Yeni Kayıt
Konudaki Resimler
|
Hızlı 
Bildirim
Kurtulamadığım Reklam Yazılımı
Sıcak Fırsatlarda Tıklananlar
Editörün Seçtiği Fırsatlar
Daha Fazla 
Bu Konudaki Kullanıcılar:
Daha Az 
2 Misafir (1 Mobil) - 1 Masaüstü, 
1 Mobil
1 Mobil
Giriş
Mesaj
-
-
Bende 1 haftaya yakın uğraşıyorum bu lanet yazılımla spyi kullanmak istemiyorm çünkü denemiştim daha önce oda sistemin çökmesine yol açıyor bi ara kullandım her buldugunu sildi pc kafayı yemişti format atmak zorunda kalmıştım =)
Bunu silmek için baya bir uğraştım combofix Malwarebytes Anti-Malware vb. ama yok nafile virüs programı zaten bulamıyor ne yapacam bilmiyorum tarayıcı baya bi yavaşlattı nereye tıklasam bu çıkıyor karşıma bu gece bunun gibi 1 tane daha geldi bi biri açılıyor bi biri arkadaşlarınımı çağırıyor ne yapıyor çoğalacak gibiler inşallah bi yolunu vardırda format atmadan kurtuluruz 2 hafta olmadı format atalı daha :/ -
adwww cleanerhttp://www.bleepingcomputer.com/download/adwcleaner/quote:
Orijinalden alıntı: uur07
Bende 1 haftaya yakın uğraşıyorum bu lanet yazılımla spyi kullanmak istemiyorm çünkü denemiştim daha önce oda sistemin çökmesine yol açıyor bi ara kullandım her buldugunu sildi pc kafayı yemişti format atmak zorunda kalmıştım =)
Bunu silmek için baya bir uğraştım combofix Malwarebytes Anti-Malware vb. ama yok nafile virüs programı zaten bulamıyor ne yapacam bilmiyorum tarayıcı baya bi yavaşlattı nereye tıklasam bu çıkıyor karşıma bu gece bunun gibi 1 tane daha geldi bi biri açılıyor bi biri arkadaşlarınımı çağırıyor ne yapıyor çoğalacak gibiler inşallah bi yolunu vardırda format atmadan kurtuluruz 2 hafta olmadı format atalı daha :/
hitman pro http://www.surfright.nl/en
norton power eraser https://security.symantec.com/nbrt/npe.aspx
kurulumsuz çalışır hpsi ve çok etkilidir.ben hep kullanırım
-
quote:
Orijinalden alıntı: blingmh
Merhaba arkadaşlar, son bir kaç gündür sağdan soldan önüme atlayan bir casus reklam yazılımı beni oldukça sinirlendiriyor. Zym.tollbahsuburban.com çoğunlukla bu siteyle başlayıp devam eden bir adresle ayrı pencere olarak açılıyor reklamlar. İnternette çözümüyle alakalı yazılanları okuyup denedim ama sonuç vermedi. Avast ile taratıyorum hiç birşey bulmuyor, ad-aware 2 tane tehdit algılayıp sildi ama reklam sorunları hala devam ediyor. spy hunter adında bir yazılımla tarattığımda daha taramanın %50sine gelmemişken 270 tane tehdit algıladı ki dosyalara göz attığımda gerçekçi duruyor fakat full sürümüne sahip olmadığım için silme yada düzeltme işlemi yapamadım. Şu küçücük programın yaptığını yapabilecek başka bir program yok mu, yada formattan başka bir çözümü? Yardımlarınızı bekliyorum.
İnterneti iyi araştırmamışsın. Alttaki site zararlı yazılım konusunda uzman sitedir.
Malware Fix
http://trmalwarefix.freeforums.net/
< Bu mesaj bu kişi tarafından değiştirildi Malware Removal -- 20 Eylül 2014; 18:27:09 >
-
Doctus ne bereketli site yahu.Ayrılan herkes site kuruyor sanırım.quote:
Orijinalden alıntı: Malware Removalquote:
Orijinalden alıntı: blingmh
Merhaba arkadaşlar, son bir kaç gündür sağdan soldan önüme atlayan bir casus reklam yazılımı beni oldukça sinirlendiriyor. Zym.tollbahsuburban.com çoğunlukla bu siteyle başlayıp devam eden bir adresle ayrı pencere olarak açılıyor reklamlar. İnternette çözümüyle alakalı yazılanları okuyup denedim ama sonuç vermedi. Avast ile taratıyorum hiç birşey bulmuyor, ad-aware 2 tane tehdit algılayıp sildi ama reklam sorunları hala devam ediyor. spy hunter adında bir yazılımla tarattığımda daha taramanın %50sine gelmemişken 270 tane tehdit algıladı ki dosyalara göz attığımda gerçekçi duruyor fakat full sürümüne sahip olmadığım için silme yada düzeltme işlemi yapamadım. Şu küçücük programın yaptığını yapabilecek başka bir program yok mu, yada formattan başka bir çözümü? Yardımlarınızı bekliyorum.
İnterneti iyi araştırmamışsın. Alttaki site zararlı yazılım konusunda uzman sitedir.
Malware Fix
http://trmalwarefix.freeforums.net/
-
quote:
Orijinalden alıntı: kızgın güneş
İnterneti iyi araştırmamışsın. Alttaki site zararlı yazılım konusunda uzman sitedir.
Malware Fix
http://trmalwarefix.freeforums.net/
Verdiğin sitede doğru düzgün bir bilgi bulamadım ben. Toplam 19 üyesi olan, son 24 saatte sadece 2 staffının online olduğu bir siteyi internette araştırarak nasıl bulacaktım onu da anlamış değilim. Doğru link attığından emin misin?
Bybursa, cevap için teşekkürler fakat önerdiğin programlarda çare olmadı malesef.
< Bu mesaj bu kişi tarafından değiştirildi blingmh -- 20 Eylül 2014; 18:46:02 >
-
quote:
Orijinalden alıntı: blingmh
quote:
Orijinalden alıntı: kızgın güneş
İnterneti iyi araştırmamışsın. Alttaki site zararlı yazılım konusunda uzman sitedir.
