
    2014-08-26 09:24 - 2013-11-27 13:13 - 00000000 ____D () C:\Program Files\Microsoft Office 15

    Files to move or delete:
    ====================
    C:\Users\Emel\3Dsubtitler.exe


    Some content of TEMP:
    ====================
    C:\Users\Emel\AppData\Local\temp\avgnt.exe
    C:\Users\Emel\AppData\Local\temp\pkcs11wrapper.dll
    C:\Users\Emel\AppData\Local\temp\pkcs11wrapper_x32_131.dll
    C:\Users\Emel\AppData\Local\temp\pkcs11wrapper_x32_17.dll
    C:\Users\Emel\AppData\Local\temp\pkcs11wrapper_x32_192.dll
    C:\Users\Emel\AppData\Local\temp\pkcs11wrapper_x32_22.dll
    C:\Users\Emel\AppData\Local\temp\pkcs11wrapper_x32_24.dll
    C:\Users\Emel\AppData\Local\temp\Quarantine.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-09-16 12:45

    ==================== End Of Log ============================
     
  11. Emel*

    Emel* TS Rookie Topic Starter

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-09-2014 01
    Ran by Emel at 2014-09-24 09:34:23
    Running from C:\Users\Emel\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.)
    4K Video Downloader 3.4 (HKLM-x32\...\4K Video Downloader_is1) (Version: 3.4.0.1400 - Open Media LLC)
    64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
    ACR38/100/122 PC/SC Driver 1.1.2.0 (HKLM\...\{155796AE-16D0-45D2-8939-6AE3AD67147B}) (Version: 1.1.2 - Advanced Card Systems Ltd.)
    Adobe Reader XI (11.0.09) - Turkish (HKLM-x32\...\{AC76BA86-7AD7-1055-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
    Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
    AKIS Yonetici (1.45) (HKLM-x32\...\{2510D83C-5158-4A14-B93B-8674404EFB85}) (Version: 1.45 - Şirketinizin Adı)
    Altyazı Düzenleme (HKCU\...\7cc2423405cdd089) (Version: 1.0.0.1 - Altyazı Düzenleme)
    ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.5 - ASUS)
    ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.9 - ASUS)
    ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.7 - ASUS)
    ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.5 - ASUS)
    ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0018 - ASUS)
    ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
    ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.26 - ASUS)
    ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0025 - ASUS)
    Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
    calibre 64bit (HKLM\...\{D26251F6-17ED-41B6-9FE2-9097FDD2E760}) (Version: 1.46.0 - Kovid Goyal)
    Canon MF Toolbox 4.9.1.1.mf16 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf16 - CANON INC.)
    Canon MF4700 Series (HKLM\...\{47A8DB42-4E21-4d55-9931-D4F44CC3F03B}) (Version: 4.1.0.1 - CANON INC.)
    CardOS API (HKLM-x32\...\{A096AD5E-C135-42DF-9FFC-A056A94DE778}) (Version: 3.2.007 - Siemens)
    CardOS API (x32 Version: 3.2.007 - Siemens) Hidden
    CM Installer (HKLM-x32\...\{E8F42777-958D-4C14-9A42-8DCA1929FD26}) (Version: 1.0.0.0 - Cyanogen Inc.)
    Corel PaintShop Pro X5 (HKLM-x32\...\_{1563C6F2-E9B5-42DE-9EA6-207C9A8C2DFB}) (Version: 15.1.0.10 - Corel Corporation)
    Corel PaintShop Pro X5 (x32 Version: 15.1.0.10 - Corel Corporation) Hidden
    DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
    EDost (HKCU\...\e25d0a4324a9af8d) (Version: 3.2.0.115 - E-Tuğra EBG Bilişim Teknolojileri ve Hizmetleri A.Ş.)
    ePUBee DRM Removal (HKLM-x32\...\ePUBee DRM Removal) (Version: 3.0.5.1 - ePUBee Inc.)
    Evernote v. 5.5.3 (HKLM-x32\...\{B1A0F908-1448-11E4-8684-00163E98E7D0}) (Version: 5.5.3.4236 - Evernote Corp.)
    Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
    Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
    Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.2.75.126 - Foxit Corporation)
    Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.4.217 - Foxit Corporation)
    Free YouTube Download version 3.2.42.716 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.42.716 - DVDVideoSoft Ltd.)
    GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
    GemPcCCID (HKLM\...\{7567A068-2F02-40D1-A34C-16D79ECD35A6}) (Version: 2.0.1 - Gemalto)
    GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
    HP Deskjet Ink Adv 2060 K110 Temel Aygıt Yazılımı (HKLM\...\{0D0D2DDE-DD9F-4156-8720-5DAE9119483D}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
    HP Deskjet Ink Adv 2060 K110 Ürün Geliştirme Çalışması (HKLM\...\{C48421F7-C53E-4652-B31B-4759F645236C}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
    HP Deskjet Ink Adv 2060 K110 Yardım (HKLM-x32\...\{261A4762-744B-4C71-81D2-57FA5038DC7B}) (Version: 140.0.2.2 - Hewlett Packard)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
    HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
    ICA (x32 Version: 15.1.0.10 - Corel Corporation) Hidden
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
    Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
    IPM_PSP_COM (x32 Version: 15.1.0.10 - Corel Corporation) Hidden
    Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
    Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
    Java(TM) 6 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416025FF}) (Version: 6.0.250 - Oracle)
    JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
    KIK İhale Bildirimi (HKCU\...\d49428f24d4ca188) (Version: 2.3.0.2 - HÜAP)
    Labeljoy 5 (HKLM-x32\...\{50BC64A3-7051-4677-B49C-19D303F10350}) (Version: 5 - eDisplay)
    Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
    Microsoft Office Ev ve İş 2013 - tr-tr (HKLM\...\HomeBusinessRetail - tr-tr) (Version: 15.0.4641.1003 - Microsoft Corporation)
    Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4029.0217 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
    neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
    Net iD 4.4 (HKLM-x32\...\Net iD) (Version: - )
    NVIDIA Denetim Masası 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
    NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
    NVIDIA Grafik Sürücüsü 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
    NVIDIA Güncelleştirmeleri 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
    NVIDIA HD Ses Sürücüsü 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
    NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
    NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
    NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
    NVIDIA Optimus Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
    NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
    NVIDIA PhysX Sistem Yazılımı 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
    NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
    NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
    NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
    OMNIKEY 3x21 PC/SC Driver (HKLM-x32\...\{62B8D8A1-D4A9-43D7-BC85-450FFC7644B7}) (Version: 3.0.1.0 - HID Global GmbH)
    Palma 2.0 sürümü (HKLM-x32\...\{6C421E25-792D-4CBE-8F73-DB1A25C0747C}_is1) (Version: 2.0 - TurkTrust)
    PCL Printer Driver Uninstaller (HKLM\...\PCL Printer Driver) (Version: 5, 4, 0, 0 - Canon Inc.)
    Pkcs11WrapperSetup64 (HKLM\...\{366A8FB2-549C-467F-A8BB-61426020F429}) (Version: 1.0.0 - E-Tuğra EBG Bilişim Teknolojileri ve Hizmetleri A.Ş.)
    PSPPContent (x32 Version: 15.1.0.10 - Corel Corporation) Hidden
    PSPPHelp (x32 Version: 15.1.0.10 - Corel Corporation) Hidden
    PSPPro64 (Version: 15.1.0.10 - Corel Corporation) Hidden
    REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.744.744.052913 - REALTEK Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6937 - Realtek Semiconductor Corp.)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.9200.27030 - Realtek Semiconductor Corp.)
    SafeSign (HKLM\...\{2DF407D3-A8AD-4ACF-BFD5-5F7D42EC62FD}) (Version: 3.0.76 - A.E.T. Europe B.V.)
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.4.0 - SAMSUNG Electronics Co., Ltd.)
    Setup (x32 Version: 15.1.0.10 - Corel Corporation) Hidden
    SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
    Subtitle Workshop 2.51 (HKLM-x32\...\SubtitleWorkshop) (Version: - )
    The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts)
    VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
    Windows Sürücü Paketi - ACS (A38CCID) SmartCardReader (12/16/2009 1.1.6.5) (HKLM\...\F02CC611741E33C64CDEAEEE2C7A46E41719B2CC) (Version: 12/16/2009 1.1.6.5 - ACS)
    Windows Sürücü Paketi - ACS (ACR122U) SmartCardReader (12/16/2009 1.1.6.3) (HKLM\...\A9B944A9EADA685F103858C6923BF5DD8E127C2C) (Version: 12/16/2009 1.1.6.3 - ACS)
    Windows Sürücü Paketi - ACS (ACSSCR) SmartCardReader (12/15/2009 1.1.6.2) (HKLM\...\0942775975678D6CC510D2C2F022CD956CCF177E) (Version: 12/15/2009 1.1.6.2 - ACS)
    Windows Sürücü Paketi - ASUS (ATP) Mouse (09/17/2013 1.0.0.186) (HKLM\...\D9E691DCEE7D3B9B7C62A7F5C2EAABBB9335DC9A) (Version: 09/17/2013 1.0.0.186 - ASUS)
    WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
    Yandex.Disk (HKCU\...\YandexDisk) (Version: 1.2.7.4608 - Yandex)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-4075898193-2291822166-3250366710-1001_Classes\CLSID\{19170A69-A883-40D5-AF97-F6DC41495F15}\InprocServer32 -> C:\Users\Emel\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4602.dll ()
    CustomCLSID: HKU\S-1-5-21-4075898193-2291822166-3250366710-1001_Classes\CLSID\{2D6BD2F0-5F84-4a06-924F-AEE0598B6272}\InprocServer32 -> C:\Users\Emel\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4602.dll ()
    CustomCLSID: HKU\S-1-5-21-4075898193-2291822166-3250366710-1001_Classes\CLSID\{33A431BB-FF15-4047-8FEC-F82FD3523A00}\localserver32 -> C:\Users\Emel\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe ()
    CustomCLSID: HKU\S-1-5-21-4075898193-2291822166-3250366710-1001_Classes\CLSID\{97836AB9-12C5-4C30-A128-B75196DD1787}\InprocServer32 -> C:\Users\Emel\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4602.dll ()
    CustomCLSID: HKU\S-1-5-21-4075898193-2291822166-3250366710-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Emel\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4075898193-2291822166-3250366710-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Emel\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4075898193-2291822166-3250366710-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Emel\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4075898193-2291822166-3250366710-1001_Classes\CLSID\{E36606FE-036A-4dd0-ABA9-A58F409803F0}\InprocServer32 -> C:\Users\Emel\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4602.dll ()
    CustomCLSID: HKU\S-1-5-21-4075898193-2291822166-3250366710-1001_Classes\CLSID\{ECF41531-0840-4361-955F-1157A091842F}\InprocServer32 -> C:\Users\Emel\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4602.dll ()
    CustomCLSID: HKU\S-1-5-21-4075898193-2291822166-3250366710-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Emel\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4075898193-2291822166-3250366710-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Emel\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\FileSyncApi64.dll (Microsoft Corporation)

