Inactive-A Bitcoinminer.exe infected msupdate71/dwm.exe

Status
Not open for further replies.

Emel*

Posts: 9   +0
Hi,

My laptop is infected with TR/Bitcoinminer.exe, I searched forum pages and find someone like me but I dont want to follow the steps without asking you. I have Avira Antivirus installed but in every 5 minutes a pop up opens and gives security warning for infected dwm.exe. My system info is below, I would be very appreciate if you could help me.

Windows 8 Pro x64
Intel Core i7-3537U CPU
8,00 GB Ram
Avira Antivirus 14.0.6.570
 
Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Step 1 MBAM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 18.9.2014
Scan Time: 09:02:14
Logfile: mam.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.18.01
Rootkit Database: v2014.09.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: Emel

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 355831
Time Elapsed: 32 min, 2 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-4075898193-2291822166-3250366710-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nikpibnbobmbdbheedjfogjlikpgpnhp, Delete-on-Reboot, [35e46887b2c9c1750b740ff2cf34ee12],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Step 2 DDS
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.51.2
Run by Emel at 10:52:06 on 2014-09-18
Microsoft Windows 8 Pro 6.2.9200.0.1254.90.1055.18.8078.4843 [GMT 3:00]
.
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
C:\Windows\system32\AdminService.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
C:\Windows\system32\taskhostex.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\aetcrss1.exe
C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Users\Emel\AppData\Local\Akamai\netsession_win.exe
C:\Users\Emel\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Windows\sysWow64\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: DVDVideoSoft IE Extension: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll
uRun: [Facebook Update] "C:\Users\Emel\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Akamai NetSession Interface] "C:\Users\Emel\AppData\Local\Akamai\netsession_win.exe"
uRun: [cykmswiqcx] wscript.exe //B "C:\Users\Emel\AppData\Local\Temp\cykmswiqcx.vbs"
uRun: [uTorrent] "C:\Users\Emel\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [AkisSIL.exe] D:\Palma\AkisSIL.exe
uRun: [AVG-Secure-Search-Update_0414c] "C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe" /PROMPT /CMPID=0414c
uRun: [GoogleChromeAutoLaunch_DCBD1231C63BF0E76FC0BA0227F92F49] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AKISYukle] "D:\Palma\AkisSertifikaYukleyici.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Net iD] C:\Windows\System32\iid.exe
StartupFolder: C:\Users\Emel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\Emel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITR~1.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\CARDOS~1.LNK - C:\Program Files\Siemens\CardOS API\bin\siecacst.exe
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
IE: Bu sayfayı kırp - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Görüntüyü kırp - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: kırp' - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: Seçimi kırp - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: URL - <no file>
IE: Yeni not - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: yi - <no file>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxp://titubb.titck.gov.tr/Reserved.ReportViewerWebControl.axd?Culture=1055&CultureOverrides=True&UICulture=1055&UICultureOverrides=True&ReportStack=1&ControlID=b00ffb180a08478ca289e1a520725be9&Mode=true&OpType=PrintCab&Arch=X86
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2D768DA1-BDA1-48C4-A495-35568B738E5B} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2D768DA1-BDA1-48C4-A495-35568B738E5B}\07F6C69637566796 : DHCPNameServer = 37.220.8.189 37.220.8.190
TCP: Interfaces\{2D768DA1-BDA1-48C4-A495-35568B738E5B}\45F607C616E64796F5F646163796 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{2D768DA1-BDA1-48C4-A495-35568B738E5B}\C496D61613 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2D768DA1-BDA1-48C4-A495-35568B738E5B}\E45627F6D65646 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{2D768DA1-BDA1-48C4-A495-35568B738E5B}\E4F4B4941402C457D696160213332303F533131353 : DHCPNameServer = 192.168.137.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: DVDVideoSoft IE Extension: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [CertificateRegistration] aetcrss1.exe
x64-Run: [MFNetworkScanUtility] C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html
x64-IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2013-11-28 647736]
R0 nvpciflt;nvpciflt;C:\Windows\System32\Drivers\nvpciflt.sys [2014-1-8 32544]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 avgtp;avgtp;C:\Windows\System32\Drivers\avgtpx64.sys [2014-2-21 50976]
R1 avkmgr;avkmgr;C:\Windows\System32\Drivers\avkmgr.sys [2013-11-27 28600]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\Drivers\dtsoftbus01.sys [2014-8-22 283064]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 avgntflt;avgntflt;C:\Windows\System32\Drivers\avgntflt.sys [2013-11-27 117712]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\Drivers\AiCharger.sys [2012-9-18 17152]
R3 ATP;ASUS Input Device;C:\Windows\System32\Drivers\AsusTP.sys [2013-9-23 70416]
R3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2012-8-29 565760]
R3 BthLEEnum;Bluetooth Düşük Enerji Sürücüsü;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]
R3 HIDSwitch;ASUS Wireless Radio Control;C:\Windows\System32\Drivers\AsHIDSwitch64.sys [2013-10-9 20280]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2014-9-18 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\Drivers\MBAMSwissArmy.sys [2014-9-18 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\Drivers\mwac.sys [2014-9-18 64216]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\Drivers\nvvad64v.sys [2014-1-8 39200]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\Drivers\RtsBaStor.sys [2013-11-28 298640]
R3 RTL8168;Realtek 8168 NT Sürücüsü;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
R3 WSDScan;WSD Tarama DesteğI;C:\Windows\System32\Drivers\WSDScan.sys [2013-11-28 23552]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
S3 A38CCID;CCID USB Smart Card Reader;C:\Windows\System32\Drivers\a38ccid.sys [2014-3-24 62592]
S3 cxbu0x64;OMNIKEY 6121;C:\Windows\System32\Drivers\cxbu0x64.sys [2013-8-19 143360]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudbus.sys [2014-1-22 108800]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudmdm.sys [2014-1-22 206080]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\Drivers\taphss6.sys [2014-3-19 42184]
S3 vmbusr;Sanal Makine Veri Yolu Sağlayıcısı;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248]
.
=============== Created Last 30 ================
.
2014-09-18 05:58:26 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-18 05:57:59 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-09-18 05:57:59 64216 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-09-18 05:57:59 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-09-18 05:57:59 -------- d-----w- C:\ProgramData\Malwarebytes
2014-09-18 05:57:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-17 07:43:38 33512 ----a-w- C:\Windows\SysWow64\drivers\TrueSight.sys
2014-09-17 07:43:36 -------- d-----w- C:\ProgramData\RogueKiller
2014-09-16 12:56:05 -------- d-----w- C:\Users\Emel\EgaApi
2014-09-12 14:30:59 1868128 ----a-w- C:\Windows\SysWow64\d3dcsx_43.dll
2014-09-12 14:30:58 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2014-09-12 13:52:58 -------- d-----w- C:\ProgramData\Nero
2014-09-11 05:52:14 305832 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10246.bin
2014-09-10 12:34:03 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-10 12:34:02 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-10 11:58:06 1287680 ----a-w- C:\Windows\System32\schedsvc.dll
2014-09-10 11:56:54 26218496 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2014-09-10 11:56:48 25479168 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2014-09-10 11:56:34 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-09-10 11:56:33 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-08-28 06:04:54 4036096 ----a-w- C:\Windows\System32\win32k.sys
2014-08-27 07:58:24 -------- d-----w- C:\Program Files (x86)\AVG Security Toolbar
2014-08-27 07:58:16 -------- d-----w- C:\ProgramData\Avg_Update_0814tb
2014-08-22 14:17:07 447752 ----a-r- C:\Windows\SysWow64\vp6vfw.dll
2014-08-22 14:17:03 -------- d-----w- C:\Program Files (x86)\Microsoft WSE
2014-08-22 14:16:41 3977496 ----a-w- C:\Windows\System32\d3dx9_31.dll
2014-08-22 14:16:41 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll
2014-08-22 14:04:22 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2014-08-22 14:04:13 -------- d-----w- C:\Users\Emel\AppData\Roaming\DAEMON Tools Lite
2014-08-22 14:04:07 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2014-08-22 14:03:55 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2014-08-20 08:54:25 -------- d-----w- C:\Users\Emel\AppData\Local\EvernoteNW
2014-08-20 06:04:29 11319200 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0F831CEC-5AB4-43F7-9B27-F41312877C93}\mpengine.dll
2014-08-19 09:30:56 11319200 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
.
==================== Find3M ====================
.
2014-09-04 22:36:35 755712 ----a-w- C:\Windows\System32\aepdu.dll
2014-09-03 01:49:12 556544 ----a-w- C:\Windows\System32\aeinv.dll
2014-09-02 19:32:27 705480 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-02 19:32:27 104904 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-28 06:05:35 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
2014-08-28 06:05:17 86528 ----a-w- C:\Windows\SysWow64\wudriver.dll
2014-08-28 06:05:17 128000 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2014-08-28 06:02:15 40448 ----a-w- C:\Windows\System32\wuapp.exe
2014-08-28 06:01:45 253440 ----a-w- C:\Windows\System32\WUSettingsProvider.dll
2014-08-28 06:01:45 144384 ----a-w- C:\Windows\System32\wuwebv.dll
2014-08-28 06:01:45 100352 ----a-w- C:\Windows\System32\wudriver.dll
2014-08-28 06:01:44 17920 ----a-w- C:\Windows\System32\wuaext.dll
2014-08-28 06:01:44 1623552 ----a-w- C:\Windows\System32\wucltux.dll
2014-08-28 06:01:15 176640 ----a-w- C:\Windows\System32\storewuauth.dll
2014-08-16 09:34:19 2239488 ----a-w- C:\Windows\System32\wininet.dll
2014-08-16 09:34:10 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2014-08-16 09:32:57 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-16 09:32:05 1508864 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-16 07:37:20 1766400 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-08-16 07:36:19 2861568 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-16 07:35:44 1440768 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-12 08:27:45 50976 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2014-07-22 10:34:05 708168 ----a-w- C:\Windows\System32\drivers\WinUSBCoInstaller.dll
2014-07-22 10:34:05 1490656 ----a-w- C:\Windows\System32\drivers\WdfCoInstaller01007.dll
2014-07-15 23:03:48 1300992 ----a-w- C:\Windows\System32\gdi32.dll
2014-07-15 22:51:05 71168 ----a-w- C:\Windows\System32\drivers\hdaudbus.sys
2014-07-14 13:01:26 42040 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2014-07-14 13:01:22 117712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2014-07-12 02:36:04 1023488 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-06-30 22:42:56 394240 ----a-w- C:\Windows\System32\devinv.dll
2014-06-30 22:42:48 87552 ----a-w- C:\Windows\System32\aepic.dll
.
============= FINISH: 10:53:35,53 ===============
Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Pro
Boot Device: \Device\HarddiskVolume1
Install Date: 27.11.2013 12:07:09
System Uptime: 18.9.2014 10:26:31 (0 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | X550CC
Processor: Intel(R) Core(TM) i7-3537U CPU @ 2.00GHz | SOCKET 0 | 775/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 293 GiB total, 202,161 GiB free.
D: is FIXED (NTFS) - 639 GiB total, 535,488 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet Professional M1212nf MFP
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: Hewlett-Packard
Name: HP LaserJet Professional M1212nf MFP
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet 200 colorMFP M276nw
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: Hewlett-Packard
Name: HP LaserJet 200 colorMFP M276nw
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet Pro MFP M127fw
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer: Hewlett-Packard
Name: HP LaserJet Pro MFP M127fw
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:
.
==== System Restore Points ===================
.
RP51: 10.9.2014 15:11:38 - Windows Update
RP52: 12.9.2014 16:52:03 - Installed Nero 9 Essentials 4.4.9.0
RP53: 15.9.2014 09:40:13 - Removed Nero Burning ROM 2014.
.
==== Installed Programs ======================
.
4K Video Downloader 3.4
64 Bit HP CIO Components Installer
ACR38/100/122 PC/SC Driver 1.1.2.0
Adobe Reader XI (11.0.08) - Turkish
Akamai NetSession Interface
AKIS Yonetici (1.45)
Altyazı Düzenleme
ASUS InstantOn
ASUS LifeFrame3
ASUS Power4Gear Hybrid
ASUS Smart Gesture
ASUS Splendid Video Enhancement Technology
ASUS USB Charger Plus
ASUS Virtual Camera
ATK Package
µTorrent
AVG SafeGuard toolbar
Avira Free Antivirus
calibre 64bit
Canon MF Toolbox 4.9.1.1.mf16
Canon MF4700 Series
CardOS API
CM Installer
Corel PaintShop Pro X5
DAEMON Tools Lite
EDost
ePUBee DRM Removal
Evernote v. 5.5.3
Extended Asian Language font pack for Adobe Reader XI
Facebook Video Calling 3.1.0.521
Foxit Cloud
Foxit Reader
Free YouTube Download version 3.2.42.716
GeForce Experience NvStream Client Components
GemPcCCID
GIMP 2.8.10
Google Chrome
Google Update Helper
HP Deskjet Ink Adv 2060 K110 Ürün Geliştirme Çalışması
HP Deskjet Ink Adv 2060 K110 Temel Aygıt Yazılımı
HP Deskjet Ink Adv 2060 K110 Yardım
HP Photo Creations
HP Update
ICA
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel® Trusted Connect Service Client
IPM_PSP_COM
Java 7 Update 51
Java Auto Updater
Java(TM) 6 Update 25 (64-bit)
JavaFX 2.1.1
KIK İhale Bildirimi
Labeljoy 5
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64)
Microsoft Office Ev ve İş 2013 - tr-tr
Microsoft OneDrive
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
neroxml
Net iD 4.4
NVIDIA Denetim Masası 332.21
NVIDIA Güncelleştirmeleri 10.11.15
NVIDIA GeForce Experience 1.8.1
NVIDIA Grafik Sürücüsü 332.21
NVIDIA HD Ses Sürücüsü 1.3.30.1
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA Optimus Update 10.11.15
NVIDIA PhysX
NVIDIA PhysX Sistem Yazılımı 9.13.0725
NVIDIA ShadowPlay 10.11.15
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.19
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
OMNIKEY 3x21 PC/SC Driver
Palma 2.0 sürümü
PCL Printer Driver Uninstaller
Pkcs11WrapperSetup64
PSPPContent
PSPPHelp
PSPPro64
REALTEK Bluetooth Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
SafeSign
SAMSUNG USB Driver for Mobile Phones
Setup
SHIELD Streaming
Subtitle Workshop 2.51
The Sims™ 3
VLC media player 2.1.3
Windows Sürücü Paketi - ACS (A38CCID) SmartCardReader (12/16/2009 1.1.6.5)
Windows Sürücü Paketi - ACS (ACR122U) SmartCardReader (12/16/2009 1.1.6.3)
Windows Sürücü Paketi - ACS (ACSSCR) SmartCardReader (12/15/2009 1.1.6.2)
Windows Sürücü Paketi - ASUS (ATP) Mouse (09/17/2013 1.0.0.186)
WinRAR 5.00 (32-bit)
Yandex.Disk
.
==== End Of File ===========================
 
redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download http://www.imgdumper.nl/uploads6/51a5f31352f71/51a5f31352b88-icon_MBAR.png][/url][b][url=https://www.techspot.com/downloads/5603-malwarebytes-anti-rootkit.html][color=#0000FF]Malwarebytes Anti-Rootkit[/color][/url][/b] to your desktop.
[LIST]
[*][b][color=#FF0000]Warning![/color][/b] [I]Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.[/I]
[*]Double click on downloaded file. OK self extracting prompt.
[*]MBAR will start. Click "[b]Next[/b]" to continue.
[*]Click in the following screen "[b]Update[/b]" to obtain the latest malware definitions.
[*]Once the update is complete select "[b]Next[/b]" and click "[b]Scan[/b]".
[*]When the scan is finished and no malware has been found select "[b]Exit[/b]".
[*]If malware was detected, make sure to check all the items and click "[b]Cleanup[/b]". Reboot your computer.
[*]Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
[LIST]
[*][b]"mbar-log-[I]{date} (xx-xx-xx)[/I].txt"[/b]
[*][b]"system-log.txt"[/b]
[/LIST]
[/LIST]
 
RogueKiller V9.2.11.0 [Sep 9 2014] by Adlice Software
eposta : http://www.adlice.com/contact/
Geribesleme : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

İşletim Sistemi : Windows 8 (6.2.9200 ) 64 bits version
Zamanında başladı : Normal mod
Kullanıcı : Emel [Yönetici Hakları]
Mod : Tarama yap -- Tarih : 09/19/2014 08:57:52

¤¤¤ Kötü Niyetli İşlemler : 0 ¤¤¤

¤¤¤ Kayıt Defteri Girişleri : 26 ¤¤¤
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> BULUNDU
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> BULUNDU
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> BULUNDU
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> BULUNDU
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> BULUNDU
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> BULUNDU
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> BULUNDU
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> BULUNDU
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> BULUNDU
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> BULUNDU
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> BULUNDU
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> BULUNDU
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> BULUNDU
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> BULUNDU
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> BULUNDU
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> BULUNDU
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> BULUNDU
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> BULUNDU
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> BULUNDU
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> BULUNDU
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> BULUNDU
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> BULUNDU
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> BULUNDU
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> BULUNDU
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> BULUNDU
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> BULUNDU

¤¤¤ Planlanmış Görevler : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS Dosyası : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: YÜKLENMEDİ [0x20]) ¤¤¤

¤¤¤ Web Tarayıcıları : 0 ¤¤¤

¤¤¤ MBR Denetimi : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 1397381ecea692e90b693575a3af5456
[BSP] f3800c578bb41bc1a2a758cfa9ed6b9c : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 299650 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 614402048 | Size: 653866 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 394175a5441954ca4e19c0596027055d
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 8192 | Size: 3808 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] ?stek desteklenmiyor. )


============================================
RKreport_DEL_09172014_105516.log - RKreport_SCN_09172014_105355.log - RKreport_SCN_09182014_183521.log




RogueKiller V9.2.11.0 [Sep 9 2014] by Adlice Software
eposta : http://www.adlice.com/contact/
Geribesleme : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

İşletim Sistemi : Windows 8 (6.2.9200 ) 64 bits version
Zamanında başladı : Normal mod
Kullanıcı : Emel [Yönetici Hakları]
Mod : Temizle -- Tarih : 09/19/2014 09:07:09

¤¤¤ Kötü Niyetli İşlemler : 0 ¤¤¤

¤¤¤ Kayıt Defteri Girişleri : 26 ¤¤¤
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> SEÇİLMEDİ
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> SEÇİLMEDİ
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> SEÇİLMEDİ
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> SEÇİLMEDİ
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> SEÇİLMEDİ
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> SEÇİLMEDİ
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> SEÇİLMEDİ
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> SEÇİLMEDİ
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> SEÇİLMEDİ
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> SEÇİLMEDİ
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> SEÇİLMEDİ
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> SEÇİLMEDİ
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> SEÇİLMEDİ
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> SEÇİLMEDİ
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> SEÇİLMEDİ
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> SEÇİLMEDİ
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> SEÇİLMEDİ
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> SEÇİLMEDİ
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> SEÇİLMEDİ
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> SEÇİLMEDİ
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> SEÇİLMEDİ
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> SEÇİLMEDİ
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> SEÇİLMEDİ
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> SEÇİLMEDİ
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> SEÇİLMEDİ
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> SEÇİLMEDİ

¤¤¤ Planlanmış Görevler : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS Dosyası : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: YÜKLENMEDİ [0x20]) ¤¤¤

¤¤¤ Web Tarayıcıları : 0 ¤¤¤

¤¤¤ MBR Denetimi : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 1397381ecea692e90b693575a3af5456
[BSP] f3800c578bb41bc1a2a758cfa9ed6b9c : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 299650 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 614402048 | Size: 653866 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 394175a5441954ca4e19c0596027055d
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 8192 | Size: 3808 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] ?stek desteklenmiyor. )


============================================
RKreport_DEL_09172014_105516.log - RKreport_SCN_09172014_105355.log - RKreport_SCN_09182014_183521.log - RKreport_SCN_09192014_085752.log





Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.09.19.02

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.17088
Emel :: ASUS [administrator]

19.9.2014 09:23:01
mbar-log-2014-09-19 (09-23-01).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 360120
Time elapsed: 32 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.17088

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.494000 GHz
Memory total: 8470065152, free: 4057907200

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.17088

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.494000 GHz
Memory total: 8470065152, free: 4070170624

=======================================
Initializing...
Could not initialize database
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.17088

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.494000 GHz
Memory total: 8470065152, free: 4201594880

Downloaded database version: v2014.09.19.02
Downloaded database version: v2014.09.18.01
Initializing...
======================
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2BFB4DC8

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 716800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 718848 Numsec = 613683200

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 614402048 Numsec = 1339117568

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 0

Partition information:

Partition 0 type is Other (0xb)
Partition is NOT ACTIVE.
Partition starts at LBA: 8192 Numsec = 7798784

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 3997171712 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 14-09-22.01 - Emel 22.09.2014 9:54.1.4 - x64
Microsoft Windows 8 Pro 6.2.9200.0.1254.90.1055.18.8078.5154 [GMT 3:00]
Running from: c:\users\Emel\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ASUS
c:\programdata\ASUS\LifeFrame\config0.cfg
c:\programdata\ASUS\LifeFrame\config1.cfg
c:\programdata\ASUS\LifeFrame\config2.cfg
c:\programdata\ASUS\LifeFrame\config3.cfg
c:\programdata\ASUS\LifeFrame\config4.cfg
c:\programdata\ASUS\LifeFrame\config5.cfg
c:\programdata\ASUS\LifeFrame\tmp0.img
c:\programdata\ASUS\LifeFrame\tmp1.img
c:\programdata\ASUS\LifeFrame\tmp2.img
c:\programdata\ASUS\LifeFrame\tmp3.img
c:\programdata\ASUS\LifeFrame\tmp4.img
c:\programdata\ASUS\LifeFrame\tmp5.img
c:\users\Emel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{02658F77-3DD8-41D7-8C60-29EB30F4EA1C}.xps
c:\users\Emel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0CC81F16-3A8B-4AD1-8564-50D93A624E2B}.xps
c:\users\Emel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1852BD9C-E39A-41CF-A113-6DCA265D827A}.xps
c:\users\Emel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6D2D67E0-24E7-4FD4-8573-EFCE4FD3FDA5}.xps
c:\users\Emel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7A2BAC5A-B562-4252-A5A7-24D454A3ECED}.xps
c:\users\Emel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{942B3F50-ABF4-4EFF-B163-8C144D01545D}.xps
c:\users\Emel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AABDE6B3-F357-4F7D-A82A-FB0F78993524}.xps
c:\users\Emel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B710CBCC-93B4-452F-B0BA-5CE55FE691D1}.xps
c:\users\Emel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BB991CD9-7C4B-4060-81D1-84D796E1F053}.xps
c:\users\Emel\AppData\Local\Temp\7zS6F63\HPSLPSVC64.DLL
D:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_HPSLPSVC
-------\Service_HPSLPSVC
.
.
((((((((((((((((((((((((( Files Created from 2014-08-22 to 2014-09-22 )))))))))))))))))))))))))))))))
.
.
2014-09-22 07:07 . 2014-09-22 07:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-19 06:21 . 2014-09-19 07:12 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-09-18 15:26 . 2014-09-18 15:26 33512 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-09-18 15:07 . 2014-09-18 15:07 -------- d-----w- c:\users\Emel\EgaApi
2014-09-18 05:58 . 2014-09-22 07:20 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-18 05:57 . 2014-09-19 06:19 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-18 05:57 . 2014-09-18 05:58 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-09-18 05:57 . 2014-09-18 05:57 -------- d-----w- c:\programdata\Malwarebytes
2014-09-18 05:57 . 2014-05-12 04:26 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-09-18 05:57 . 2014-05-12 04:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-17 07:43 . 2014-09-17 07:43 33512 ----a-w- c:\windows\SysWow64\drivers\TrueSight.sys
2014-09-17 07:43 . 2014-09-17 07:43 -------- d-----w- c:\programdata\RogueKiller
2014-09-12 14:30 . 2010-05-26 08:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll
2014-09-12 14:30 . 2010-05-26 08:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2014-09-12 13:56 . 2014-09-12 14:34 -------- d-----w- c:\users\Emel\AppData\Roaming\Nero
2014-09-12 13:52 . 2014-09-15 06:42 -------- d-----w- c:\programdata\Nero
2014-09-11 05:52 . 2014-09-11 05:52 305832 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10246.bin
2014-09-10 12:34 . 2013-05-14 13:14 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2014-09-10 12:34 . 2014-08-16 09:33 97280 ----a-w- c:\windows\system32\mshtmled.dll
2014-09-10 12:34 . 2013-05-14 09:23 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-09-10 12:34 . 2012-07-26 03:06 197120 ----a-w- c:\windows\system32\msrating.dll
2014-09-10 12:32 . 2014-08-16 09:33 19280384 ----a-w- c:\windows\system32\mshtml.dll
2014-09-10 11:58 . 2014-07-31 23:40 1287680 ----a-w- c:\windows\system32\schedsvc.dll
2014-09-10 11:56 . 2014-07-26 02:19 26218496 ----a-w- c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2014-09-10 11:56 . 2014-07-26 01:52 25479168 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2014-09-10 11:56 . 2014-07-24 03:33 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-09-10 11:56 . 2014-07-24 03:33 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-08-28 06:04 . 2014-08-23 06:47 4036096 ----a-w- c:\windows\system32\win32k.sys
2014-08-27 07:58 . 2014-08-27 07:58 -------- d-----w- c:\program files (x86)\AVG Security Toolbar
2014-08-27 07:58 . 2014-08-27 07:58 -------- d-----w- c:\programdata\Avg_Update_0814tb
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-10 12:12 . 2013-11-28 10:50 101694776 ----a-w- c:\windows\system32\MRT.exe
2014-09-02 19:32 . 2014-08-17 19:17 705480 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-02 19:32 . 2014-08-17 19:17 104904 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-29 10:42 . 2012-07-26 08:13 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-26 06:17 . 2013-11-27 10:15 590536 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-08-22 14:04 . 2014-08-22 14:04 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2014-08-12 08:27 . 2014-02-21 19:18 50976 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2014-08-10 20:17 . 2013-11-27 10:12 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-08-07 08:59 . 2014-08-20 06:04 11319200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0F831CEC-5AB4-43F7-9B27-F41312877C93}\mpengine.dll
2014-07-22 10:34 . 2014-07-22 10:34 708168 ----a-w- c:\windows\system32\drivers\WinUSBCoInstaller.dll
2014-07-22 10:34 . 2014-07-22 10:34 1490656 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2014-07-15 23:03 . 2014-08-14 06:45 1300992 ----a-w- c:\windows\system32\gdi32.dll
2014-07-15 22:51 . 2014-08-14 09:08 71168 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2014-07-14 13:01 . 2013-11-27 10:22 42040 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-07-14 13:01 . 2013-11-27 10:17 117712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-07-12 02:36 . 2014-08-14 06:45 1023488 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-06-30 22:42 . 2014-07-10 06:01 394240 ----a-w- c:\windows\system32\devinv.dll
2014-06-30 22:42 . 2014-07-10 06:01 87552 ----a-w- c:\windows\system32\aepic.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2014-08-26 06:29 3627032 ----a-w- c:\program files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-07-16 13:56 297128 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll" [2014-08-26 3627032]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-03-08 08:49 222920 ----a-w- c:\users\Emel\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-03-08 08:49 222920 ----a-w- c:\users\Emel\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-03-08 08:49 222920 ----a-w- c:\users\Emel\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Emel\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
"uTorrent"="c:\users\Emel\AppData\Roaming\uTorrent\uTorrent.exe" [2014-07-04 1322832]
"AkisSIL.exe"="d:\palma\AkisSIL.exe" [2010-08-11 24576]
"AVG-Secure-Search-Update_0414c"="c:\program files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe" [2014-04-25 2725912]
"GoogleChromeAutoLaunch_DCBD1231C63BF0E76FC0BA0227F92F49"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-09-04 852808]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-08-20 751184]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2014-08-26 2640408]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"Net iD"="c:\windows\system32\iid.exe" [2007-02-12 77824]
.
c:\users\Emel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2014-7-25 1109344]
Monitör Mürekkep Uyarıları - HP Deskjet Ink Adv 2060 K110.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet Ink Adv 2060 K110\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN23L33K9Y05M9;CONNECTION=USB;MONITOR=1; [2012-7-26 51712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
CardOS API.lnk - c:\program files\Siemens\CardOS API\bin\siecacst.exe [2014-1-25 81920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R3 A38CCID;CCID USB Smart Card Reader;c:\windows\system32\DRIVERS\a38ccid.sys;c:\windows\SYSNATIVE\DRIVERS\a38ccid.sys [x]
R3 cxbu0x64;OMNIKEY 6121;c:\windows\system32\DRIVERS\cxbu0x64.sys;c:\windows\SYSNATIVE\DRIVERS\cxbu0x64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 mdareDriver_43;mdareDriver_43;c:\program files (x86)\Fortinet\FortiClient\mdare64_43.sys;c:\program files (x86)\Fortinet\FortiClient\mdare64_43.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 WSDScan;WSD Tarama DesteğI;c:\windows\System32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x]
S2 AntiVirSchedulerService;Avira Zamanlayıcı;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [x]
S2 AtherosSvc;AtherosSvc;c:\windows\system32\AdminService.exe;c:\windows\SYSNATIVE\AdminService.exe [x]
S2 ClickToRunSvc;Microsoft Office Tıklat-Çalıştır Hizmeti;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 ATP;ASUS Input Device;c:\windows\System32\drivers\AsusTP.sys;c:\windows\SYSNATIVE\drivers\AsusTP.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 BthLEEnum;Bluetooth Düşük Enerji Sürücüsü;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 HIDSwitch;ASUS Wireless Radio Control;c:\windows\System32\drivers\AsHIDSwitch64.sys;c:\windows\SYSNATIVE\drivers\AsHIDSwitch64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]
S3 RTL8168;Realtek 8168 NT Sürücüsü;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-15 06:12 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-22 c:\windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job
- c:\program files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2014-04-25 08:16]
.
2014-09-22 c:\windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job
- c:\program files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2014-04-25 08:16]
.
2014-09-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4075898193-2291822166-3250366710-1001Core.job
- c:\users\Emel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-28 11:14]
.
2014-09-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4075898193-2291822166-3250366710-1001UA.job
- c:\users\Emel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-28 11:14]
.
2014-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-28 09:45]
.
2014-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-28 09:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-05-27 14:49 357376 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-03-08 08:50 261832 ----a-w- c:\users\Emel\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-03-08 08:50 261832 ----a-w- c:\users\Emel\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-03-08 08:50 261832 ----a-w- c:\users\Emel\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-08-26 06:21 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-08-26 06:21 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-08-26 06:21 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0YndCase0Sync]
@="{63D48440-63AB-44D0-B323-4731DFCDE9E9}"
[HKEY_CLASSES_ROOT\CLSID\{63D48440-63AB-44D0-B323-4731DFCDE9E9}]
2014-06-25 22:32 1300768 ----a-w- c:\program files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0YndCase1Modified]
@="{7E7DC279-E6BE-4D57-9DEC-14FA0339DBC0}"
[HKEY_CLASSES_ROOT\CLSID\{7E7DC279-E6BE-4D57-9DEC-14FA0339DBC0}]
2014-06-25 22:32 1300768 ----a-w- c:\program files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0YndCase2Error]
@="{FB2FE984-05F5-4512-9D9B-69D3DE61F6D9}"
[HKEY_CLASSES_ROOT\CLSID\{FB2FE984-05F5-4512-9D9B-69D3DE61F6D9}]
2014-06-25 22:32 1300768 ----a-w- c:\program files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0YndCase3Shared]
@="{AF8D197E-7022-4c3d-BD88-68AD35C9C169}"
[HKEY_CLASSES_ROOT\CLSID\{AF8D197E-7022-4c3d-BD88-68AD35C9C169}]
2014-06-25 22:32 1300768 ----a-w- c:\program files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]
"CertificateRegistration"="aetcrss1.exe" [2012-03-13 191488]
"MFNetworkScanUtility"="c:\program files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE" [2012-09-27 486552]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 3933496]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-05-30 13550152]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Bu sayfayı kırp - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
IE: Clip Image - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Görüntüyü kırp - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
IE: kırp' - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
IE: New Note - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: Seçimi kırp - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
IE: URL
IE: Yeni not - c:\program files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
IE: yi
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxp://titubb.titck.gov.tr/Reserved.ReportViewerWebControl.axd?Culture=1055&CultureOverrides=True&UICulture=1055&UICultureOverrides=True&ReportStack=1&ControlID=b00ffb180a08478ca289e1a520725be9&Mode=true&OpType=PrintCab&Arch=X86
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-AKISYukle - d:\palma\AkisSertifikaYukleyici.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Net iD - c:\windows\system32\iid.exe
AddRemove-{9D3D8C60-A5EF-4123-B2B9-172095903AB} - c:\program files (x86)\InstallShield Installation Information\{9D3D8C60-A5EF-4123-B2B9-172095903AB}\Install.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2014-09-22 10:29:48 - machine was rebooted
ComboFix-quarantined-files.txt 2014-09-22 07:29
.
Pre-Run: 220.630.085.632 bytes free
Post-Run: 222.758.006.784 bytes free
.
- - End Of File - - E1046B3802DB2F0A3332CE970DD473FF
 
