Yeni Kayıt
Konudaki Resimler
|
Hızlı 
Bildirim
ComboFix Raporunu İnceler misiniz ?
Sıcak Fırsatlarda Tıklananlar
Editörün Seçtiği Fırsatlar
Bad Bear T-SHIRT Tişört Erkek : Amazon.com.tr: Moda
https://www.amazon.com.tr/dp/B0CYYMBMV5
20 sa. önce paylaşıldı
Daha Fazla 
Bu Konudaki Kullanıcılar:
Daha Az 
2 Misafir - 2 Masaüstü
Giriş
Mesaj
-
-
Ss ?
< Bu ileti mini sürüm kullanılarak atıldı > -
quote:
Orijinalden alıntı: captureThecrown
Ss ?
Pardon hocam ya şaşkınlık işte
ComboFix 13-11-19.01 - SERKAN 21.11.2013 19:23:02.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1254.90.1055.18.4044.2189 [GMT 2:00]
Running from: c:\users\SERKAN\Desktop\ComboFix.exe
AV: AVG AntiVirus 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\FlashPlayerApp.exe
.
---- Previous Run -------
.
C:\END
c:\program files (x86)\WolfTeam_Turkiye_20120628_Ver337.exe
c:\programdata\BeraoywsE2save\5142e6ac1e8f7.tlb
c:\programdata\BeraoywsE2save\settings.ini
c:\programdata\BetterSoft\OptimizerPro\3036567561.dll
c:\programdata\BetterSoft\OptimizerPro\3036567561.ini
c:\programdata\BetterSoft\OptimizerPro\OptimizerPro.exe
c:\programdata\BrooWse2seave\512fd3ce1e196.tlb
c:\programdata\BrooWse2seave\data\BrooWse2seave.dat
c:\programdata\BrooWse2seave\settings.ini
c:\programdata\coinutinuueytoosaave\5194761f0ea73.dll
c:\programdata\coinutinuueytoosaave\5194761f0ea73.tlb
c:\programdata\coinutinuueytoosaave\data\coinutinuueytoosaave.dat
c:\programdata\coinutinuueytoosaave\settings.ini
c:\programdata\coinutinuueytoosaave\uninstall.exe
c:\programdata\csrss.exe
c:\programdata\lsm.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\coinutinuueytoosaave\coinutinuueytoosaave.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\coinutinuueytoosaave\Uninstall.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SearchNewTab\SearchNewTab.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SearchNewTab\Uninstall.lnk
c:\programdata\ntuser.dat
c:\programdata\SearchNewTab\51947683c0f30.dll
c:\programdata\SearchNewTab\51947683c0f30.tlb
c:\programdata\SearchNewTab\data\SearchNewTab.dat
c:\programdata\SearchNewTab\settings.ini
c:\programdata\SearchNewTab\uninstall.exe
c:\programdata\svchost.exe
c:\users\SEKO\AppData\Local\EoRezo\eorezo\1.10\eorezo.cyl
c:\users\SEKO\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\SEKO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\22find.lnk
c:\users\SEKO\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\a_ka@yuy-fsax.net\bootstrap.js
c:\users\SEKO\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\a_ka@yuy-fsax.net\chrome.manifest
c:\users\SEKO\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\a_ka@yuy-fsax.net\content\bg.js
c:\users\SEKO\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\a_ka@yuy-fsax.net\install.rdf
c:\users\SEKO\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\iuoalzeatu@eayyydyiu.edu\bootstrap.js
c:\users\SEKO\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\iuoalzeatu@eayyydyiu.edu\chrome.manifest
c:\users\SEKO\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\iuoalzeatu@eayyydyiu.edu\content\bg.js
c:\users\SEKO\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\iuoalzeatu@eayyydyiu.edu\content\zy.xul
c:\users\SEKO\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\iuoalzeatu@eayyydyiu.edu\install.rdf
c:\users\SEKO\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\mzznuzk3_t@dha-qiiiy.org\bootstrap.js
c:\users\SEKO\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\mzznuzk3_t@dha-qiiiy.org\chrome.manifest
c:\users\SEKO\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\mzznuzk3_t@dha-qiiiy.org\content\bg.js
c:\users\SEKO\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\mzznuzk3_t@dha-qiiiy.org\install.rdf
c:\windows\SysWow64\frapsvid.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((((( Files Created from 2013-10-21 to 2013-11-21 )))))))))))))))))))))))))))))))
.
.