    ==================== Restore Points =========================

    19-09-2014 06:15:38 Virüs
    22-09-2014 06:49:54 ComboFix created restore point

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2012-07-26 08:26 - 2014-09-22 10:07 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {09A390BB-B5F9-4703-AB9B-3EC326BDA8A7} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
    Task: {0ADBD853-48D9-42B3-8CD4-687EF4A48DD6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-09-10] (Microsoft Corporation)
    Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
    Task: {1EE388E4-8DB8-4316-B544-A109BFACC7DC} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-10-24] (ASUS)
    Task: {21C63F71-919B-41F9-8673-F9A3DF3E39DA} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
    Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
    Task: {4D2124D3-730F-42BB-86C1-D0F6226782DC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-28] (Google Inc.)
    Task: {5DBB5ACF-26E4-401C-93D0-C4E4499236D8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-28] (Google Inc.)
    Task: {70E393CD-3A23-49C9-8A0B-87ED9190B3BF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4075898193-2291822166-3250366710-1001UA => C:\Users\Emel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-28] (Facebook Inc.)
    Task: {8290C69A-5B3F-4214-97C5-B0BA95BEDB93} - System32\Tasks\HPCustParticipation HP Deskjet Ink Adv 2060 K110 => C:\Program Files\HP\HP Deskjet Ink Adv 2060 K110\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
    Task: {83F661BF-24FC-44E4-93E2-54A9CC1DC0F6} - System32\Tasks\AVG-Secure-Search-Update_0414c_rmv => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2014-04-25] ()
    Task: {8BC1D7E0-FE24-4B4C-8536-38EFF4E27064} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Asus-Emel Asus => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-08-26] (Microsoft Corporation)
    Task: {8C75429D-B2CE-4983-90A2-3019EB651E9C} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
    Task: {950B625B-B649-4040-87E5-1368141E20AC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4075898193-2291822166-3250366710-1001Core => C:\Users\Emel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-28] (Facebook Inc.)
    Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
    Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
    Task: {D2CCCAFC-0D15-4EE3-BDF8-8103FF0C79A3} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-01] (Microsoft Corporation)
    Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
    Task: {F0F266B6-79F9-4B31-BA57-96688B93C003} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-09-23] (AsusTek)
    Task: {FB0E010C-AC7A-4F16-BEE9-84557784A206} - System32\Tasks\AVG-Secure-Search-Update_0414c_rel => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2014-04-25] ()
    Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
    Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4075898193-2291822166-3250366710-1001Core.job => C:\Users\Emel\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4075898193-2291822166-3250366710-1001UA.job => C:\Users\Emel\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2013-04-08 14:32 - 2013-12-19 23:33 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
    2013-11-27 13:27 - 2013-12-19 21:53 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2014-04-16 13:20 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2012-08-24 18:26 - 2012-08-24 18:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
    2014-04-25 11:16 - 2014-04-25 11:16 - 02725912 _____ () C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
    2014-07-25 15:53 - 2014-06-26 01:32 - 01300768 _____ () C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll
    2014-07-25 16:22 - 2014-07-25 16:22 - 00436576 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
    2014-07-25 16:22 - 2014-07-25 16:22 - 00318304 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
    2013-11-28 16:06 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
    2014-06-17 09:10 - 2014-06-17 09:10 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
    2013-04-08 14:32 - 2013-12-19 23:33 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
    2014-08-26 09:16 - 2014-08-26 09:19 - 01032352 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll
    2014-09-12 20:40 - 2014-08-28 00:06 - 00923424 _____ () C:\Users\Emel\AppData\Roaming\Yandex\YandexDisk\wow64\YandexDiskShellExt-4602.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\StartupFolder: => "CardOS API.lnk"
    HKLM\...\StartupApproved\Run32: => "Adobe ARM"
    HKLM\...\StartupApproved\Run32: => "AKISYukle"
    HKLM\...\StartupApproved\Run32: => "Net iD"
    HKCU\...\StartupApproved\Run: => "uTorrent"
    HKCU\...\StartupApproved\Run: => "Facebook Update"
    HKCU\...\StartupApproved\Run: => "AkisSIL.exe"
    HKCU\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_DCBD1231C63BF0E76FC0BA0227F92F49"
    HKCU\...\StartupApproved\Run: => "DAEMON Tools Lite"

    ==================== Faulty Device Manager Devices =============

    Name: HP LaserJet Professional M1212nf MFP
    Description: HP LaserJet Professional M1212nf MFP
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: Hewlett-Packard
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: HP LaserJet 200 colorMFP M276nw
    Description: HP LaserJet 200 colorMFP M276nw
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: Hewlett-Packard
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: HP LaserJet Pro MFP M127fw
    Description: HP LaserJet Pro MFP M127fw
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: Hewlett-Packard
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2014-09-22 10:06:05.981
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-3537U CPU @ 2.00GHz
    Percentage of memory in use: 20%
    Total physical RAM: 8077.68 MB
    Available physical RAM: 6403.36 MB
    Total Pagefile: 10253.68 MB
    Available Pagefile: 8552.48 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.78 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:292.63 GB) (Free:213.72 GB) NTFS
    Drive d: (Yeni Birim) (Fixed) (Total:638.54 GB) (Free:558.69 GB) NTFS
    Drive g: () (Removable) (Total:3.71 GB) (Free:3.71 GB) FAT32
    Drive l: () (Network) (Total:443.18 GB) (Free:85.43 GB) NTFS
    Drive z: () (Network) (Total:1862.98 GB) (Free:1839.88 GB)

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2BFB4DC8)
    Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=292.6 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=638.5 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================
     