Looks good.

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
 
# AdwCleaner v3.310 - Rapor olusturuldu 24/09/2014 tarihinde 08:45:36
# Guncellendi 12/09/2014 tarafindan Xplode
# Isletim sistemi : Windows 8 Pro (64 bits)
# Kullanici adi : Emel - ASUS
# Adwcleaner konumu : C:\Users\Emel\Desktop\adwcleaner_3.310.exe
# Tarama turu : Temizle

***** [ Servisler ] *****


***** [ Dosyalar / Klasorler ] *****

Klasor Silindi : C:\ProgramData\AVG SafeGuard toolbar
Klasor Silindi : C:\ProgramData\AVG Secure Search
Klasor Silindi : C:\Program Files (x86)\AVG SafeGuard toolbar
Klasor Silindi : C:\Program Files (x86)\AVG Security Toolbar
Klasor Silindi : C:\Program Files (x86)\Common Files\AVG Secure Search
Klasor Silindi : C:\Windows\SysWOW64\hotspot shield
[!] Klasor Silindi : C:\Users\Emel\AppData\Local\AVG SafeGuard toolbar
Klasor Silindi : C:\Users\Emel\AppData\LocalLow\AVG SafeGuard toolbar

***** [ Görevler ] *****


***** [ Kisayollar ] *****


***** [ Registry ] *****

Deger Silindi : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Registry Key Silindi : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Registry Key Silindi : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Registry Key Silindi : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Registry Key Silindi : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Registry Key Silindi : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Registry Key Silindi : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Registry Key Silindi : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Registry Key Silindi : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Registry Key Silindi : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Registry Key Silindi : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Deger Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Registry Key Silindi : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Registry Key Silindi : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Registry Key Silindi : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Registry Key Silindi : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Registry Key Silindi : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Registry Key Silindi : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Registry Key Silindi : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Registry Key Silindi : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Registry Key Silindi : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Registry Key Silindi : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Registry Key Silindi : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Registry Key Silindi : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Registry Key Silindi : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Registry Key Silindi : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Registry Key Silindi : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Registry Key Silindi : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Registry Key Silindi : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Registry Key Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Registry Key Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Registry Key Silindi : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Registry Key Silindi : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Registry Key Silindi : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Registry Key Silindi : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Registry Key Silindi : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Registry Key Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Registry Key Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Registry Key Silindi : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Registry Key Silindi : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Registry Key Silindi : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Registry Key Silindi : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Deger Silindi : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Registry Key Silindi : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Registry Key Silindi : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Registry Key Silindi : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Registry Key Silindi : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Registry Key Silindi : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Registry Key Silindi : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Registry Key Silindi : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Registry Key Silindi : HKCU\Software\anchorfree
Registry Key Silindi : HKCU\Software\AVG SafeGuard toolbar
Registry Key Silindi : HKCU\Software\AVG Security Toolbar
Registry Key Silindi : HKLM\SOFTWARE\AVG SafeGuard toolbar
Registry Key Silindi : HKLM\SOFTWARE\AVG Security Toolbar
Registry Key Silindi : HKLM\SOFTWARE\Description
Registry Key Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar

***** [ Tarayicilar ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Google Chrome v37.0.2062.120

*************************

AdwCleaner[R0].txt - [7117 octets] - [24/09/2014 08:41:38]
AdwCleaner[S0].txt - [6617 octets] - [24/09/2014 08:45:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6677 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.0 (09.22.2014:1)
OS: Windows 8 Pro x64
Ran by Emel on €ar 24.09.2014 at 9:00:21,21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-4075898193-2291822166-3250366710-1001\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on €ar 24.09.2014 at 9:06:01,75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
Ran by Emel (administrator) on ASUS on 24-09-2014 09:32:54
Running from C:\Users\Emel\Desktop
Platform: Windows 8 Pro (X64) OS Language: Türkçe (Türkiye)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Atheros Commnucations) C:\Windows\System32\AdminService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
() C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(A.E.T. Europe B.V.) C:\Windows\System32\aetcrss1.exe
(CANON INC.) C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Akamai Technologies, Inc.) C:\Users\Emel\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Akamai Technologies, Inc.) C:\Users\Emel\AppData\Local\Akamai\netsession_win.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [CertificateRegistration] => C:\Windows\system32\aetcrss1.exe [191488 2012-03-13] (A.E.T. Europe B.V.)
HKLM\...\Run: [MFNetworkScanUtility] => C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [486552 2012-09-27] (CANON INC.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13550152 2013-05-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Net iD] => C:\Windows\SysWOW64\iid.exe [77824 2007-02-12] (NetMaker Consulting Group AB)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-4075898193-2291822166-3250366710-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Emel\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4075898193-2291822166-3250366710-1001\...\Run: [uTorrent] => C:\Users\Emel\AppData\Roaming\uTorrent\uTorrent.exe [1322832 2014-07-04] (BitTorrent Inc.)
HKU\S-1-5-21-4075898193-2291822166-3250366710-1001\...\Run: [AkisSIL.exe] => D:\Palma\AkisSIL.exe [24576 2010-08-11] ()
HKU\S-1-5-21-4075898193-2291822166-3250366710-1001\...\Run: [AVG-Secure-Search-Update_0414c] => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2725912 2014-04-25] ()
HKU\S-1-5-21-4075898193-2291822166-3250366710-1001\...\Run: [GoogleChromeAutoLaunch_DCBD1231C63BF0E76FC0BA0227F92F49] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-09-04] (Google Inc.)
HKU\S-1-5-21-4075898193-2291822166-3250366710-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CardOS API.lnk
ShortcutTarget: CardOS API.lnk -> C:\Program Files\Siemens\CardOS API\bin\siecacst.exe (Siemens AG)
Startup: C:\Users\Emel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Emel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitör Mürekkep Uyarıları - HP Deskjet Ink Adv 2060 K110.lnk
ShortcutTarget: Monitör Mürekkep Uyarıları - HP Deskjet Ink Adv 2060 K110.lnk -> C:\Program Files\HP\HP Deskjet Ink Adv 2060 K110\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: 0YndCase0Sync -> {63D48440-63AB-44D0-B323-4731DFCDE9E9} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll ()
ShellIconOverlayIdentifiers: 0YndCase1Modified -> {7E7DC279-E6BE-4D57-9DEC-14FA0339DBC0} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll ()
ShellIconOverlayIdentifiers: 0YndCase2Error -> {FB2FE984-05F5-4512-9D9B-69D3DE61F6D9} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll ()
ShellIconOverlayIdentifiers: 0YndCase3Shared -> {AF8D197E-7022-4c3d-BD88-68AD35C9C169} => C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBACBB0C858EBCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = tr-TR
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {5554DCB0-700B-498D-9B58-4E40E5814405} http://titubb.titck.gov.tr/Reserved...a520725be9&Mode=true&OpType=PrintCab&Arch=X86
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Emel\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-07-24]