2013-11-21 17:36 . 2013-11-21 17:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-21 14:39 . 2013-11-21 14:39 -------- d-----w- C:\found.000
2013-11-18 20:05 . 2013-11-21 17:08 -------- d-----w- c:\program files (x86)\Internet Download Manager
2013-11-18 19:41 . 2013-11-21 17:08 -------- d-----w- c:\program files\Paint.NET
2013-11-18 19:08 . 2013-11-18 19:08 -------- d-----w- c:\program files\Microsoft Silverlight
2013-11-18 19:08 . 2013-11-18 19:08 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-11-18 17:55 . 2013-11-18 17:55 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-11-17 13:11 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-17 13:11 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-17 13:11 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-17 13:11 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-17 13:11 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-17 13:11 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-17 13:11 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-17 12:58 . 2013-11-17 12:59 -------- d-----w- c:\program files (x86)\LibreOffice 4
2013-11-17 12:57 . 2013-11-17 12:57 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2013-11-17 12:56 . 2013-11-17 12:56 -------- d-----w- c:\windows\PCHEALTH
2013-11-17 12:18 . 2013-11-21 17:35 -------- d-----w- c:\programdata\Microsoft Help
2013-11-17 11:45 . 2013-11-17 11:45 -------- d-----w- c:\program files (x86)\Mp3tag
2013-11-16 18:45 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-11-02 09:35 . 2013-11-02 09:35 -------- d-----w- c:\program files (x86)\BurnAware Free
2013-11-02 09:33 . 2013-11-02 09:33 -------- d-----w- c:\program files (x86)\PANDORA.TV
2013-11-02 09:26 . 2013-11-16 20:39 57096 ----a-w- c:\windows\system32\certsentry.dll
2013-11-02 09:26 . 2013-11-16 20:39 48392 ----a-w- c:\windows\SysWow64\certsentry.dll
2013-11-02 09:25 . 2013-11-16 20:39 -------- d-----w- c:\program files (x86)\Comodo
2013-11-02 09:25 . 2013-11-02 09:25 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-11-02 09:25 . 2013-11-02 09:25 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2013-11-02 09:25 . 2013-11-02 09:25 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2013-11-02 09:17 . 2013-11-02 09:17 -------- d-----w- c:\programdata\IDM
2013-11-01 15:08 . 2013-10-15 23:20 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{49668A7B-F673-43DB-AB5F-DC4F0877F355}\mpengine.dll
2013-10-31 18:06 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-10-31 18:06 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-10-31 08:14 . 2012-07-26 05:39 2560 ----a-w- c:\windows\system32\drivers\tr-TR\wdf01000.sys.mui
2013-10-31 07:58 . 2013-10-31 07:58 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-31 07:23 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-10-31 07:23 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-10-31 07:23 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-10-31 07:23 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-10-31 07:23 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-10-31 07:23 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-10-31 07:23 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-10-31 07:13 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-10-31 07:13 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-10-31 07:13 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2013-10-31 07:13 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-10-31 07:13 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2013-10-30 18:29 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
2013-10-30 18:29 . 2013-07-04 11:50 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2013-10-30 18:28 . 2013-10-30 18:28 -------- d-----w- c:\program files\CCleaner
2013-10-30 18:24 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-10-30 18:24 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-10-30 18:24 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-10-30 18:24 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-10-30 18:24 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-10-30 18:24 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll
2013-10-30 18:24 . 2013-07-19 01:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-10-30 18:21 . 2013-10-30 18:24 -------- d-----w- c:\program files\WinRAR
2013-10-30 18:17 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-10-30 18:17 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-10-30 18:17 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-10-30 18:17 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2013-10-30 18:17 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2013-10-30 18:17 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2013-10-30 18:17 . 2013-06-25 22:55 785624 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-10-30 18:17 . 2012-11-28 22:56 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-10-30 18:17 . 2012-11-28 22:56 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-10-30 18:17 . 2013-07-09 05:51 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-10-30 18:17 . 2013-07-09 04:52 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-10-30 18:17 . 2013-07-12 10:41 185344 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2013-10-30 18:17 . 2013-07-12 10:41 100864 ----a-w- c:\windows\system32\drivers\usbcir.sys
2013-10-30 18:11 . 2013-07-03 04:05 76800 ----a-w- c:\windows\system32\drivers\hidclass.sys
2013-10-30 18:11 . 2013-07-03 04:05 32896 ----a-w- c:\windows\system32\drivers\hidparse.sys
2013-10-30 18:11 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2013-10-30 17:54 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-10-30 17:54 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-10-30 17:54 . 2013-07-04 12:57 259584 ----a-w- c:\windows\system32\WebClnt.dll
2013-10-30 17:54 . 2013-07-04 12:50 102400 ----a-w- c:\windows\system32\davclnt.dll
2013-10-30 17:54 . 2013-07-04 11:57 205824 ----a-w- c:\windows\SysWow64\WebClnt.dll
2013-10-30 17:54 . 2013-07-04 11:51 81920 ----a-w- c:\windows\SysWow64\davclnt.dll
2013-10-30 17:54 . 2013-07-04 10:11 140800 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2013-10-30 17:54 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2013-10-30 17:54 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2013-10-30 17:53 . 2013-10-30 17:59 -------- d-----w- c:\program files (x86)\Google
2013-10-30 17:53 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2013-10-30 09:24 . 2013-10-30 09:25 -------- d-----w- c:\program files\Unlocker
2013-10-30 09:23 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2013-10-30 09:23 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2013-10-30 09:23 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2013-10-30 09:23 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2013-10-30 09:23 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2013-10-30 09:23 . 2012-11-30 05:45 362496 ----a-w- c:\windows\system32\wow64win.dll