  12. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  13. Emel*

    Emel* TS Rookie Topic Starter

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-09-2014
    Ran by Emel at 2014-09-25 09:13:15 Run:1
    Running from C:\Users\Emel\Desktop
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKLM-x32\...\Run: [] => [X]
    Winlogon\Notify\ScCertProp: wlnotify.dll [X]
    S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]
    S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    S3 mdareDriver_43; \??\C:\Program Files (x86)\Fortinet\FortiClient\mdare64_43.sys [X]
    C:\Users\Emel\3Dsubtitler.exe
    C:\Users\Emel\AppData\Local\temp\avgnt.exe
    C:\Users\Emel\AppData\Local\temp\pkcs11wrapper.dll
    C:\Users\Emel\AppData\Local\temp\pkcs11wrapper_x32_131.dll
    C:\Users\Emel\AppData\Local\temp\pkcs11wrapper_x32_17.dll
    C:\Users\Emel\AppData\Local\temp\pkcs11wrapper_x32_192.dll
    C:\Users\Emel\AppData\Local\temp\pkcs11wrapper_x32_22.dll
    C:\Users\Emel\AppData\Local\temp\pkcs11wrapper_x32_24.dll
    C:\Users\Emel\AppData\Local\temp\Quarantine.exe


    *****************

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp" => Key deleted successfully.
    Nero BackItUp Scheduler 4.0 => Service deleted successfully.
    vToolbarUpdater18.1.9 => Service deleted successfully.
    catchme => Service deleted successfully.
    MBAMSwissArmy => Service deleted successfully.
    mdareDriver_43 => Service deleted successfully.
    C:\Users\Emel\3Dsubtitler.exe => Moved successfully.
    C:\Users\Emel\AppData\Local\temp\avgnt.exe => Moved successfully.
    C:\Users\Emel\AppData\Local\temp\pkcs11wrapper.dll => Moved successfully.
    C:\Users\Emel\AppData\Local\temp\pkcs11wrapper_x32_131.dll => Moved successfully.
    C:\Users\Emel\AppData\Local\temp\pkcs11wrapper_x32_17.dll => Moved successfully.
    C:\Users\Emel\AppData\Local\temp\pkcs11wrapper_x32_192.dll => Moved successfully.
    C:\Users\Emel\AppData\Local\temp\pkcs11wrapper_x32_22.dll => Moved successfully.
    C:\Users\Emel\AppData\Local\temp\pkcs11wrapper_x32_24.dll => Moved successfully.
    C:\Users\Emel\AppData\Local\temp\Quarantine.exe => Moved successfully.

    ==== End of Fixlog ====
     
  14. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    How is computer doing?

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Internet Explorer users - Click on this link to open ESET OnlineScan.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on ESET Smart Installer to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the [img=[url]http://www.bleepstatic.com/fhost/uploads/0/esetsmartinstaller_enu.png][/url] icon on your desktop.
    • Check "YES, I accept the Terms of Use."
    • Click the Start button.
    • Accept any security warnings from your browser.[/*]
    • Check "Enable detection of potentially unwanted applications".
    • Click Advanced settings and make sure all 4 boxes are checkmarked (two of them are already checkmarked by default).
      Do NOT checkmark "Use custom proxy settings"
    • Click the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click List Threats[/*]
    • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Click the Back button.
    • Click the Finish button.
     
  15. Emel*

    Emel* TS Rookie Topic Starter

    Results of screen317's Security Check version 0.99.87
    x64 (UAC is enabled)
    Internet Explorer 10 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Firewall Disabled!
    Avira Desktop
    Windows Defender
    Antivirus up to date! (On Access scanning disabled!)
    `````````Anti-malware/Other Utilities Check:`````````
    JavaFX 2.1.1
    Java 7 Update 51
    Java version out of Date!
    Adobe Reader XI
    Google Chrome 37.0.2062.120
    Google Chrome 37.0.2062.124
    Google Chrome Plugins...
    ````````Process Check: objlist.exe by Laurent````````
    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````


    Farbar Service Scanner Version: 21-07-2014
    Ran by Emel (administrator) on 26-09-2014 at 18:21:40
    Running from "C:\Users\Emel\Downloads"
    Microsoft Windows 8 Pro (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is OK.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****

    I couldnt get the ESETScan file, the others are posted above.
    Thank you,
     
  16. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Nothing found or....?

    Update your Java version here: http://www.java.com/en/download/manual.jsp
    Alternate download: http://www.filehippo.com/search?q=java

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

    Note 3: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.
     
  17. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Still with me?
     
  18. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    This topic is marked as abandoned and closed due to inactivity.

    This member will NOT be eligible to receive any more help in malware removal forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...