Malware Fix
http://trmalwarefix.freeforums.net/
Verdiğin sitede doğru düzgün bir bilgi bulamadım ben. Toplam 19 üyesi olan, son 24 saatte sadece 2 staffının online olduğu bir siteyi internette araştırarak nasıl bulacaktım onu da anlamış değilim. Doğru link attığından emin misin?
Doğru link attığımdan adım gibi eminim.
Sen sitenin üye sayısını ne yapacaksın ? Önemli olan yaptıkları işin niteliğidir. Bu nitelikleri anlaşılamadığı için yurtdışındaki sitelerde virüs temizliği işlemleri yapıyorlar zaten. Sen de haklısın. Bu memleket arabesk bir toplumdur. Bakmak, görmek, anlamak kavramları arasında dağlar kadar fark vardır.
< Bu mesaj bu kişi tarafından değiştirildi Malware Removal -- 21 Eylül 2014; 1:11:57 >
-
blingmh
B
kullanıcısına yanıt
bybursa nın da dediği gibi adware cleaner bu işi çözebilir. olmazsa kaspersky rescue disc ile tararsın.O diskin adware taraması çok başarılı. -
Merhaba,quote:
Orijinalden alıntı: Efe Yakup Karahanlı
bybursa nın da dediği gibi adware cleaner bu işi çözebilir. olmazsa kaspersky rescue disc ile tararsın.O diskin adware taraması çok başarılı.
çözebildiniz mi arkadaşlar? Aynı sorun bende de var. -
quote:
Orijinalden alıntı: atiranda
Merhaba,
çözebildiniz mi arkadaşlar? Aynı sorun bende de var.
Probleminizi ayrıntılı yazın. Çözelim.
Aşağıdaki işlemi yapabilir misiniz ?
Farbar Recovery Scan Tool yazılımını Buradan masaüstüne indirin.
-Scan / Tara butonuna basın.
-2Ad Log verecek onları buraya kopyalayıp yapıştırın. -
quote:
Orijinalden alıntı: Malware Removalquote:
Orijinalden alıntı: atiranda
Merhaba,
çözebildiniz mi arkadaşlar? Aynı sorun bende de var.
Probleminizi ayrıntılı yazın. Çözelim.
Aşağıdaki işlemi yapabilir misiniz ?
Farbar Recovery Scan Tool yazılımını Buradan masaüstüne indirin.
-Scan / Tara butonuna basın.
-2Ad Log verecek onları buraya kopyalayıp yapıştırın.
Alıntıları GösterScan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-09-2014 01
Ran by user (administrator) on ECE on 23-09-2014 09:49:28
Running from C:\Users\TEMP.ECE\Desktop
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Türkçe (Türkiye)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Arcai.com) C:\Program Files\netcut\services\aips.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
() C:\Program Files\569B28CA-75D1-4EA2-9778-830E01DBBC88\cnfygfszki.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Atheros Communications, Inc.) C:\Program Files\Jumpstart\jswpbapi.exe
() C:\Program Files\005\jxbalvtmyz32.exe
(Realtek) C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe
(Realtek Semiconductor Corp.) C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Zbshareware Lab) C:\Program Files\USB Disk Security\USBGuard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Atheros Communications, Inc.) C:\Program Files\Jumpstart\jswtrayutil.exe
(Arcai.com) C:\Program Files\netcut\netcut.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [USB Security] => C:\Program Files\USB Disk Security\USBGuard.exe [623520 2011-01-31] (Zbshareware Lab)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [AGSServer] => C:\AGSoft\AGSserver.exe
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [jswtrayutil] => C:\Program Files\Jumpstart\jswtrayutil.exe [528384 2008-09-26] (Atheros Communications, Inc.)
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: ExplorerEx -> {E056AFDD-03E9-4D73-8D33-8FCCBCA73438} => No File
BootExecute:
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exehttp://istart.webssearches.com/?type=sc&ts=1406813021&from=amt&uid=SAMSUNGXHD080HJ_S08EJ1TLB06440
SearchScopes: HKLM - DefaultScope {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL =
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =http://istart.webssearches.com/web/?type=ds&ts=1406813021&from=amt&uid=SAMSUNGXHD080HJ_S08EJ1TLB06440&q={searchTerms}
SearchScopes: HKLM - {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL =
BHO: Adobe PDF Reader Bağı Yardımı -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Mercan Programlar Toolbar -> {b475cfd8-45d8-4905-b319-ad995327abeb} -> C:\Program Files\Mercan_Programlar\tbMer0.dll No File
BHO: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: AllDaySavings -> {fbdff406-2c4c-5d35-8469-34bb67ea3353} -> C:\Program Files\569B28CA-75D1-4EA2-9778-830E01DBBC88\kzhxnitccw.dll ()
Toolbar: HKLM - Mercan Programlar Toolbar - {b475cfd8-45d8-4905-b319-ad995327abeb} - C:\Program Files\Mercan_Programlar\tbMer0.dll No File
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA}http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\TEMP.ECE\AppData\Roaming\Mozilla\Firefox\Profiles\yyxrht0w.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\portalsepeti.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\webssearches.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yandex-tr.xml
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\user.ZEKI\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\faststartff@gmail.com
Chrome:
=======
CHR CustomProfile: C:\Users\TEMP.ECE\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Users\TEMP.ECE\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj [2014-09-22]
CHR Extension: (Domain Error Assistant) - C:\Users\TEMP.ECE\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj [2014-09-22]
CHR Extension: (Skype Click to Call) - C:\Users\TEMP.ECE\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-09-22]
CHR Extension: (Slick Savings) - C:\Users\TEMP.ECE\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2014-09-22]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\TEMP.ECE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2014-09-22]
CHR Extension: (Google Wallet) - C:\Users\TEMP.ECE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-22]
CHR Extension: (Amazon Shopping Assistant by Spigot) - C:\Users\TEMP.ECE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp [2014-09-22]