2013-10-30 09:23 . 2012-11-30 05:45 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2013-10-30 09:23 . 2012-11-30 05:43 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2013-10-30 09:21 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2013-10-30 09:19 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2013-10-30 09:19 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2013-10-30 09:19 . 2013-07-26 02:24 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-10-30 09:19 . 2013-07-26 02:24 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-10-30 09:04 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-10-30 09:04 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2013-10-30 09:04 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2013-10-30 09:04 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-10-30 09:04 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-10-30 09:04 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-10-30 09:04 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-10-30 09:04 . 2013-10-30 09:05 -------- d-----w- c:\programdata\AVG2014
2013-10-30 09:04 . 2013-10-30 09:04 -------- d-----w- C:\$AVG
2013-10-30 09:03 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2013-10-30 09:03 . 2013-08-01 12:09 983488 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-10-30 09:03 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-10-30 09:03 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-10-30 09:00 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
2013-10-30 09:00 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2013-10-30 09:00 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2013-10-30 08:38 . 2013-11-21 17:15 -------- d-----w- c:\programdata\MFAData
2013-10-30 08:38 . 2013-10-30 08:38 -------- d--h--w- c:\programdata\Common Files
2013-10-30 08:27 . 2013-10-30 17:48 -------- d-----w- c:\programdata\Norton
2013-10-29 21:58 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2013-10-29 21:58 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2013-10-29 21:58 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2013-10-29 21:53 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2013-10-29 21:53 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2013-10-29 21:53 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2013-10-29 21:53 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2013-10-29 21:52 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-02 09:51 . 2012-03-02 08:11 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-29 21:52 . 2011-03-28 16:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-09-25 19:07 . 2013-09-25 19:07 148792 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2013-09-08 20:11 . 2013-09-08 20:11 31544 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-09-03 12:35 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-09-02 08:59 . 2013-09-02 08:59 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-09-02 08:29 . 2013-09-02 08:29 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-09-02 08:26 . 2013-09-02 08:26 192824 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-09-02 08:26 . 2013-09-02 08:26 241464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-08-29 01:48 . 2013-10-30 09:24 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"WSED"="c:\program files (x86)\WSED\WSED.exe" [2010-12-02 320880]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-10-07 4908592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-10-22 1133856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.SYS;c:\windows\SYSNATIVE\drivers\EMSC.SYS [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 IntcDAud;Intel(R) Ekran İçin Ses;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-16 21:58 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-30 17:53]
.
2013-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-30 17:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-19 11490408]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp:\\www.grundig.com.tr
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Görüntüyü &Bluetooth Aygıtına Gönder... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Microsoft Excel'e &Ver - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: OneNote'a G&önder - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Sayfayı &Bluetooth Aygıtına Gönder... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-906184863-769582029-3009099056-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):e5,50,af,5f,14,2d,ac,b3,4a,9f,4f,85,1c,e3,f3,c9,b3,1f,d8,ad,47,
13,b7,a9,8f,bf,7c,65,32,4c,55,16,cb,67,d4,57,88,47,c7,47,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-906184863-769582029-3009099056-1001_Classes\Wow6432Node\CLSID\{7c29ffa4-cbf7-4e87-b4c9-282915e33be3}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000140
"Therad"=dword:00000010
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]
"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-21 19:41:26
ComboFix-quarantined-files.txt 2013-11-21 17:41
.
Pre-Run: 123.742.597.120 bayt boş
Post-Run: 123.348.471.808 bayt boş
.
- - End Of File - - 22B10F773C84B89AAA3D84B3391F120F
-
quote:
Orijinalden alıntı: Beşiktaş
quote:
Orijinalden alıntı: captureThecrown
Ss ?
Pardon hocam ya şaşkınlık işte
ComboFix 13-11-19.01 - SERKAN 21.11.2013 19:23:02.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1254.90.1055.18.4044.2189 [GMT 2:00]
Running from: c:\users\SERKAN\Desktop\ComboFix.exe
AV: AVG AntiVirus 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\FlashPlayerApp.exe
.
---- Previous Run -------
.
C:\END
c:\program files (x86)\WolfTeam_Turkiye_20120628_Ver337.exe
c:\programdata\BeraoywsE2save\5142e6ac1e8f7.tlb
c:\programdata\BeraoywsE2save\settings.ini
c:\programdata\BetterSoft\OptimizerPro\3036567561.dll
c:\programdata\BetterSoft\OptimizerPro\3036567561.ini
c:\programdata\BetterSoft\OptimizerPro\OptimizerPro.exe
c:\programdata\BrooWse2seave\512fd3ce1e196.tlb
c:\programdata\BrooWse2seave\data\BrooWse2seave.dat
c:\programdata\BrooWse2seave\settings.ini
c:\programdata\coinutinuueytoosaave\5194761f0ea73.dll
c:\programdata\coinutinuueytoosaave\5194761f0ea73.tlb
c:\programdata\coinutinuueytoosaave\data\coinutinuueytoosaave.dat
c:\programdata\coinutinuueytoosaave\settings.ini
c:\programdata\coinutinuueytoosaave\uninstall.exe
c:\programdata\csrss.exe
c:\programdata\lsm.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\coinutinuueytoosaave\coinutinuueytoosaave.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\coinutinuueytoosaave\Uninstall.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SearchNewTab\SearchNewTab.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SearchNewTab\Uninstall.lnk
c:\programdata\ntuser.dat
c:\programdata\SearchNewTab\51947683c0f30.dll
c:\programdata\SearchNewTab\51947683c0f30.tlb
c:\programdata\SearchNewTab\data\SearchNewTab.dat