Chrome:
=======
CHR Profile: C:\Users\Emel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Wallet) - C:\Users\Emel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-20] (Avira Operations GmbH & Co. KG)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-29] (Atheros Commnucations)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [239680 2014-02-19] (Foxit Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 A38CCID; C:\Windows\system32\DRIVERS\a38ccid.sys [62592 2014-03-24] (Advanced Card Systems Ltd.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70416 2013-09-23] (ASUS Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-14] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-12] (AVG Technologies)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-13] (Avira Operations GmbH & Co. KG)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 cxbu0x64; C:\Windows\system32\DRIVERS\cxbu0x64.sys [143360 2013-08-19] (HID Global Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-08-22] (Disc Soft Ltd)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-03-19] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [33512 2014-09-18] ()
U3 TrueSight; C:\Windows\SysWOW64\Drivers\TrueSight.sys [33512 2014-09-17] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 mdareDriver_43; \??\C:\Program Files (x86)\Fortinet\FortiClient\mdare64_43.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-24 09:32 - 2014-09-24 09:33 - 00017866 _____ () C:\Users\Emel\Desktop\FRST.txt
2014-09-24 09:32 - 2014-09-24 09:32 - 00000000 ____D () C:\FRST
2014-09-24 09:06 - 2014-09-24 09:06 - 00001351 _____ () C:\Users\Emel\Desktop\JRT.txt
2014-09-24 09:00 - 2014-09-24 09:00 - 00000000 ____D () C:\Windows\ERUNT
2014-09-24 08:50 - 2014-09-24 08:50 - 00006785 _____ () C:\Users\Emel\Desktop\AdwCleaner[S0].txt
2014-09-24 08:41 - 2014-09-24 08:45 - 00000000 ____D () C:\AdwCleaner
2014-09-23 14:15 - 2014-09-23 14:15 - 00000000 ____D () C:\Users\Emel\EgaApi
2014-09-23 13:55 - 2014-09-23 13:55 - 02105856 _____ (Farbar) C:\Users\Emel\Desktop\FRST64.exe
2014-09-23 13:55 - 2014-09-23 13:55 - 01024790 _____ (Thisisu) C:\Users\Emel\Desktop\JRT.exe
2014-09-23 13:54 - 2014-09-23 13:55 - 01373475 _____ () C:\Users\Emel\Desktop\adwcleaner_3.310.exe
2014-09-22 10:29 - 2014-09-22 10:29 - 00028439 _____ () C:\ComboFix.txt
2014-09-22 09:49 - 2011-06-26 09:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-22 09:49 - 2010-11-07 20:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-22 09:49 - 2009-04-20 07:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-22 09:49 - 2000-08-31 03:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-22 09:49 - 2000-08-31 03:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-22 09:49 - 2000-08-31 03:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2014-09-22 09:49 - 2000-08-31 03:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-22 09:49 - 2000-08-31 03:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-22 09:49 - 2000-08-31 03:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-22 09:46 - 2014-09-22 10:29 - 00000000 ____D () C:\Qoobox
2014-09-22 09:45 - 2014-09-22 10:23 - 00000000 ____D () C:\Windows\erdnt
2014-09-22 02:08 - 2014-09-22 02:08 - 00285683 _____ () C:\Users\Emel\Desktop\LİMA STOK.xlsx
2014-09-19 09:21 - 2014-09-19 10:12 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-18 18:26 - 2014-09-18 18:26 - 00033512 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-09-18 11:25 - 2014-09-18 11:25 - 00006835 _____ () C:\Users\Emel\Documents\DokumaninIndirildigineIliskinForm3.html
2014-09-18 11:24 - 2014-09-18 11:25 - 05733513 _____ () C:\Users\Emel\Documents\ihale_dokumani_2014_109257.zip
2014-09-18 11:20 - 2014-09-18 11:20 - 00006829 _____ () C:\Users\Emel\Documents\DokumaninIndirildigineIliskinForm1.html
2014-09-18 11:19 - 2014-09-18 11:20 - 05990206 _____ () C:\Users\Emel\Documents\ihale_dokumani_2014_109585.zip
2014-09-18 11:17 - 2014-09-18 11:17 - 00006821 _____ () C:\Users\Emel\Documents\DokumaninIndirildigineIliskinForm.html
2014-09-18 08:57 - 2014-09-18 08:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-17 16:11 - 2014-09-18 08:35 - 00024415 _____ () C:\Users\Emel\Desktop\Standart İhale Evrakları.xlsx
2014-09-17 10:43 - 2014-09-17 10:43 - 00033512 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-09-17 10:43 - 2014-09-17 10:43 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-16 15:57 - 2014-09-16 15:57 - 00001130 _____ () C:\Users\Emel\Documents\ihale_dokumani_2014_100341.zip
2014-09-16 10:16 - 2014-09-16 10:16 - 03632135 _____ () C:\Users\Emel\Documents\ihale_dokumani_2014_92408.zip
2014-09-12 20:55 - 2014-09-12 20:55 - 00039087 _____ () C:\Users\Emel\Documents\UDF1.nru
2014-09-12 20:40 - 2014-09-12 20:40 - 00000000 ____D () C:\Users\Emel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.Disk
2014-09-12 18:24 - 2014-09-12 18:24 - 00035869 _____ () C:\Users\Emel\Documents\KarışıkMod1.nrm
2014-09-12 17:30 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2014-09-12 17:30 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-09-12 16:56 - 2014-09-12 17:34 - 00000000 ____D () C:\Users\Emel\AppData\Roaming\Nero
2014-09-12 16:52 - 2014-09-15 09:42 - 00000000 ____D () C:\ProgramData\Nero
2014-09-12 16:05 - 2014-09-12 16:05 - 00012750 _____ () C:\Users\Emel\Desktop\trek otw ubb.xlsx
2014-09-12 12:09 - 2014-09-12 12:09 - 00000685 _____ () C:\Users\Emel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ipscan23.lnk
2014-09-12 11:37 - 2014-09-12 11:37 - 00000497 _____ () C:\Users\Emel\Desktop\Elements.lnk
2014-09-12 10:52 - 2014-09-16 12:11 - 01801790 _____ () C:\Users\Emel\Desktop\Lima Sagl_k Teklif Sablonu.xlsx
2014-09-10 15:34 - 2014-08-16 12:33 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 15:34 - 2014-08-16 10:36 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 15:34 - 2014-03-07 03:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 15:34 - 2013-05-14 16:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 15:34 - 2013-05-14 12:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 15:34 - 2012-07-26 06:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 15:33 - 2014-08-16 12:34 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 15:33 - 2014-08-16 12:34 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 15:33 - 2014-08-16 12:34 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-09-10 15:33 - 2014-08-16 12:34 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 15:33 - 2014-08-16 12:33 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 15:33 - 2014-08-16 12:32 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 15:33 - 2014-08-16 12:32 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 15:33 - 2014-08-16 12:32 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 15:33 - 2014-08-16 12:32 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 15:33 - 2014-08-16 12:32 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-10 15:33 - 2014-08-16 12:32 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 15:33 - 2014-08-16 12:32 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 15:33 - 2014-08-16 12:32 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 15:33 - 2014-08-16 10:37 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 15:33 - 2014-08-16 10:37 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 15:33 - 2014-08-16 10:36 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 15:33 - 2014-08-16 10:36 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 15:33 - 2014-08-16 10:36 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 15:33 - 2014-08-16 10:36 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-09-10 15:33 - 2014-08-16 10:36 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 15:33 - 2014-08-16 10:36 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 15:33 - 2014-08-16 10:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 15:33 - 2014-08-16 10:36 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 15:33 - 2014-08-16 10:35 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 15:33 - 2013-05-16 01:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-09-10 15:33 - 2013-05-16 01:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-09-10 15:33 - 2013-02-21 13:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-09-10 15:33 - 2013-02-21 13:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 15:33 - 2013-02-21 13:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 15:33 - 2013-02-21 13:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 15:33 - 2013-02-21 13:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-09-10 15:33 - 2013-02-21 13:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 15:33 - 2013-02-19 12:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-09-10 15:33 - 2012-11-08 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 15:33 - 2012-11-08 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 15:32 - 2014-08-16 12:33 - 19280384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 15:32 - 2014-08-16 10:36 - 14369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 14:58 - 2014-08-01 02:40 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-09-10 14:57 - 2014-09-05 01:36 - 00755712 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 14:57 - 2014-09-03 04:49 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 14:57 - 2014-08-28 14:34 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-10 14:57 - 2014-08-28 09:05 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-10 14:57 - 2014-08-28 09:05 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-10 14:57 - 2014-08-28 09:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-10 14:57 - 2014-08-28 09:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-10 14:57 - 2014-08-28 09:02 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-10 14:57 - 2014-08-28 09:01 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-10 14:57 - 2014-08-28 09:01 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-10 14:57 - 2014-08-28 09:01 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-10 14:57 - 2014-08-28 09:01 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-09-10 14:57 - 2014-08-28 09:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-09-10 14:57 - 2014-08-28 09:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-10 14:57 - 2014-08-28 09:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-10 14:57 - 2014-08-28 09:01 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-09-10 14:57 - 2014-06-05 04:12 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2014-09-10 14:57 - 2014-06-04 02:12 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2014-09-10 14:56 - 2014-07-24 06:33 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-09-10 14:56 - 2014-07-24 06:33 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2014-09-04 09:45 - 2014-09-04 09:46 - 00000873 _____ () C:\Users\Emel\Desktop\LTD ŞTİ.lnk