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2013-12-27]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\user\AppData\Local\Slick Savings\coupons.crx [2014-01-20]
CHR HKLM\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx [2014-01-20]
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AIPS; C:\Program Files\netcut\services\AIPS.exe [262144 2011-07-28] (Arcai.com) [File not signed]
R2 AllDaySavingsService; C:\Program Files\569B28CA-75D1-4EA2-9778-830E01DBBC88\cnfygfszki.exe [151040 2014-07-24] () [File not signed]
S3 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [397664 2012-05-08] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [385376 2012-05-08] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [694784 2014-07-31] (Cherished Technololgy LIMITED) [File not signed]
R2 jswpbapi; C:\Program Files\Jumpstart\jswpbapi.exe [188416 2008-09-26] (Atheros Communications, Inc.) [File not signed]
S3 jswpsapi; C:\Program Files\Jumpstart\jswpsapi.exe [954368 2008-09-26] (Atheros Communications, Inc.) [File not signed]
R2 jxbalvtmyz32; C:\Program Files\005\jxbalvtmyz32.exe [543232 2014-07-31] () [File not signed]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151744 2014-01-06] (IObit)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 RtlService; C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe [36864 2007-07-27] (Realtek) [File not signed]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S2 Sed; C:\Users\user.ZEKI\AppData\Roaming\ntsvc\ntsvc.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [66912 2012-05-08] (BlueStack Systems)
R2 DgiVecp; C:\Windows\System32\Drivers\DgiVecp.sys [41984 2004-05-17] (DeviceGuys, Inc.) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R1 netfilter; C:\Windows\System32\drivers\netfilter.sys [31744 2014-07-31] (NetFilterSDK.com) [File not signed]
R2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
R0 oem-drv86; C:\Windows\System32\DRIVERS\oem-drv86.sys [28160 2014-09-23] (secr9tos) [File not signed]
S3 RTL8187; C:\Windows\System32\DRIVERS\RTL8187.sys [335872 2012-05-11] (Realtek Semiconductor Corporation )
R1 RtlProt; C:\Windows\System32\DRIVERS\rtlprot.sys [25896 2007-04-23] (Windows (R) Codename Longhorn DDK provider)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-03-07] ()
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-23 09:49 - 2014-09-23 09:49 - 00014448 _____ () C:\Users\TEMP.ECE\Desktop\FRST.txt
2014-09-23 09:49 - 2014-09-23 09:49 - 00000000 ____D () C:\FRST
2014-09-23 09:48 - 2014-09-23 09:47 - 01097728 _____ (Farbar) C:\Users\TEMP.ECE\Desktop\FRST.exe
2014-09-23 09:47 - 2014-09-23 09:47 - 01097728 _____ (Farbar) C:\Users\TEMP.ECE\Downloads\FRST.exe
2014-09-23 09:04 - 2014-09-23 09:04 - 00704512 _____ () C:\Windows\isRS-000.tmp
2014-09-23 09:04 - 2014-09-23 09:04 - 00000941 _____ () C:\Users\TEMP.ECE\Desktop\netcut.lnk
2014-09-23 09:04 - 2014-09-23 09:04 - 00000046 _____ () C:\Users\TEMP.ECE\Desktop\netcut support.url
2014-09-23 09:04 - 2014-09-23 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\arcai.com
2014-09-23 08:37 - 2014-09-23 08:36 - 01748153 _____ (arcai.com ) C:\Users\TEMP.ECE\Desktop\netcut (1).exe
2014-09-23 08:34 - 2014-09-23 08:36 - 01748153 _____ (arcai.com ) C:\Users\TEMP.ECE\Downloads\netcut (1).exe
2014-09-23 08:14 - 2014-09-23 08:19 - 00341600 _____ (arcai.com ) C:\Users\TEMP.ECE\Downloads\netcut.exe
2014-09-23 08:09 - 2014-09-23 08:09 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\WinRAR
2014-09-23 08:09 - 2014-09-23 08:09 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\InstallShield
2014-09-23 08:08 - 2014-09-23 08:08 - 00000363 _____ () C:\Users\TEMP.ECE\Desktop\Bilgisayar - Kısayol.lnk
2014-09-23 08:08 - 2014-02-14 11:46 - 00000757 _____ () C:\Users\TEMP.ECE\Desktop\Yedek 22.11.2013 - Kısayol.lnk
2014-09-22 15:31 - 2014-09-22 15:31 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Local\CrashDumps
2014-09-22 14:43 - 2014-09-22 14:43 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\Macromedia
2014-09-22 14:43 - 2014-09-22 14:43 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\Adobe
2014-09-22 14:43 - 2014-09-22 14:43 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Local\Macromedia
2014-09-22 14:40 - 2014-09-22 14:40 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\Mozilla
2014-09-22 14:40 - 2014-09-22 14:40 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Local\Mozilla
2014-09-22 14:40 - 2014-09-22 14:40 - 00000000 ____D () C:\Mozilla
2014-09-22 13:50 - 2014-09-22 13:50 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\Macromedia
2014-09-22 13:47 - 2014-09-22 13:47 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\InstallShield
2014-09-22 13:46 - 2014-09-22 13:46 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\GRETECH
2014-09-22 13:46 - 2014-09-22 13:46 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\Adobe
2014-09-22 13:46 - 2014-09-22 13:46 - 00000000 ____D () C:\Users\Ece1\AppData\Local\Adobe
2014-09-22 13:45 - 2014-09-22 13:45 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\WinRAR
2014-09-22 13:44 - 2014-09-22 13:44 - 00000363 _____ () C:\Users\Ece1\Desktop\Bilgisayar - Kısayol.lnk
2014-09-22 13:44 - 2014-02-14 11:46 - 00000757 _____ () C:\Users\Ece1\Desktop\Yedek 22.11.2013 - Kısayol.lnk
2014-09-22 13:42 - 2014-09-22 13:42 - 00133536 _____ () C:\Users\Ece1\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-22 13:42 - 2014-09-22 13:42 - 00001401 _____ () C:\Users\Ece1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-22 13:42 - 2014-09-22 13:42 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\Zbshareware Lab
2014-09-22 13:42 - 2014-09-22 13:42 - 00000000 ____D () C:\Users\Ece1\AppData\Local\Google
2014-09-22 13:41 - 2014-09-22 13:42 - 00000000 ____D () C:\Users\Ece1
2014-09-22 13:41 - 2014-09-22 13:41 - 00000020 ___SH () C:\Users\Ece1\ntuser.ini
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 _SHDL () C:\Users\Ece1\Documents\Videolarım
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 _SHDL () C:\Users\Ece1\Documents\Resimlerim