c:\programdata\SearchNewTab\settings.ini
c:\programdata\SearchNewTab\uninstall.exe
c:\programdata\svchost.exe
c:\users\SEKO\AppData\Local\EoRezo\eorezo\1.10\eorezo.cyl
c:\users\SEKO\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\SEKO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\22find.lnk
c:\users\SEKO\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\a_ka@yuy-fsax.net\bootstrap.js
c:\users\SEKO\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\a_ka@yuy-fsax.net\chrome.manifest
c:\users\SEKO\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\a_ka@yuy-fsax.net\content\bg.js
c:\users\SEKO\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\a_ka@yuy-fsax.net\install.rdf
c:\users\SEKO\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\iuoalzeatu@eayyydyiu.edu\bootstrap.js
c:\users\SEKO\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\iuoalzeatu@eayyydyiu.edu\chrome.manifest
c:\users\SEKO\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\iuoalzeatu@eayyydyiu.edu\content\bg.js
c:\users\SEKO\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\iuoalzeatu@eayyydyiu.edu\content\zy.xul
c:\users\SEKO\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\iuoalzeatu@eayyydyiu.edu\install.rdf
c:\users\SEKO\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\mzznuzk3_t@dha-qiiiy.org\bootstrap.js
c:\users\SEKO\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\mzznuzk3_t@dha-qiiiy.org\chrome.manifest
c:\users\SEKO\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\mzznuzk3_t@dha-qiiiy.org\content\bg.js
c:\users\SEKO\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\mzznuzk3_t@dha-qiiiy.org\install.rdf
c:\windows\SysWow64\frapsvid.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((((( Files Created from 2013-10-21 to 2013-11-21 )))))))))))))))))))))))))))))))
.
.
2013-11-21 17:36 . 2013-11-21 17:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-21 14:39 . 2013-11-21 14:39 -------- d-----w- C:\found.000
2013-11-18 20:05 . 2013-11-21 17:08 -------- d-----w- c:\program files (x86)\Internet Download Manager
2013-11-18 19:41 . 2013-11-21 17:08 -------- d-----w- c:\program files\Paint.NET
2013-11-18 19:08 . 2013-11-18 19:08 -------- d-----w- c:\program files\Microsoft Silverlight
2013-11-18 19:08 . 2013-11-18 19:08 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-11-18 17:55 . 2013-11-18 17:55 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-11-17 13:11 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-17 13:11 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-17 13:11 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-17 13:11 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-17 13:11 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-17 13:11 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-17 13:11 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-17 12:58 . 2013-11-17 12:59 -------- d-----w- c:\program files (x86)\LibreOffice 4
2013-11-17 12:57 . 2013-11-17 12:57 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2013-11-17 12:56 . 2013-11-17 12:56 -------- d-----w- c:\windows\PCHEALTH
2013-11-17 12:18 . 2013-11-21 17:35 -------- d-----w- c:\programdata\Microsoft Help
2013-11-17 11:45 . 2013-11-17 11:45 -------- d-----w- c:\program files (x86)\Mp3tag
2013-11-16 18:45 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-11-02 09:35 . 2013-11-02 09:35 -------- d-----w- c:\program files (x86)\BurnAware Free
2013-11-02 09:33 . 2013-11-02 09:33 -------- d-----w- c:\program files (x86)\PANDORA.TV
2013-11-02 09:26 . 2013-11-16 20:39 57096 ----a-w- c:\windows\system32\certsentry.dll
2013-11-02 09:26 . 2013-11-16 20:39 48392 ----a-w- c:\windows\SysWow64\certsentry.dll
2013-11-02 09:25 . 2013-11-16 20:39 -------- d-----w- c:\program files (x86)\Comodo
2013-11-02 09:25 . 2013-11-02 09:25 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-11-02 09:25 . 2013-11-02 09:25 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2013-11-02 09:25 . 2013-11-02 09:25 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2013-11-02 09:17 . 2013-11-02 09:17 -------- d-----w- c:\programdata\IDM
2013-11-01 15:08 . 2013-10-15 23:20 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{49668A7B-F673-43DB-AB5F-DC4F0877F355}\mpengine.dll
2013-10-31 18:06 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-10-31 18:06 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-10-31 08:14 . 2012-07-26 05:39 2560 ----a-w- c:\windows\system32\drivers\tr-TR\wdf01000.sys.mui
2013-10-31 07:58 . 2013-10-31 07:58 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-31 07:23 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-10-31 07:23 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-10-31 07:23 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-10-31 07:23 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-10-31 07:23 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-10-31 07:23 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-10-31 07:23 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-10-31 07:13 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-10-31 07:13 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-10-31 07:13 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2013-10-31 07:13 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-10-31 07:13 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2013-10-30 18:29 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
2013-10-30 18:29 . 2013-07-04 11:50 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2013-10-30 18:28 . 2013-10-30 18:28 -------- d-----w- c:\program files\CCleaner
2013-10-30 18:24 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-10-30 18:24 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-10-30 18:24 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-10-30 18:24 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-10-30 18:24 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-10-30 18:24 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll
2013-10-30 18:24 . 2013-07-19 01:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-10-30 18:21 . 2013-10-30 18:24 -------- d-----w- c:\program files\WinRAR
2013-10-30 18:17 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-10-30 18:17 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-10-30 18:17 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-10-30 18:17 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2013-10-30 18:17 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2013-10-30 18:17 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2013-10-30 18:17 . 2013-06-25 22:55 785624 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-10-30 18:17 . 2012-11-28 22:56 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-10-30 18:17 . 2012-11-28 22:56 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-10-30 18:17 . 2013-07-09 05:51 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-10-30 18:17 . 2013-07-09 04:52 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-10-30 18:17 . 2013-07-12 10:41 185344 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2013-10-30 18:17 . 2013-07-12 10:41 100864 ----a-w- c:\windows\system32\drivers\usbcir.sys