2014-09-04 09:42 - 2014-09-04 09:42 - 00000851 _____ () C:\Users\Emel\Desktop\GoPlus.lnk
2014-09-02 14:26 - 2014-09-23 18:17 - 00005036 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Asus-Emel Asus
2014-08-28 09:04 - 2014-08-23 09:47 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-27 10:58 - 2014-08-27 10:58 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-24 09:33 - 2014-09-24 09:32 - 00017866 _____ () C:\Users\Emel\Desktop\FRST.txt
2014-09-24 09:32 - 2014-09-24 09:32 - 00000000 ____D () C:\FRST
2014-09-24 09:29 - 2013-11-27 13:20 - 00000000 ____D () C:\Users\Emel\Documents\Outlook Dosyaları
2014-09-24 09:25 - 2013-11-28 12:45 - 00001026 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-24 09:25 - 2013-11-28 12:45 - 00001022 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-24 09:06 - 2014-09-24 09:06 - 00001351 _____ () C:\Users\Emel\Desktop\JRT.txt
2014-09-24 09:06 - 2013-11-27 13:13 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4075898193-2291822166-3250366710-1001
2014-09-24 09:04 - 2013-11-27 13:07 - 01768199 _____ () C:\Windows\WindowsUpdate.log
2014-09-24 09:02 - 2013-11-27 14:28 - 05947392 ___SH () C:\Users\Emel\Desktop\Thumbs.db
2014-09-24 09:00 - 2014-09-24 09:00 - 00000000 ____D () C:\Windows\ERUNT
2014-09-24 09:00 - 2012-07-26 11:12 - 00000000 ____D () C:\Windows\system32\sru
2014-09-24 08:57 - 2013-11-27 13:07 - 00000000 ____D () C:\Users\Emel\AppData\Local\Packages
2014-09-24 08:50 - 2014-09-24 08:50 - 00006785 _____ () C:\Users\Emel\Desktop\AdwCleaner[S0].txt
2014-09-24 08:48 - 2014-04-25 11:16 - 00000384 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job
2014-09-24 08:48 - 2014-04-25 11:16 - 00000384 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job
2014-09-24 08:48 - 2012-07-26 10:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-24 08:47 - 2014-02-21 22:19 - 00000000 ____D () C:\Users\Emel\AppData\Local\AVG SafeGuard toolbar
2014-09-24 08:47 - 2013-11-27 13:03 - 00132130 _____ () C:\Windows\PFRO.log
2014-09-24 08:45 - 2014-09-24 08:41 - 00000000 ____D () C:\AdwCleaner
2014-09-23 18:17 - 2014-09-02 14:26 - 00005036 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Asus-Emel Asus
2014-09-23 16:20 - 2013-11-28 14:15 - 00000934 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4075898193-2291822166-3250366710-1001UA.job
2014-09-23 14:15 - 2014-09-23 14:15 - 00000000 ____D () C:\Users\Emel\EgaApi
2014-09-23 14:15 - 2013-11-27 13:07 - 00000000 ____D () C:\Users\Emel
2014-09-23 14:04 - 2013-11-28 17:23 - 00000000 ____D () C:\Users\Emel\AppData\Local\Deployment
2014-09-23 13:55 - 2014-09-23 13:55 - 02105856 _____ (Farbar) C:\Users\Emel\Desktop\FRST64.exe
2014-09-23 13:55 - 2014-09-23 13:55 - 01024790 _____ (Thisisu) C:\Users\Emel\Desktop\JRT.exe
2014-09-23 13:55 - 2014-09-23 13:54 - 01373475 _____ () C:\Users\Emel\Desktop\adwcleaner_3.310.exe
2014-09-23 13:20 - 2013-11-28 14:15 - 00000912 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4075898193-2291822166-3250366710-1001Core.job
2014-09-23 10:27 - 2014-01-22 15:32 - 00167368 _____ () C:\Users\Emel\Desktop\İHALE SONUÇLARI.xlsx
2014-09-23 10:25 - 2014-02-04 18:25 - 00078004 _____ () C:\Users\Emel\Documents\gpfax.adr
2014-09-23 10:25 - 2014-02-04 18:25 - 00000624 _____ () C:\Users\Emel\Documents\gpfax.idx
2014-09-23 08:46 - 2012-07-26 10:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-09-22 20:33 - 2012-07-26 13:03 - 00711712 _____ () C:\Windows\system32\perfh01F.dat
2014-09-22 20:33 - 2012-07-26 13:03 - 00146728 _____ () C:\Windows\system32\perfc01F.dat
2014-09-22 20:33 - 2012-07-26 10:28 - 01697282 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-22 15:37 - 2013-11-28 17:23 - 00000000 ____D () C:\Users\Emel\AppData\Local\Apps\2.0
2014-09-22 15:16 - 2013-12-19 16:43 - 00018432 ___SH () C:\Users\Emel\Documents\Thumbs.db
2014-09-22 10:48 - 2012-07-26 08:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-09-22 10:29 - 2014-09-22 10:29 - 00028439 _____ () C:\ComboFix.txt
2014-09-22 10:29 - 2014-09-22 09:46 - 00000000 ____D () C:\Qoobox
2014-09-22 10:29 - 2012-07-26 08:37 - 00000000 __RHD () C:\Users\Default
2014-09-22 10:23 - 2014-09-22 09:45 - 00000000 ____D () C:\Windows\erdnt
2014-09-22 10:21 - 2012-07-26 08:26 - 00000215 _____ () C:\Windows\system.ini
2014-09-22 10:18 - 2012-07-26 08:26 - 81002496 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-09-22 10:18 - 2012-07-26 08:26 - 16777216 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-09-22 10:18 - 2012-07-26 08:26 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-09-22 10:18 - 2012-07-26 08:26 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-09-22 10:18 - 2012-07-26 08:26 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-09-22 02:08 - 2014-09-22 02:08 - 00285683 _____ () C:\Users\Emel\Desktop\LİMA STOK.xlsx
2014-09-21 13:43 - 2012-07-26 10:21 - 00064334 _____ () C:\Windows\setupact.log
2014-09-20 09:33 - 2014-04-15 10:46 - 00000000 ____D () C:\Users\Emel\AppData\Local\CrashDumps
2014-09-19 10:56 - 2014-05-21 13:20 - 00000000 ____D () C:\Program Files (x86)\Labeljoy 5
2014-09-19 10:12 - 2014-09-19 09:21 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-18 18:30 - 2013-11-27 13:28 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-18 18:26 - 2014-09-18 18:26 - 00033512 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-09-18 12:18 - 2012-07-26 11:12 - 00000000 ____D () C:\Windows\rescache
2014-09-18 11:25 - 2014-09-18 11:25 - 00006835 _____ () C:\Users\Emel\Documents\DokumaninIndirildigineIliskinForm3.html
2014-09-18 11:25 - 2014-09-18 11:24 - 05733513 _____ () C:\Users\Emel\Documents\ihale_dokumani_2014_109257.zip
2014-09-18 11:20 - 2014-09-18 11:20 - 00006829 _____ () C:\Users\Emel\Documents\DokumaninIndirildigineIliskinForm1.html
2014-09-18 11:20 - 2014-09-18 11:19 - 05990206 _____ () C:\Users\Emel\Documents\ihale_dokumani_2014_109585.zip
2014-09-18 11:17 - 2014-09-18 11:17 - 00006821 _____ () C:\Users\Emel\Documents\DokumaninIndirildigineIliskinForm.html
2014-09-18 08:57 - 2014-09-18 08:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-18 08:35 - 2014-09-17 16:11 - 00024415 _____ () C:\Users\Emel\Desktop\Standart İhale Evrakları.xlsx
2014-09-17 10:43 - 2014-09-17 10:43 - 00033512 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-09-17 10:43 - 2014-09-17 10:43 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-16 15:57 - 2014-09-16 15:57 - 00001130 _____ () C:\Users\Emel\Documents\ihale_dokumani_2014_100341.zip
2014-09-16 12:11 - 2014-09-12 10:52 - 01801790 _____ () C:\Users\Emel\Desktop\Lima Sagl_k Teklif Sablonu.xlsx
2014-09-16 10:24 - 2012-07-26 11:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-09-16 10:16 - 2014-09-16 10:16 - 03632135 _____ () C:\Users\Emel\Documents\ihale_dokumani_2014_92408.zip
2014-09-15 09:42 - 2014-09-12 16:52 - 00000000 ____D () C:\ProgramData\Nero
2014-09-15 09:34 - 2014-07-25 15:54 - 00000000 ___RD () C:\Users\Emel\YandexDisk
2014-09-15 09:26 - 2014-07-16 08:46 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-15 09:26 - 2012-07-26 11:12 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-12 20:55 - 2014-09-12 20:55 - 00039087 _____ () C:\Users\Emel\Documents\UDF1.nru
2014-09-12 20:40 - 2014-09-12 20:40 - 00000000 ____D () C:\Users\Emel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yandex.Disk
2014-09-12 18:24 - 2014-09-12 18:24 - 00035869 _____ () C:\Users\Emel\Documents\KarışıkMod1.nrm
2014-09-12 17:34 - 2014-09-12 16:56 - 00000000 ____D () C:\Users\Emel\AppData\Roaming\Nero
2014-09-12 16:05 - 2014-09-12 16:05 - 00012750 _____ () C:\Users\Emel\Desktop\trek otw ubb.xlsx
2014-09-12 12:09 - 2014-09-12 12:09 - 00000685 _____ () C:\Users\Emel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ipscan23.lnk
2014-09-12 12:06 - 2014-02-25 19:33 - 00000000 ____D () C:\Users\Emel\olesa
2014-09-12 11:37 - 2014-09-12 11:37 - 00000497 _____ () C:\Users\Emel\Desktop\Elements.lnk
2014-09-10 15:32 - 2013-11-28 13:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 15:12 - 2013-11-28 13:50 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-08 11:12 - 2013-11-27 15:02 - 00000000 ____D () C:\Users\Emel\EMEL
2014-09-06 13:59 - 2014-08-20 11:54 - 00000000 ____D () C:\Users\Emel\AppData\Local\EvernoteNW
2014-09-05 01:36 - 2014-09-10 14:57 - 00755712 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-04 09:46 - 2014-09-04 09:45 - 00000873 _____ () C:\Users\Emel\Desktop\LTD ŞTİ.lnk
2014-09-04 09:42 - 2014-09-04 09:42 - 00000851 _____ () C:\Users\Emel\Desktop\GoPlus.lnk
2014-09-03 04:49 - 2014-09-10 14:57 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-02 22:32 - 2014-08-17 22:17 - 00705480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-02 22:32 - 2014-08-17 22:17 - 00104904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-02 11:23 - 2014-07-16 11:11 - 00317680 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-29 15:45 - 2014-04-06 00:02 - 00000000 ____D () C:\Users\Emel\AppData\Roaming\HpUpdate
2014-08-28 14:34 - 2014-09-10 14:57 - 00059400 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-28 09:05 - 2014-09-10 14:57 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-28 09:05 - 2014-09-10 14:57 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-28 09:05 - 2014-09-10 14:57 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-28 09:05 - 2014-09-10 14:57 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-28 09:02 - 2014-09-10 14:57 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-28 09:01 - 2014-09-10 14:57 - 03285504 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-28 09:01 - 2014-09-10 14:57 - 01623552 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-28 09:01 - 2014-09-10 14:57 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-28 09:01 - 2014-09-10 14:57 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-08-28 09:01 - 2014-09-10 14:57 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-08-28 09:01 - 2014-09-10 14:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-28 09:01 - 2014-09-10 14:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-28 09:01 - 2014-09-10 14:57 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-08-27 10:58 - 2014-08-27 10:58 - 00000000 ____D () C:\ProgramData\Avg_Update_0814tb
2014-08-26 09:24 - 2013-11-27 13:13 - 00000000 ____D () C:\Program Files\Microsoft Office 15