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 _SHDL () C:\Users\Ece1\Documents\Müziğim
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 _SHDL () C:\Users\Ece1\Belgelerim
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 _SHDL () C:\Users\Ece1\AppData\Roaming\Microsoft\Windows\Start Menu\Programlar
2014-09-22 13:41 - 2014-06-04 12:34 - 00002036 _____ () C:\Users\Ece1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-09-22 13:41 - 2009-07-14 07:42 - 00000000 ___RD () C:\Users\Ece1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-22 13:41 - 2009-07-14 07:37 - 00000000 ___RD () C:\Users\Ece1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-22 13:38 - 2014-09-22 13:38 - 00133536 _____ () C:\Users\TEMP.ECE\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-22 13:38 - 2014-09-22 13:38 - 00001401 _____ () C:\Users\TEMP.ECE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-22 13:38 - 2014-09-22 13:38 - 00000020 ___SH () C:\Users\TEMP.ECE\ntuser.ini
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 _SHDL () C:\Users\TEMP.ECE\Documents\Videolarım
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 _SHDL () C:\Users\TEMP.ECE\Documents\Resimlerim
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 _SHDL () C:\Users\TEMP.ECE\Documents\Müziğim
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 _SHDL () C:\Users\TEMP.ECE\Belgelerim
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 _SHDL () C:\Users\TEMP.ECE\AppData\Roaming\Microsoft\Windows\Start Menu\Programlar
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\Zbshareware Lab
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\ProductData
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Local\Google
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 ____D () C:\Users\TEMP.ECE
2014-09-22 13:38 - 2014-06-04 12:34 - 00002036 _____ () C:\Users\TEMP.ECE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-09-22 13:38 - 2009-07-14 07:42 - 00000000 ___RD () C:\Users\TEMP.ECE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-22 13:38 - 2009-07-14 07:37 - 00000000 ___RD () C:\Users\TEMP.ECE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-19 11:42 - 2014-09-19 11:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-09-19 11:42 - 2014-09-19 11:42 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-09-19 11:29 - 2014-09-19 11:29 - 00000000 ____D () C:\.Trash-1000
2014-09-19 08:18 - 2014-09-22 14:07 - 00018559 _____ () C:\Windows\WindowsUpdate.log
2014-09-19 08:17 - 2014-09-23 09:07 - 00000672 _____ () C:\Windows\setupact.log
2014-09-19 08:17 - 2014-09-19 08:17 - 00490456 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-19 08:17 - 2014-09-19 08:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-18 10:30 - 2014-09-18 10:30 - 00133536 _____ () C:\Users\user.ZEKI\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-17 10:56 - 2014-09-17 10:56 - 00846848 _____ () C:\Users\user.ZEKI\Downloads\06110413_tantingilizce.ppt
2014-09-11 11:42 - 2014-09-18 10:04 - 00000000 ____D () C:\Windows\Minidump
2014-09-10 14:30 - 2014-09-23 08:09 - 00000922 _____ () C:\Users\Public\Desktop\Jumpstart.lnk
2014-09-10 14:30 - 2014-09-10 14:30 - 00000000 ____D () C:\Users\user.ZEKI\AppData\Roaming\InstallShield
2014-09-10 14:30 - 2014-09-10 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atheros
2014-09-10 14:29 - 2014-01-14 13:20 - 01682432 _____ (CasaTech Inc.) C:\Users\user.ZEKI\Desktop\Dumpper v4.exe
2014-09-10 12:56 - 2008-05-15 03:28 - 00020384 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\jswpslwf.sys
2014-09-10 12:11 - 2014-09-23 08:09 - 00000000 ____D () C:\Program Files\Jumpstart
2014-09-10 12:10 - 2014-09-10 12:11 - 00000000 ____D () C:\ProgramData\Atheros
2014-09-08 10:54 - 2014-09-10 13:59 - 00000000 ____D () C:\Users\user.ZEKI\Desktop\Bulgar
2014-08-26 11:17 - 2014-08-26 11:17 - 00000000 ____D () C:\ProgramData\IObit
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-23 09:49 - 2014-09-23 09:49 - 00014448 _____ () C:\Users\TEMP.ECE\Desktop\FRST.txt
2014-09-23 09:49 - 2014-09-23 09:49 - 00000000 ____D () C:\FRST
2014-09-23 09:48 - 2014-07-31 16:28 - 00000000 ____D () C:\Program Files\AllDaySavings
2014-09-23 09:47 - 2014-09-23 09:48 - 01097728 _____ (Farbar) C:\Users\TEMP.ECE\Desktop\FRST.exe
2014-09-23 09:47 - 2014-09-23 09:47 - 01097728 _____ (Farbar) C:\Users\TEMP.ECE\Downloads\FRST.exe
2014-09-23 09:33 - 2014-08-18 15:28 - 00001004 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-23 09:17 - 2014-02-07 16:30 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-09-23 09:15 - 2009-07-14 07:34 - 00029200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-23 09:15 - 2009-07-14 07:34 - 00029200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-23 09:09 - 2014-01-20 14:34 - 00000000 ____D () C:\ProgramData\ProductData
2014-09-23 09:08 - 2014-08-18 15:28 - 00001000 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-23 09:07 - 2014-09-19 08:17 - 00000672 _____ () C:\Windows\setupact.log
2014-09-23 09:07 - 2013-11-22 19:56 - 00028160 _____ (secr9tos) C:\Windows\system32\Drivers\oem-drv86.sys
2014-09-23 09:07 - 2009-07-14 07:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-23 09:06 - 2013-11-27 11:28 - 00000814 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-23 09:04 - 2014-09-23 09:04 - 00704512 _____ () C:\Windows\isRS-000.tmp
2014-09-23 09:04 - 2014-09-23 09:04 - 00000941 _____ () C:\Users\TEMP.ECE\Desktop\netcut.lnk
2014-09-23 09:04 - 2014-09-23 09:04 - 00000046 _____ () C:\Users\TEMP.ECE\Desktop\netcut support.url
2014-09-23 09:04 - 2014-09-23 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\arcai.com
2014-09-23 09:04 - 2014-07-01 13:55 - 00000000 ____D () C:\Program Files\netcut
2014-09-23 08:36 - 2014-09-23 08:37 - 01748153 _____ (arcai.com ) C:\Users\TEMP.ECE\Desktop\netcut (1).exe
2014-09-23 08:36 - 2014-09-23 08:34 - 01748153 _____ (arcai.com ) C:\Users\TEMP.ECE\Downloads\netcut (1).exe