2013-10-30 18:11 . 2013-07-03 04:05 76800 ----a-w- c:\windows\system32\drivers\hidclass.sys
2013-10-30 18:11 . 2013-07-03 04:05 32896 ----a-w- c:\windows\system32\drivers\hidparse.sys
2013-10-30 18:11 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2013-10-30 17:54 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-10-30 17:54 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-10-30 17:54 . 2013-07-04 12:57 259584 ----a-w- c:\windows\system32\WebClnt.dll
2013-10-30 17:54 . 2013-07-04 12:50 102400 ----a-w- c:\windows\system32\davclnt.dll
2013-10-30 17:54 . 2013-07-04 11:57 205824 ----a-w- c:\windows\SysWow64\WebClnt.dll
2013-10-30 17:54 . 2013-07-04 11:51 81920 ----a-w- c:\windows\SysWow64\davclnt.dll
2013-10-30 17:54 . 2013-07-04 10:11 140800 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2013-10-30 17:54 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2013-10-30 17:54 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2013-10-30 17:53 . 2013-10-30 17:59 -------- d-----w- c:\program files (x86)\Google
2013-10-30 17:53 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2013-10-30 09:24 . 2013-10-30 09:25 -------- d-----w- c:\program files\Unlocker
2013-10-30 09:23 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2013-10-30 09:23 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2013-10-30 09:23 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2013-10-30 09:23 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2013-10-30 09:23 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2013-10-30 09:23 . 2012-11-30 05:45 362496 ----a-w- c:\windows\system32\wow64win.dll
2013-10-30 09:23 . 2012-11-30 05:45 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2013-10-30 09:23 . 2012-11-30 05:43 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2013-10-30 09:21 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2013-10-30 09:19 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2013-10-30 09:19 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2013-10-30 09:19 . 2013-07-26 02:24 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-10-30 09:19 . 2013-07-26 02:24 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-10-30 09:04 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-10-30 09:04 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2013-10-30 09:04 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2013-10-30 09:04 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-10-30 09:04 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-10-30 09:04 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-10-30 09:04 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-10-30 09:04 . 2013-10-30 09:05 -------- d-----w- c:\programdata\AVG2014
2013-10-30 09:04 . 2013-10-30 09:04 -------- d-----w- C:\$AVG
2013-10-30 09:03 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2013-10-30 09:03 . 2013-08-01 12:09 983488 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-10-30 09:03 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-10-30 09:03 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-10-30 09:00 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
2013-10-30 09:00 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2013-10-30 09:00 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2013-10-30 08:38 . 2013-11-21 17:15 -------- d-----w- c:\programdata\MFAData
2013-10-30 08:38 . 2013-10-30 08:38 -------- d--h--w- c:\programdata\Common Files
2013-10-30 08:27 . 2013-10-30 17:48 -------- d-----w- c:\programdata\Norton
2013-10-29 21:58 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2013-10-29 21:58 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2013-10-29 21:58 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2013-10-29 21:53 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2013-10-29 21:53 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2013-10-29 21:53 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2013-10-29 21:53 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2013-10-29 21:52 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-02 09:51 . 2012-03-02 08:11 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-29 21:52 . 2011-03-28 16:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-09-25 19:07 . 2013-09-25 19:07 148792 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2013-09-08 20:11 . 2013-09-08 20:11 31544 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-09-03 12:35 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-09-02 08:59 . 2013-09-02 08:59 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-09-02 08:29 . 2013-09-02 08:29 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-09-02 08:26 . 2013-09-02 08:26 192824 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-09-02 08:26 . 2013-09-02 08:26 241464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-08-29 01:48 . 2013-10-30 09:24 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"WSED"="c:\program files (x86)\WSED\WSED.exe" [2010-12-02 320880]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-10-07 4908592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-10-22 1133856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.SYS;c:\windows\SYSNATIVE\drivers\EMSC.SYS [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 IntcDAud;Intel(R) Ekran İçin Ses;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-16 21:58 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-30 17:53]
.
2013-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-30 17:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-19 11490408]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp:\\www.grundig.com.tr
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Görüntüyü &Bluetooth Aygıtına Gönder... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Microsoft Excel'e &Ver - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: OneNote'a G&önder - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Sayfayı &Bluetooth Aygıtına Gönder... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-906184863-769582029-3009099056-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):e5,50,af,5f,14,2d,ac,b3,4a,9f,4f,85,1c,e3,f3,c9,b3,1f,d8,ad,47,
13,b7,a9,8f,bf,7c,65,32,4c,55,16,cb,67,d4,57,88,47,c7,47,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-906184863-769582029-3009099056-1001_Classes\Wow6432Node\CLSID\{7c29ffa4-cbf7-4e87-b4c9-282915e33be3}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000140
"Therad"=dword:00000010
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]
"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-21 19:41:26
ComboFix-quarantined-files.txt 2013-11-21 17:41
.