Files to move or delete:
====================
C:\Users\Emel\3Dsubtitler.exe


Some content of TEMP:
====================
C:\Users\Emel\AppData\Local\temp\avgnt.exe
C:\Users\Emel\AppData\Local\temp\pkcs11wrapper.dll
C:\Users\Emel\AppData\Local\temp\pkcs11wrapper_x32_131.dll
C:\Users\Emel\AppData\Local\temp\pkcs11wrapper_x32_17.dll
C:\Users\Emel\AppData\Local\temp\pkcs11wrapper_x32_192.dll
C:\Users\Emel\AppData\Local\temp\pkcs11wrapper_x32_22.dll
C:\Users\Emel\AppData\Local\temp\pkcs11wrapper_x32_24.dll
C:\Users\Emel\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 12:45

==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-09-2014 01
Ran by Emel at 2014-09-24 09:34:23
Running from C:\Users\Emel\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.)
4K Video Downloader 3.4 (HKLM-x32\...\4K Video Downloader_is1) (Version: 3.4.0.1400 - Open Media LLC)
64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
ACR38/100/122 PC/SC Driver 1.1.2.0 (HKLM\...\{155796AE-16D0-45D2-8939-6AE3AD67147B}) (Version: 1.1.2 - Advanced Card Systems Ltd.)
Adobe Reader XI (11.0.09) - Turkish (HKLM-x32\...\{AC76BA86-7AD7-1055-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
AKIS Yonetici (1.45) (HKLM-x32\...\{2510D83C-5158-4A14-B93B-8674404EFB85}) (Version: 1.45 - Şirketinizin Adı)
Altyazı Düzenleme (HKCU\...\7cc2423405cdd089) (Version: 1.0.0.1 - Altyazı Düzenleme)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.5 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.1.7 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0018 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.26 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0025 - ASUS)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
calibre 64bit (HKLM\...\{D26251F6-17ED-41B6-9FE2-9097FDD2E760}) (Version: 1.46.0 - Kovid Goyal)
Canon MF Toolbox 4.9.1.1.mf16 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf16 - CANON INC.)
Canon MF4700 Series (HKLM\...\{47A8DB42-4E21-4d55-9931-D4F44CC3F03B}) (Version: 4.1.0.1 - CANON INC.)
CardOS API (HKLM-x32\...\{A096AD5E-C135-42DF-9FFC-A056A94DE778}) (Version: 3.2.007 - Siemens)
CardOS API (x32 Version: 3.2.007 - Siemens) Hidden
CM Installer (HKLM-x32\...\{E8F42777-958D-4C14-9A42-8DCA1929FD26}) (Version: 1.0.0.0 - Cyanogen Inc.)
Corel PaintShop Pro X5 (HKLM-x32\...\_{1563C6F2-E9B5-42DE-9EA6-207C9A8C2DFB}) (Version: 15.1.0.10 - Corel Corporation)
Corel PaintShop Pro X5 (x32 Version: 15.1.0.10 - Corel Corporation) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
EDost (HKCU\...\e25d0a4324a9af8d) (Version: 3.2.0.115 - E-Tuğra EBG Bilişim Teknolojileri ve Hizmetleri A.Ş.)
ePUBee DRM Removal (HKLM-x32\...\ePUBee DRM Removal) (Version: 3.0.5.1 - ePUBee Inc.)
Evernote v. 5.5.3 (HKLM-x32\...\{B1A0F908-1448-11E4-8684-00163E98E7D0}) (Version: 5.5.3.4236 - Evernote Corp.)
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.2.75.126 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.4.217 - Foxit Corporation)
Free YouTube Download version 3.2.42.716 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.42.716 - DVDVideoSoft Ltd.)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GemPcCCID (HKLM\...\{7567A068-2F02-40D1-A34C-16D79ECD35A6}) (Version: 2.0.1 - Gemalto)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP Deskjet Ink Adv 2060 K110 Temel Aygıt Yazılımı (HKLM\...\{0D0D2DDE-DD9F-4156-8720-5DAE9119483D}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet Ink Adv 2060 K110 Ürün Geliştirme Çalışması (HKLM\...\{C48421F7-C53E-4652-B31B-4759F645236C}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet Ink Adv 2060 K110 Yardım (HKLM-x32\...\{261A4762-744B-4C71-81D2-57FA5038DC7B}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
ICA (x32 Version: 15.1.0.10 - Corel Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
IPM_PSP_COM (x32 Version: 15.1.0.10 - Corel Corporation) Hidden
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416025FF}) (Version: 6.0.250 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
KIK İhale Bildirimi (HKCU\...\d49428f24d4ca188) (Version: 2.3.0.2 - HÜAP)
Labeljoy 5 (HKLM-x32\...\{50BC64A3-7051-4677-B49C-19D303F10350}) (Version: 5 - eDisplay)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office Ev ve İş 2013 - tr-tr (HKLM\...\HomeBusinessRetail - tr-tr) (Version: 15.0.4641.1003 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4029.0217 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Net iD 4.4 (HKLM-x32\...\Net iD) (Version: - )
NVIDIA Denetim Masası 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafik Sürücüsü 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA Güncelleştirmeleri 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA HD Ses Sürücüsü 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX Sistem Yazılımı 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
OMNIKEY 3x21 PC/SC Driver (HKLM-x32\...\{62B8D8A1-D4A9-43D7-BC85-450FFC7644B7}) (Version: 3.0.1.0 - HID Global GmbH)
Palma 2.0 sürümü (HKLM-x32\...\{6C421E25-792D-4CBE-8F73-DB1A25C0747C}_is1) (Version: 2.0 - TurkTrust)
PCL Printer Driver Uninstaller (HKLM\...\PCL Printer Driver) (Version: 5, 4, 0, 0 - Canon Inc.)
Pkcs11WrapperSetup64 (HKLM\...\{366A8FB2-549C-467F-A8BB-61426020F429}) (Version: 1.0.0 - E-Tuğra EBG Bilişim Teknolojileri ve Hizmetleri A.Ş.)
PSPPContent (x32 Version: 15.1.0.10 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 15.1.0.10 - Corel Corporation) Hidden
PSPPro64 (Version: 15.1.0.10 - Corel Corporation) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.744.744.052913 - REALTEK Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6937 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.9200.27030 - Realtek Semiconductor Corp.)
SafeSign (HKLM\...\{2DF407D3-A8AD-4ACF-BFD5-5F7D42EC62FD}) (Version: 3.0.76 - A.E.T. Europe B.V.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.4.0 - SAMSUNG Electronics Co., Ltd.)
Setup (x32 Version: 15.1.0.10 - Corel Corporation) Hidden
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Subtitle Workshop 2.51 (HKLM-x32\...\SubtitleWorkshop) (Version: - )
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Sürücü Paketi - ACS (A38CCID) SmartCardReader (12/16/2009 1.1.6.5) (HKLM\...\F02CC611741E33C64CDEAEEE2C7A46E41719B2CC) (Version: 12/16/2009 1.1.6.5 - ACS)
Windows Sürücü Paketi - ACS (ACR122U) SmartCardReader (12/16/2009 1.1.6.3) (HKLM\...\A9B944A9EADA685F103858C6923BF5DD8E127C2C) (Version: 12/16/2009 1.1.6.3 - ACS)
Windows Sürücü Paketi - ACS (ACSSCR) SmartCardReader (12/15/2009 1.1.6.2) (HKLM\...\0942775975678D6CC510D2C2F022CD956CCF177E) (Version: 12/15/2009 1.1.6.2 - ACS)
Windows Sürücü Paketi - ASUS (ATP) Mouse (09/17/2013 1.0.0.186) (HKLM\...\D9E691DCEE7D3B9B7C62A7F5C2EAABBB9335DC9A) (Version: 09/17/2013 1.0.0.186 - ASUS)
WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Yandex.Disk (HKCU\...\YandexDisk) (Version: 1.2.7.4608 - Yandex)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4075898193-2291822166-3250366710-1001_Classes\CLSID\{19170A69-A883-40D5-AF97-F6DC41495F15}\InprocServer32 -> C:\Users\Emel\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4602.dll ()
CustomCLSID: HKU\S-1-5-21-4075898193-2291822166-3250366710-1001_Classes\CLSID\{2D6BD2F0-5F84-4a06-924F-AEE0598B6272}\InprocServer32 -> C:\Users\Emel\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4602.dll ()
CustomCLSID: HKU\S-1-5-21-4075898193-2291822166-3250366710-1001_Classes\CLSID\{33A431BB-FF15-4047-8FEC-F82FD3523A00}\localserver32 -> C:\Users\Emel\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe ()
CustomCLSID: HKU\S-1-5-21-4075898193-2291822166-3250366710-1001_Classes\CLSID\{97836AB9-12C5-4C30-A128-B75196DD1787}\InprocServer32 -> C:\Users\Emel\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4602.dll ()
CustomCLSID: HKU\S-1-5-21-4075898193-2291822166-3250366710-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Emel\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4075898193-2291822166-3250366710-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Emel\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4075898193-2291822166-3250366710-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Emel\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4075898193-2291822166-3250366710-1001_Classes\CLSID\{E36606FE-036A-4dd0-ABA9-A58F409803F0}\InprocServer32 -> C:\Users\Emel\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4602.dll ()
CustomCLSID: HKU\S-1-5-21-4075898193-2291822166-3250366710-1001_Classes\CLSID\{ECF41531-0840-4361-955F-1157A091842F}\InprocServer32 -> C:\Users\Emel\AppData\Roaming\Yandex\YandexDisk\YandexDiskShellExt-4602.dll ()
CustomCLSID: HKU\S-1-5-21-4075898193-2291822166-3250366710-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Emel\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4075898193-2291822166-3250366710-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Emel\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