2014-09-23 08:19 - 2014-09-23 08:14 - 00341600 _____ (arcai.com ) C:\Users\TEMP.ECE\Downloads\netcut.exe
2014-09-23 08:09 - 2014-09-23 08:09 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\WinRAR
2014-09-23 08:09 - 2014-09-23 08:09 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\InstallShield
2014-09-23 08:09 - 2014-09-10 14:30 - 00000922 _____ () C:\Users\Public\Desktop\Jumpstart.lnk
2014-09-23 08:09 - 2014-09-10 12:11 - 00000000 ____D () C:\Program Files\Jumpstart
2014-09-23 08:08 - 2014-09-23 08:08 - 00000363 _____ () C:\Users\TEMP.ECE\Desktop\Bilgisayar - Kısayol.lnk
2014-09-22 15:31 - 2014-09-22 15:31 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Local\CrashDumps
2014-09-22 14:43 - 2014-09-22 14:43 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\Macromedia
2014-09-22 14:43 - 2014-09-22 14:43 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\Adobe
2014-09-22 14:43 - 2014-09-22 14:43 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Local\Macromedia
2014-09-22 14:40 - 2014-09-22 14:40 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\Mozilla
2014-09-22 14:40 - 2014-09-22 14:40 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Local\Mozilla
2014-09-22 14:40 - 2014-09-22 14:40 - 00000000 ____D () C:\Mozilla
2014-09-22 14:07 - 2014-09-19 08:18 - 00018559 _____ () C:\Windows\WindowsUpdate.log
2014-09-22 13:50 - 2014-09-22 13:50 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\Macromedia
2014-09-22 13:47 - 2014-09-22 13:47 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\InstallShield
2014-09-22 13:46 - 2014-09-22 13:46 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\GRETECH
2014-09-22 13:46 - 2014-09-22 13:46 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\Adobe
2014-09-22 13:46 - 2014-09-22 13:46 - 00000000 ____D () C:\Users\Ece1\AppData\Local\Adobe
2014-09-22 13:45 - 2014-09-22 13:45 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\WinRAR
2014-09-22 13:44 - 2014-09-22 13:44 - 00000363 _____ () C:\Users\Ece1\Desktop\Bilgisayar - Kısayol.lnk
2014-09-22 13:42 - 2014-09-22 13:42 - 00133536 _____ () C:\Users\Ece1\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-22 13:42 - 2014-09-22 13:42 - 00001401 _____ () C:\Users\Ece1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-22 13:42 - 2014-09-22 13:42 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\Zbshareware Lab
2014-09-22 13:42 - 2014-09-22 13:42 - 00000000 ____D () C:\Users\Ece1\AppData\Local\Google
2014-09-22 13:42 - 2014-09-22 13:41 - 00000000 ____D () C:\Users\Ece1
2014-09-22 13:41 - 2014-09-22 13:41 - 00000020 ___SH () C:\Users\Ece1\ntuser.ini
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 _SHDL () C:\Users\Ece1\Documents\Videolarım
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 _SHDL () C:\Users\Ece1\Documents\Resimlerim
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 _SHDL () C:\Users\Ece1\Documents\Müziğim
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 _SHDL () C:\Users\Ece1\Belgelerim
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 _SHDL () C:\Users\Ece1\AppData\Roaming\Microsoft\Windows\Start Menu\Programlar
2014-09-22 13:38 - 2014-09-22 13:38 - 00133536 _____ () C:\Users\TEMP.ECE\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-22 13:38 - 2014-09-22 13:38 - 00001401 _____ () C:\Users\TEMP.ECE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-22 13:38 - 2014-09-22 13:38 - 00000020 ___SH () C:\Users\TEMP.ECE\ntuser.ini
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 _SHDL () C:\Users\TEMP.ECE\Documents\Videolarım
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 _SHDL () C:\Users\TEMP.ECE\Documents\Resimlerim
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 _SHDL () C:\Users\TEMP.ECE\Documents\Müziğim
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 _SHDL () C:\Users\TEMP.ECE\Belgelerim
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 _SHDL () C:\Users\TEMP.ECE\AppData\Roaming\Microsoft\Windows\Start Menu\Programlar
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\Zbshareware Lab
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\ProductData
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Local\Google
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 ____D () C:\Users\TEMP.ECE
2014-09-19 11:42 - 2014-09-19 11:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-09-19 11:42 - 2014-09-19 11:42 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-09-19 11:30 - 2014-02-11 14:34 - 00000000 ____D () C:\Users\user.ZEKI
2014-09-19 11:29 - 2014-09-19 11:29 - 00000000 ____D () C:\.Trash-1000
2014-09-19 08:17 - 2014-09-19 08:17 - 00490456 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-19 08:17 - 2014-09-19 08:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-18 14:57 - 2014-05-12 11:10 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-18 11:00 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-09-18 10:30 - 2014-09-18 10:30 - 00133536 _____ () C:\Users\user.ZEKI\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-18 10:04 - 2014-09-11 11:42 - 00000000 ____D () C:\Windows\Minidump
2014-09-18 09:54 - 2014-02-12 09:18 - 00000000 ____D () C:\Users\user.ZEKI\AppData\Local\Opera Software
2014-09-18 09:54 - 2013-11-27 10:22 - 00000000 ____D () C:\Program Files\Opera
2014-09-18 09:53 - 2014-02-12 09:18 - 00000000 ____D () C:\Users\user.ZEKI\AppData\Roaming\Opera Software
2014-09-17 10:56 - 2014-09-17 10:56 - 00846848 _____ () C:\Users\user.ZEKI\Downloads\06110413_tantingilizce.ppt
2014-09-17 10:34 - 2014-08-01 15:31 - 00000000 ____D () C:\Program Files\installAPK
2014-09-16 08:44 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-15 10:55 - 2013-11-23 12:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-15 10:36 - 2014-08-05 14:00 - 00000000 ____D () C:\Users\user.ZEKI\AppData\Local\CrashDumps
2014-09-15 09:25 - 2013-11-25 11:19 - 00000072 _____ () C:\Windows\KMSTMVM.ini