Pre-Run: 123.742.597.120 bayt boş
Post-Run: 123.348.471.808 bayt boş
.
- - End Of File - - 22B10F773C84B89AAA3D84B3391F120F
Umarım ComboFix çalıştırırken vrüs proğramlarını ve güvenlik duvarını kapatmıştırsınız??
Chrome, İE ve Firefox'a başlangıç sayfasını değiştiren 22 find bulaşmış, NET Framework ve driverlerini güncellemeni öneririm, ve svchost.exe'de bir sorun var gibi ama belirsiz (kontrol için görev yöneticisi'ni aç karşısında SYSTEM haricinde bi ad yazıyorsa kuşkulan, ) Alttaki dosyalar yani driverleri düzenlenmiş gözüküyor.
C:/ içinde oluşan Qoobox klasörünü sil (klasörün içinden temizlenen/karantinaya alınan quarantina klasörünü de inceleyebilirsin)
Benim anladıklarım bu kadar..
-
quote:
Orijinalden alıntı: CEM0KA
quote:
Orijinalden alıntı: Beşiktaş
quote:
Orijinalden alıntı: captureThecrown
Ss ?
Pardon hocam ya şaşkınlık işte
ComboFix 13-11-19.01 - SERKAN 21.11.2013 19:23:02.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1254.90.1055.18.4044.2189 [GMT 2:00]
Running from: c:\users\SERKAN\Desktop\ComboFix.exe
AV: AVG AntiVirus 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\FlashPlayerApp.exe
.
---- Previous Run -------
.
C:\END
c:\program files (x86)\WolfTeam_Turkiye_20120628_Ver337.exe
c:\programdata\BeraoywsE2save\5142e6ac1e8f7.tlb
c:\programdata\BeraoywsE2save\settings.ini
c:\programdata\BetterSoft\OptimizerPro\3036567561.dll
c:\programdata\BetterSoft\OptimizerPro\3036567561.ini
c:\programdata\BetterSoft\OptimizerPro\OptimizerPro.exe
c:\programdata\BrooWse2seave\512fd3ce1e196.tlb
c:\programdata\BrooWse2seave\data\BrooWse2seave.dat
c:\programdata\BrooWse2seave\settings.ini
c:\programdata\coinutinuueytoosaave\5194761f0ea73.dll
c:\programdata\coinutinuueytoosaave\5194761f0ea73.tlb
c:\programdata\coinutinuueytoosaave\data\coinutinuueytoosaave.dat
c:\programdata\coinutinuueytoosaave\settings.ini
c:\programdata\coinutinuueytoosaave\uninstall.exe
c:\programdata\csrss.exe
c:\programdata\lsm.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\coinutinuueytoosaave\coinutinuueytoosaave.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\coinutinuueytoosaave\Uninstall.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SearchNewTab\SearchNewTab.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SearchNewTab\Uninstall.lnk
c:\programdata\ntuser.dat
c:\programdata\SearchNewTab\51947683c0f30.dll
c:\programdata\SearchNewTab\51947683c0f30.tlb
c:\programdata\SearchNewTab\data\SearchNewTab.dat
c:\programdata\SearchNewTab\settings.ini
c:\programdata\SearchNewTab\uninstall.exe
c:\programdata\svchost.exe
c:\users\SEKO\AppData\Local\EoRezo\eorezo\1.10\eorezo.cyl
c:\users\SEKO\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\SEKO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\22find.lnk
c:\users\SEKO\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\a_ka@yuy-fsax.net\bootstrap.js
c:\users\SEKO\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\a_ka@yuy-fsax.net\chrome.manifest
c:\users\SEKO\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\a_ka@yuy-fsax.net\content\bg.js
c:\users\SEKO\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\a_ka@yuy-fsax.net\install.rdf
c:\users\SEKO\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\iuoalzeatu@eayyydyiu.edu\bootstrap.js
c:\users\SEKO\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\iuoalzeatu@eayyydyiu.edu\chrome.manifest
c:\users\SEKO\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\iuoalzeatu@eayyydyiu.edu\content\bg.js
c:\users\SEKO\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\iuoalzeatu@eayyydyiu.edu\content\zy.xul
c:\users\SEKO\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\iuoalzeatu@eayyydyiu.edu\install.rdf
c:\users\SEKO\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\mzznuzk3_t@dha-qiiiy.org\bootstrap.js
c:\users\SEKO\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\mzznuzk3_t@dha-qiiiy.org\chrome.manifest
c:\users\SEKO\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\mzznuzk3_t@dha-qiiiy.org\content\bg.js
c:\users\SEKO\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\mzznuzk3_t@dha-qiiiy.org\install.rdf
c:\windows\SysWow64\frapsvid.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((((( Files Created from 2013-10-21 to 2013-11-21 )))))))))))))))))))))))))))))))
.
.