19-09-2014 06:15:38 Virüs
22-09-2014 06:49:54 ComboFix created restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 08:26 - 2014-09-22 10:07 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {09A390BB-B5F9-4703-AB9B-3EC326BDA8A7} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {0ADBD853-48D9-42B3-8CD4-687EF4A48DD6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-09-10] (Microsoft Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1EE388E4-8DB8-4316-B544-A109BFACC7DC} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-10-24] (ASUS)
Task: {21C63F71-919B-41F9-8673-F9A3DF3E39DA} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {4D2124D3-730F-42BB-86C1-D0F6226782DC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-28] (Google Inc.)
Task: {5DBB5ACF-26E4-401C-93D0-C4E4499236D8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-28] (Google Inc.)
Task: {70E393CD-3A23-49C9-8A0B-87ED9190B3BF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4075898193-2291822166-3250366710-1001UA => C:\Users\Emel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-28] (Facebook Inc.)
Task: {8290C69A-5B3F-4214-97C5-B0BA95BEDB93} - System32\Tasks\HPCustParticipation HP Deskjet Ink Adv 2060 K110 => C:\Program Files\HP\HP Deskjet Ink Adv 2060 K110\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {83F661BF-24FC-44E4-93E2-54A9CC1DC0F6} - System32\Tasks\AVG-Secure-Search-Update_0414c_rmv => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2014-04-25] ()
Task: {8BC1D7E0-FE24-4B4C-8536-38EFF4E27064} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Asus-Emel Asus => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-08-26] (Microsoft Corporation)
Task: {8C75429D-B2CE-4983-90A2-3019EB651E9C} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {950B625B-B649-4040-87E5-1368141E20AC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4075898193-2291822166-3250366710-1001Core => C:\Users\Emel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-28] (Facebook Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D2CCCAFC-0D15-4EE3-BDF8-8103FF0C79A3} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-01] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F0F266B6-79F9-4B31-BA57-96688B93C003} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-09-23] (AsusTek)
Task: {FB0E010C-AC7A-4F16-BEE9-84557784A206} - System32\Tasks\AVG-Secure-Search-Update_0414c_rel => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2014-04-25] ()
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4075898193-2291822166-3250366710-1001Core.job => C:\Users\Emel\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4075898193-2291822166-3250366710-1001UA.job => C:\Users\Emel\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-04-08 14:32 - 2013-12-19 23:33 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-11-27 13:27 - 2013-12-19 21:53 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-04-16 13:20 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-08-24 18:26 - 2012-08-24 18:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-04-25 11:16 - 2014-04-25 11:16 - 02725912 _____ () C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
2014-07-25 15:53 - 2014-06-26 01:32 - 01300768 _____ () C:\Program Files\Yandex\YandexDisk\bin\YandexDiskOverlays-2398.dll
2014-07-25 16:22 - 2014-07-25 16:22 - 00436576 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2014-07-25 16:22 - 2014-07-25 16:22 - 00318304 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2013-11-28 16:06 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-06-17 09:10 - 2014-06-17 09:10 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2013-04-08 14:32 - 2013-12-19 23:33 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-08-26 09:16 - 2014-08-26 09:19 - 01032352 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll
2014-09-12 20:40 - 2014-08-28 00:06 - 00923424 _____ () C:\Users\Emel\AppData\Roaming\Yandex\YandexDisk\wow64\YandexDiskShellExt-4602.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "CardOS API.lnk"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "AKISYukle"
HKLM\...\StartupApproved\Run32: => "Net iD"
HKCU\...\StartupApproved\Run: => "uTorrent"
HKCU\...\StartupApproved\Run: => "Facebook Update"
HKCU\...\StartupApproved\Run: => "AkisSIL.exe"
HKCU\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_DCBD1231C63BF0E76FC0BA0227F92F49"
HKCU\...\StartupApproved\Run: => "DAEMON Tools Lite"

==================== Faulty Device Manager Devices =============

Name: HP LaserJet Professional M1212nf MFP
Description: HP LaserJet Professional M1212nf MFP
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP LaserJet 200 colorMFP M276nw
Description: HP LaserJet 200 colorMFP M276nw
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP LaserJet Pro MFP M127fw
Description: HP LaserJet Pro MFP M127fw
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-09-22 10:06:05.981
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3537U CPU @ 2.00GHz
Percentage of memory in use: 20%
Total physical RAM: 8077.68 MB
Available physical RAM: 6403.36 MB
Total Pagefile: 10253.68 MB
Available Pagefile: 8552.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:292.63 GB) (Free:213.72 GB) NTFS
Drive d: (Yeni Birim) (Fixed) (Total:638.54 GB) (Free:558.69 GB) NTFS
Drive g: () (Removable) (Total:3.71 GB) (Free:3.71 GB) FAT32
Drive l: () (Network) (Total:443.18 GB) (Free:85.43 GB) NTFS
Drive z: () (Network) (Total:1862.98 GB) (Free:1839.88 GB)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2BFB4DC8)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=292.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=638.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    990 bytes · Views: 1
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-09-2014
Ran by Emel at 2014-09-25 09:13:15 Run:1
Running from C:\Users\Emel\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 mdareDriver_43; \??\C:\Program Files (x86)\Fortinet\FortiClient\mdare64_43.sys [X]
C:\Users\Emel\3Dsubtitler.exe
C:\Users\Emel\AppData\Local\temp\avgnt.exe
C:\Users\Emel\AppData\Local\temp\pkcs11wrapper.dll
C:\Users\Emel\AppData\Local\temp\pkcs11wrapper_x32_131.dll
C:\Users\Emel\AppData\Local\temp\pkcs11wrapper_x32_17.dll
C:\Users\Emel\AppData\Local\temp\pkcs11wrapper_x32_192.dll
C:\Users\Emel\AppData\Local\temp\pkcs11wrapper_x32_22.dll
C:\Users\Emel\AppData\Local\temp\pkcs11wrapper_x32_24.dll
C:\Users\Emel\AppData\Local\temp\Quarantine.exe


*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp" => Key deleted successfully.
Nero BackItUp Scheduler 4.0 => Service deleted successfully.
vToolbarUpdater18.1.9 => Service deleted successfully.
catchme => Service deleted successfully.
MBAMSwissArmy => Service deleted successfully.
mdareDriver_43 => Service deleted successfully.
C:\Users\Emel\3Dsubtitler.exe => Moved successfully.
C:\Users\Emel\AppData\Local\temp\avgnt.exe => Moved successfully.
C:\Users\Emel\AppData\Local\temp\pkcs11wrapper.dll => Moved successfully.
C:\Users\Emel\AppData\Local\temp\pkcs11wrapper_x32_131.dll => Moved successfully.
C:\Users\Emel\AppData\Local\temp\pkcs11wrapper_x32_17.dll => Moved successfully.
C:\Users\Emel\AppData\Local\temp\pkcs11wrapper_x32_192.dll => Moved successfully.
C:\Users\Emel\AppData\Local\temp\pkcs11wrapper_x32_22.dll => Moved successfully.
C:\Users\Emel\AppData\Local\temp\pkcs11wrapper_x32_24.dll => Moved successfully.
C:\Users\Emel\AppData\Local\temp\Quarantine.exe => Moved successfully.

==== End of Fixlog ====
 
How is computer doing?

Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Internet Explorer users - Click on this link to open ESET OnlineScan.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on ESET Smart Installer to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the http://www.bleepstatic.com/fhost/uploads/0/esetsmartinstaller_enu.png][/url] icon on your desktop.
      [/LIST]
      [*]Check [I]"YES, I accept the Terms of Use."[/I]
      [*]Click the [b]Start[/b] button.
      [*]Accept any security warnings from your browser.[/*]
      [*]Check [I]"Enable detection of potentially unwanted applications"[/I].
      [*]Click [I]Advanced settings[/I] and make sure all 4 boxes are checkmarked (two of them are already checkmarked by default).
      Do NOT checkmark [I]"Use custom proxy settings"[/I]
      [*]Click the [b]Start[/b] button.
      [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      [*]When the scan completes, click [b]List Threats[/b][/*]
      [*]Click [b]Export[/b], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      [*]Click the [b]Back[/b] button.
      [*]Click the [b]Finish[/b] button.
      [/LIST]
 
Results of screen317's Security Check version 0.99.87
x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
Avira Desktop
Windows Defender
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java 7 Update 51
Java version out of Date!
Adobe Reader XI
Google Chrome 37.0.2062.120
Google Chrome 37.0.2062.124
Google Chrome Plugins...
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````


Farbar Service Scanner Version: 21-07-2014
Ran by Emel (administrator) on 26-09-2014 at 18:21:40
Running from "C:\Users\Emel\Downloads"
Microsoft Windows 8 Pro (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

I couldnt get the ESETScan file, the others are posted above.
Thank you,
 
I couldnt get the ESETScan file
Nothing found or....?

Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

Note 3: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.
 
This topic is marked as abandoned and closed due to inactivity.

This member will NOT be eligible to receive any more help in malware removal forum.
 
Status
Not open for further replies.
Back