2014-09-11 15:01 - 2014-08-18 15:32 - 00002125 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-11 12:26 - 2014-02-13 14:43 - 00000000 ____D () C:\Users\user.ZEKI\AppData\Roaming\Skype
2014-09-11 09:52 - 2011-04-12 10:02 - 00658722 _____ () C:\Windows\system32\perfh01F.dat
2014-09-11 09:52 - 2011-04-12 10:02 - 00140424 _____ () C:\Windows\system32\perfc01F.dat
2014-09-11 09:52 - 2010-11-21 00:01 - 01576552 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-11 08:56 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 08:10 - 2009-07-14 07:53 - 00032590 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-10 14:30 - 2014-09-10 14:30 - 00000000 ____D () C:\Users\user.ZEKI\AppData\Roaming\InstallShield
2014-09-10 14:30 - 2014-09-10 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atheros
2014-09-10 14:30 - 2013-11-26 09:20 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-09-10 13:59 - 2014-09-08 10:54 - 00000000 ____D () C:\Users\user.ZEKI\Desktop\Bulgar
2014-09-10 12:11 - 2014-09-10 12:10 - 00000000 ____D () C:\ProgramData\Atheros
2014-09-10 12:08 - 2013-11-27 11:28 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-10 12:08 - 2013-11-23 12:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-01 10:53 - 2014-08-07 10:23 - 00000000 ____D () C:\Users\Administrator
2014-09-01 10:53 - 2014-02-11 14:35 - 00000000 ____D () C:\Users\user.ZEKI\AppData\Roaming\ProductData
2014-09-01 10:53 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-09-01 10:53 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\registration
2014-09-01 10:53 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\AppCompat
2014-08-26 11:17 - 2014-08-26 11:17 - 00000000 ____D () C:\ProgramData\IObit
Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\AskSLib.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-16 08:42
==================== End Of Log ============================
2. si de
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-09-2014 01
Ran by user at 2014-09-23 09:50:48
Running from C:\Users\TEMP.ECE\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Turkish (HKLM\...\{AC76BA86-7AD7-1055-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\{C8550AA9-484D-4B17-9526-8027D199F470}) (Version: 11.6.1.629 - Adobe System, Inc.)
BlueStacks (beta-1) (HKLM\...\{7F4E0156-C818-40C6-A43A-2BD5C62F84D2}) (Version: 0.7.0.702 - BlueStack Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.10 - Piriform)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version: 7.3.393 - Softland)
Fotoğraf Galerisi (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
GOM Player (HKLM\...\GOM Player) (Version: 2.1.28.5039 - Gretech Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
iras.exe (HKLM\...\iras.exe) (Version: - )
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jumpstart Installation Program (HKLM\...\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}) (Version: - Atheros)
Junk Mail filter update (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 2.0.713 - Kyocera Mita Corporation)
LibreOffice 4.1 Help Pack (Turkish) (HKLM\...\{6357E7AA-E0F8-4BB7-9144-FB4EC07E19C2}) (Version: 4.1.4.2 - The Document Foundation)
LibreOffice 4.1.3.2 (HKLM\...\{4F3722AD-197D-4DBB-BDFB-D2F0D6776354}) (Version: 4.1.3.2 - The Document Foundation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (TRK) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Türkçe) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1055) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 programları için Microsoft PDF veya XPS Eklentisi Olarak Kaydet (HKLM\...\{90120000-00B2-041F-0000-0000000FF1CE}) (Version: 12.0.4518.1027 - Microsoft Corporation)
Microsoft Office Access MUI (Turkish) 2007 (Version: 12.0.4518.1027 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Turkish) 2007 (Version: 12.0.4518.1027 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Turkish) 2007 (Version: 12.0.4518.1027 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Turkish) 2007 (Version: 12.0.4518.1027 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Turkish) 2007 (Version: 12.0.4518.1027 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-041F-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (Turkish) 2007 (Version: 12.0.4518.1027 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Turkish) 2007 (Version: 12.0.4518.1027 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Turkish) 2007 (Version: 12.0.4518.1027 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Turkish) 2007 (Version: 12.0.4518.1027 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Turkish) 2007 (Version: 12.0.4518.1027 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Turkish) 2007 (Version: 12.0.4518.1027 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Turkish) 2007 (Version: 12.0.4518.1027 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 tr) (HKLM\...\Mozilla Firefox 31.0 (x86 tr)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
neroxml (Version: 1.0.0 - Nero AG) Hidden
NetCut 2.1.4 (HKLM\...\NetCut_is1) (Version: - arcai.com)
OmniPage SE (HKLM\...\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}) (Version: 2.00.0004 - ScanSoft, Inc.)
OpenOffice 4.1.0 (HKLM\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
Photo Common (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
REALTEK RTL8187 Wireless LAN Driver and Utility (HKLM\...\{BE686891-3C56-4714-AFEF-341A7867BA80}) (Version: Package:1.00.0023 Driver:6.1313.613.2008 UI:500.1510.1203.2007 - REALTEK Semiconductor Corp.)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
StarBoard Contents (Version: 9.34 - Hitachi Solutions, Ltd.) Hidden
StarBoard Document Capture (Version: 8.2 - Hitachi Software Engineering Co., Ltd.) Hidden
StarBoard Driver (Version: 9.33.0000 - Hitachi Solutions, Ltd.) Hidden
StarBoard Software (Version: 9.3.4 - Hitachi Solutions, Ltd.) Hidden
StarBoard Software for Fatih 1.1 (HKLM\...\{08D48CA8-4653-4630-8446-0366763CFD54}) (Version: 1.1.0 - Hitachi Solutions, Ltd.)