2013-11-21 17:36 . 2013-11-21 17:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-21 14:39 . 2013-11-21 14:39 -------- d-----w- C:\found.000
2013-11-18 20:05 . 2013-11-21 17:08 -------- d-----w- c:\program files (x86)\Internet Download Manager
2013-11-18 19:41 . 2013-11-21 17:08 -------- d-----w- c:\program files\Paint.NET
2013-11-18 19:08 . 2013-11-18 19:08 -------- d-----w- c:\program files\Microsoft Silverlight
2013-11-18 19:08 . 2013-11-18 19:08 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-11-18 17:55 . 2013-11-18 17:55 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-11-17 13:11 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-17 13:11 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-17 13:11 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-17 13:11 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-17 13:11 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-17 13:11 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-17 13:11 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-17 12:58 . 2013-11-17 12:59 -------- d-----w- c:\program files (x86)\LibreOffice 4
2013-11-17 12:57 . 2013-11-17 12:57 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2013-11-17 12:56 . 2013-11-17 12:56 -------- d-----w- c:\windows\PCHEALTH
2013-11-17 12:18 . 2013-11-21 17:35 -------- d-----w- c:\programdata\Microsoft Help
2013-11-17 11:45 . 2013-11-17 11:45 -------- d-----w- c:\program files (x86)\Mp3tag
2013-11-16 18:45 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-11-02 09:35 . 2013-11-02 09:35 -------- d-----w- c:\program files (x86)\BurnAware Free
2013-11-02 09:33 . 2013-11-02 09:33 -------- d-----w- c:\program files (x86)\PANDORA.TV
2013-11-02 09:26 . 2013-11-16 20:39 57096 ----a-w- c:\windows\system32\certsentry.dll
2013-11-02 09:26 . 2013-11-16 20:39 48392 ----a-w- c:\windows\SysWow64\certsentry.dll
2013-11-02 09:25 . 2013-11-16 20:39 -------- d-----w- c:\program files (x86)\Comodo
2013-11-02 09:25 . 2013-11-02 09:25 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-11-02 09:25 . 2013-11-02 09:25 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2013-11-02 09:25 . 2013-11-02 09:25 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2013-11-02 09:17 . 2013-11-02 09:17 -------- d-----w- c:\programdata\IDM
2013-11-01 15:08 . 2013-10-15 23:20 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{49668A7B-F673-43DB-AB5F-DC4F0877F355}\mpengine.dll
2013-10-31 18:06 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-10-31 18:06 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-10-31 08:14 . 2012-07-26 05:39 2560 ----a-w- c:\windows\system32\drivers\tr-TR\wdf01000.sys.mui
2013-10-31 07:58 . 2013-10-31 07:58 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-31 07:23 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-10-31 07:23 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-10-31 07:23 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-10-31 07:23 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-10-31 07:23 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-10-31 07:23 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-10-31 07:23 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-10-31 07:13 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-10-31 07:13 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-10-31 07:13 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2013-10-31 07:13 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-10-31 07:13 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2013-10-30 18:29 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
2013-10-30 18:29 . 2013-07-04 11:50 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2013-10-30 18:28 . 2013-10-30 18:28 -------- d-----w- c:\program files\CCleaner
2013-10-30 18:24 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-10-30 18:24 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-10-30 18:24 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-10-30 18:24 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-10-30 18:24 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-10-30 18:24 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll
2013-10-30 18:24 . 2013-07-19 01:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-10-30 18:21 . 2013-10-30 18:24 -------- d-----w- c:\program files\WinRAR
2013-10-30 18:17 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-10-30 18:17 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-10-30 18:17 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-10-30 18:17 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2013-10-30 18:17 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2013-10-30 18:17 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2013-10-30 18:17 . 2013-06-25 22:55 785624 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-10-30 18:17 . 2012-11-28 22:56 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-10-30 18:17 . 2012-11-28 22:56 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-10-30 18:17 . 2013-07-09 05:51 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-10-30 18:17 . 2013-07-09 04:52 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-10-30 18:17 . 2013-07-12 10:41 185344 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2013-10-30 18:17 . 2013-07-12 10:41 100864 ----a-w- c:\windows\system32\drivers\usbcir.sys
2013-10-30 18:11 . 2013-07-03 04:05 76800 ----a-w- c:\windows\system32\drivers\hidclass.sys
2013-10-30 18:11 . 2013-07-03 04:05 32896 ----a-w- c:\windows\system32\drivers\hidparse.sys
2013-10-30 18:11 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2013-10-30 17:54 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-10-30 17:54 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-10-30 17:54 . 2013-07-04 12:57 259584 ----a-w- c:\windows\system32\WebClnt.dll
2013-10-30 17:54 . 2013-07-04 12:50 102400 ----a-w- c:\windows\system32\davclnt.dll
2013-10-30 17:54 . 2013-07-04 11:57 205824 ----a-w- c:\windows\SysWow64\WebClnt.dll
2013-10-30 17:54 . 2013-07-04 11:51 81920 ----a-w- c:\windows\SysWow64\davclnt.dll
2013-10-30 17:54 . 2013-07-04 10:11 140800 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2013-10-30 17:54 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2013-10-30 17:54 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2013-10-30 17:53 . 2013-10-30 17:59 -------- d-----w- c:\program files (x86)\Google
2013-10-30 17:53 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2013-10-30 09:24 . 2013-10-30 09:25 -------- d-----w- c:\program files\Unlocker