System Requirements Lab for Intel (HKLM\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Ubuntu (HKLM\...\Wubi) (Version: 12.04.3-rev279 - Ubuntu)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version: - Microsoft)
USB Disk Security (HKLM\...\USB Disk Security_is1) (Version: - Zbshareware Lab)
Winamp Pro 6.5.1.3133 (HKLM\...\{3B17534F-6B8D-4A41-B72D-E634F14F0F58}) (Version: 6.5.1.3133 - Dante_Imp)
Windows Live (HKLM\...\{35062638-6676-4525-909D-916C53636143}) (Version: 1.0.0.0 - Dante_Imp)
Windows Live Communications Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Temel Parçalar (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
22-09-2014 10:48:01 Installed Jumpstart Installation Program
23-09-2014 05:09:21 Installed Jumpstart Installation Program
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 05:04 - 2009-06-11 00:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1E0EDB2F-A5FF-4C1A-97C1-8DB96BF54A40} - System32\Tasks\{EE7A227D-2070-4474-A00B-1971E2FAF659} => c:\program files\opera\launcher.exe
Task: {3F6A04A3-538F-420A-BB2F-67A79C518057} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe
Task: {73C222E1-2B7B-4362-9600-45F54A2610E9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-08-18] (Google Inc.)
Task: {80BE577E-1025-4A88-963B-4573B1C13E75} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {A1674E79-12D2-4F67-A324-748F78ADBB72} - System32\Tasks\AmiUpdXp => C:\Users\user.ZEKI\AppData\Local\20512\a2158.exe <==== ATTENTION
Task: {B3BC1D3B-CCC2-40B3-9DFE-B08BFD8C4A4B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-08-18] (Google Inc.)
Task: {E8840DBE-A55D-45D8-9C81-F02E9FA18E21} - System32\Tasks\{784FB22C-7E36-49AB-A32E-B826D00BF082} => c:\program files\opera\launcher.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-07-24 23:25 - 2014-07-24 23:25 - 00151040 _____ () C:\Program Files\569B28CA-75D1-4EA2-9778-830E01DBBC88\cnfygfszki.exe
2014-07-24 23:25 - 2014-07-24 23:25 - 00102400 _____ () C:\Program Files\569B28CA-75D1-4EA2-9778-830E01DBBC88\nfapi.dll
2014-07-24 23:25 - 2014-07-24 23:25 - 00323584 _____ () C:\Program Files\569B28CA-75D1-4EA2-9778-830E01DBBC88\ProtocolFilters.dll
2014-07-31 16:27 - 2014-07-31 16:27 - 00543232 _____ () C:\Program Files\005\jxbalvtmyz32.exe
2014-02-10 09:38 - 2006-10-26 23:30 - 00131072 _____ () C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\EnumDevLib.dll
2013-11-23 12:05 - 2011-05-28 23:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2014-07-01 13:55 - 2006-09-21 13:59 - 00389120 _____ () C:\Windows\system32\actskn43.ocx
2006-10-26 13:56 - 2006-10-26 13:56 - 00757008 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2014-09-11 15:00 - 2014-09-04 06:01 - 08577864 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-11 15:00 - 2014-09-04 06:01 - 00331592 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-11 15:00 - 2014-09-04 06:01 - 01660232 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
2014-09-11 15:00 - 2014-09-04 06:01 - 14891848 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll
2014-09-22 14:27 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\TEMP.ECE\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-09-22 14:27 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\TEMP.ECE\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: c2cpnrsvc => 2
MSCONFIG\startupreg: jswtrayutil => "C:\Program Files\Jumpstart\jswtrayutil.exe"
MSCONFIG\startupreg: OpwareSE2 => "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
MSCONFIG\startupreg: StarBoardDriver => "C:\Program Files\Hitachi Software Engineering\StarBoard Driver\DGBoard.exe"
MSCONFIG\startupreg: StarBoardPrintListener => "C:\Program Files\HitachiSoft\StarBoard Software\win32\release\starboardprintlistener.exe"
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tünel Bağdaştırıcısı
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: PS/2 Uyumlu Fare
Description: PS/2 Uyumlu Fare
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Standart PS/2 Klavye
Description: Standart PS/2 Klavye
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standart klavyeler)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/23/2014 09:26:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: netcut.exe programının 2.0.6.0 sürümü, Windows ile birlikte çalışmayı durdurdu ve kapatıldı. Sorun hakkında daha fazla bilgi olup olmadığını görmek için Eylem Merkezi denetim masasında sorunun geçmişini denetleyin.
İşlem Kimlik No: c9c
Başlatma Saati: 01cfd6f4c23f0771
Sona Erdirme Saati: 40
Uygulama Yolu: C:\Program Files\netcut\netcut.exe
Rapor Kimliği: 77a43d1b-42ea-11e4-a9e5-003005d15131
Error: (09/23/2014 09:09:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/23/2014 08:09:21 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Birim Gölge Kopya Hizmeti hatası: IVssWriterCallback arabirimi sorgulanırken hata oluştu. hr = 0x80070005, Erişim engellendi.
.
Bu duruma genellikle yazan veya istekte bulunan işlemdeki yanlış güvenlik ayarları neden olur.
İşlem:
Yazıcı Verileri Toplanıyor
Bağlam:
Yazıcı Sınıf Kimliği: {e8132975-6f93-4464-a53e-1050253ae220}
Yazıcı Adı: System Writer
Yazıcı Örnek Kimliği: {6c854d31-d7ca-4839-97e4-3ad14451cb74}
Error: (09/23/2014 08:08:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/22/2014 03:31:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Hatalı uygulama adı: netcut.exe, sürüm: 2.0.6.0, zaman damgası: 0x4e53beba
Hatalı modül adı: netcut.exe, sürüm: 2.0.6.0, zaman damgası: 0x4e53beba
Özel durum kodu: 0xc0000005
Hata uzaklığı 0x00020ff8
Hatalı işlem kimliği: 0x16a0
Uygulama başlangıç zamanı: 0xnetcut.exe0
Hatalı uygulama yolu: netcut.exe1
Hatalı modül yolu: netcut.exe2
Rapor kimliği: netcut.exe3
Error: (09/22/2014 02:59:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: netcut.exe programının 2.0.6.0 sürümü, Windows ile birlikte çalışmayı durdurdu ve kapatıldı. Sorun hakkında daha fazla bilgi olup olmadığını görmek için Eylem Merkezi denetim masasında sorunun geçmişini denetleyin.