2013-10-30 09:23 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2013-10-30 09:23 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2013-10-30 09:23 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2013-10-30 09:23 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2013-10-30 09:23 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2013-10-30 09:23 . 2012-11-30 05:45 362496 ----a-w- c:\windows\system32\wow64win.dll
2013-10-30 09:23 . 2012-11-30 05:45 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2013-10-30 09:23 . 2012-11-30 05:43 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2013-10-30 09:21 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2013-10-30 09:19 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2013-10-30 09:19 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2013-10-30 09:19 . 2013-07-26 02:24 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-10-30 09:19 . 2013-07-26 02:24 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-10-30 09:04 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-10-30 09:04 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2013-10-30 09:04 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2013-10-30 09:04 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-10-30 09:04 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-10-30 09:04 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-10-30 09:04 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-10-30 09:04 . 2013-10-30 09:05 -------- d-----w- c:\programdata\AVG2014
2013-10-30 09:04 . 2013-10-30 09:04 -------- d-----w- C:\$AVG
2013-10-30 09:03 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2013-10-30 09:03 . 2013-08-01 12:09 983488 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-10-30 09:03 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-10-30 09:03 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-10-30 09:00 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
2013-10-30 09:00 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2013-10-30 09:00 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2013-10-30 08:38 . 2013-11-21 17:15 -------- d-----w- c:\programdata\MFAData
2013-10-30 08:38 . 2013-10-30 08:38 -------- d--h--w- c:\programdata\Common Files
2013-10-30 08:27 . 2013-10-30 17:48 -------- d-----w- c:\programdata\Norton
2013-10-29 21:58 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2013-10-29 21:58 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2013-10-29 21:58 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2013-10-29 21:53 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2013-10-29 21:53 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2013-10-29 21:53 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2013-10-29 21:53 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2013-10-29 21:52 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-02 09:51 . 2012-03-02 08:11 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-29 21:52 . 2011-03-28 16:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-09-25 19:07 . 2013-09-25 19:07 148792 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2013-09-08 20:11 . 2013-09-08 20:11 31544 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-09-03 12:35 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-09-02 08:59 . 2013-09-02 08:59 212280 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-09-02 08:29 . 2013-09-02 08:29 294712 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-09-02 08:26 . 2013-09-02 08:26 192824 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-09-02 08:26 . 2013-09-02 08:26 241464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-08-29 01:48 . 2013-10-30 09:24 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"WSED"="c:\program files (x86)\WSED\WSED.exe" [2010-12-02 320880]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-10-07 4908592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-10-22 1133856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.SYS;c:\windows\SYSNATIVE\drivers\EMSC.SYS [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 IntcDAud;Intel(R) Ekran İçin Ses;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-16 21:58 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-30 17:53]
.
2013-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-30 17:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-19 11490408]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp:\\www.grundig.com.tr
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Görüntüyü &Bluetooth Aygıtına Gönder... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Microsoft Excel'e &Ver - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: OneNote'a G&önder - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Sayfayı &Bluetooth Aygıtına Gönder... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-906184863-769582029-3009099056-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):e5,50,af,5f,14,2d,ac,b3,4a,9f,4f,85,1c,e3,f3,c9,b3,1f,d8,ad,47,
13,b7,a9,8f,bf,7c,65,32,4c,55,16,cb,67,d4,57,88,47,c7,47,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-906184863-769582029-3009099056-1001_Classes\Wow6432Node\CLSID\{7c29ffa4-cbf7-4e87-b4c9-282915e33be3}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000140
"Therad"=dword:00000010
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]
"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-21 19:41:26
ComboFix-quarantined-files.txt 2013-11-21 17:41
.
Pre-Run: 123.742.597.120 bayt boş
Post-Run: 123.348.471.808 bayt boş
.
- - End Of File - - 22B10F773C84B89AAA3D84B3391F120F
Umarım ComboFix çalıştırırken vrüs proğramlarını ve güvenlik duvarını kapatmıştırsınız??
Chrome, İE ve Firefox'a başlangıç sayfasını değiştiren 22 find bulaşmış, NET Framework ve driverlerini güncellemeni öneririm, ve svchost.exe'de bir sorun var gibi ama belirsiz (kontrol için görev yöneticisi'ni aç karşısında SYSTEM haricinde bi ad yazıyorsa kuşkulan, ) Alttaki dosyalar yani driverleri düzenlenmiş gözüküyor.
C:/ içinde oluşan Qoobox klasörünü sil (klasörün içinden temizlenen/karantinaya alınan quarantina klasörünü de inceleyebilirsin)
Benim anladıklarım bu kadar..
Ya ben sadece antivirüsü kapadım
Svchost bir sürü var bazılarında SYSTEM bazılarında NETWORK bazılarında Local S.. bişeyler yazıyo ??
Qoobox da silinmiyor.
Sayfa:
1
Ip işlemleri
Bu mesaj IP'si ile atılan mesajları ara Bu kullanıcının son IP'si ile atılan mesajları ara Bu mesaj IP'si ile kullanıcı ara Bu kullanıcının son IP'si ile kullanıcı ara
KAPAT X
Bu mesaj IP'si ile atılan mesajları ara Bu kullanıcının son IP'si ile atılan mesajları ara Bu mesaj IP'si ile kullanıcı ara Bu kullanıcının son IP'si ile kullanıcı ara
KAPAT X