İşlem Kimlik No: 144
Başlatma Saati: 01cfd657cf5fb8ad
Sona Erdirme Saati: 80
Uygulama Yolu: C:\Program Files\netcut\netcut.exe
Rapor Kimliği: d96de13f-424f-11e4-a5e7-003005d15131
Error: (09/22/2014 01:48:01 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Birim Gölge Kopyası Hizmeti hatası: ConvertStringSidToSid(S-1-5-21-1686586300-1644319395-1546198616-1000.bak) yordamı çağrılırken beklenmeyen hata. hr = 0x80070539, Güvenlik kimliği yapısı geçersiz.
.
İşlem:
OnIdentify olayı
Yazıcı Verileri Toplanıyor
Bağlam:
Yürütme İçeriği: Shadow Copy Optimization Writer
Yazıcı Sınıf Kimliği: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Yazıcı Adı: Shadow Copy Optimization Writer
Yazıcı Örnek Kimliği: {2d1f1c5f-5932-4bbd-a5e3-ff2e17aa4f29}
Error: (09/22/2014 01:48:00 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Birim Gölge Kopyası Hizmeti hatası: ConvertStringSidToSid(S-1-5-21-1686586300-1644319395-1546198616-1000.bak) yordamı çağrılırken beklenmeyen hata. hr = 0x80070539, Güvenlik kimliği yapısı geçersiz.
.
İşlem:
OnIdentify olayı
Yazıcı Verileri Toplanıyor
Bağlam:
Yürütme İçeriği: Shadow Copy Optimization Writer
Yazıcı Sınıf Kimliği: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Yazıcı Adı: Shadow Copy Optimization Writer
Yazıcı Örnek Kimliği: {2d1f1c5f-5932-4bbd-a5e3-ff2e17aa4f29}
Error: (09/22/2014 01:48:00 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Birim Gölge Kopya Hizmeti hatası: IVssWriterCallback arabirimi sorgulanırken hata oluştu. hr = 0x80070005, Erişim engellendi.
.
Bu duruma genellikle yazan veya istekte bulunan işlemdeki yanlış güvenlik ayarları neden olur.
İşlem:
Yazıcı Verileri Toplanıyor
Bağlam:
Yazıcı Sınıf Kimliği: {e8132975-6f93-4464-a53e-1050253ae220}
Yazıcı Adı: System Writer
Yazıcı Örnek Kimliği: {d0ecff93-adc2-49e9-b1ac-15d2612681f7}
Error: (09/22/2014 01:42:06 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (3196) WindowsMail0: Yedekleme, istemci tarafından sonlandırılmış olduğundan veya istemciyle olan bağlantı kesildiğinden durduruldu.
System errors:
=============
Error: (09/23/2014 09:09:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: LiveUpdate hizmeti beklenmeyen bir şekilde sonlandırıldı. Bu durum 1 defa oluştu.
Error: (09/23/2014 09:07:38 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: Diskteki dosya sistemi yapısı bozuk ve kullanılamaz durumda.
C: birimindeki chkdsk yardımcı programını çalıştırın.
Error: (09/23/2014 09:07:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Net Service Event Handler hizmeti şu hata nedeniyle başlatılamadı:
%%2
Error: (09/23/2014 09:06:51 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: Diskteki dosya sistemi yapısı bozuk ve kullanılamaz durumda.
C: birimindeki chkdsk yardımcı programını çalıştırın.
Error: (09/23/2014 09:06:51 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: Diskteki dosya sistemi yapısı bozuk ve kullanılamaz durumda.
C: birimindeki chkdsk yardımcı programını çalıştırın.
Error: (09/23/2014 09:06:40 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (09/23/2014 08:08:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: LiveUpdate hizmeti beklenmeyen bir şekilde sonlandırıldı. Bu durum 1 defa oluştu.
Error: (09/23/2014 08:07:01 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: Diskteki dosya sistemi yapısı bozuk ve kullanılamaz durumda.
C: birimindeki chkdsk yardımcı programını çalıştırın.
Error: (09/23/2014 08:07:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Net Service Event Handler hizmeti şu hata nedeniyle başlatılamadı:
%%2
Error: (09/22/2014 03:45:15 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Diskteki dosya sistemi yapısı bozuk ve kullanılamaz durumda.
C: birimindeki chkdsk yardımcı programını çalıştırın.
Microsoft Office Sessions:
=========================
Error: (03/28/2014 11:09:39 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 47 seconds with 0 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Processor: Intel(R) Celeron(R) D CPU 3.33GHz
Percentage of memory in use: 54%
Total physical RAM: 3062.55 MB
Available physical RAM: 1402.84 MB
Total Pagefile: 6123.4 MB
Available Pagefile: 4497.76 MB
Total Virtual: 2047.88 MB
Available Virtual: 1892.98 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:39.32 GB) (Free:12.92 GB) NTFS
Drive d: (depo) (Fixed) (Total:35.11 GB) (Free:20.66 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 2C1CFD0A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=39.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=35.1 GB) - (Type=07 NTFS)
==================== End Of Log ============================
-
3gün önce arkadaşımın pcsini temizledim, sildiğim reklamcılardan biri de buydu.Hatırladığım kadarıyla anlatayım yaptıklarımı;quote:
Orijinalden alıntı: atirandaScan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-09-2014 01
Ran by user (administrator) on ECE on 23-09-2014 09:49:28
Running from C:\Users\TEMP.ECE\Desktop
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Türkçe (Türkiye)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Arcai.com) C:\Program Files\netcut\services\aips.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
() C:\Program Files\569B28CA-75D1-4EA2-9778-830E01DBBC88\cnfygfszki.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Atheros Communications, Inc.) C:\Program Files\Jumpstart\jswpbapi.exe
() C:\Program Files\005\jxbalvtmyz32.exe
(Realtek) C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe
(Realtek Semiconductor Corp.) C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Zbshareware Lab) C:\Program Files\USB Disk Security\USBGuard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Atheros Communications, Inc.) C:\Program Files\Jumpstart\jswtrayutil.exe
(Arcai.com) C:\Program Files\netcut\netcut.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [USB Security] => C:\Program Files\USB Disk Security\USBGuard.exe [623520 2011-01-31] (Zbshareware Lab)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [AGSServer] => C:\AGSoft\AGSserver.exe
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [jswtrayutil] => C:\Program Files\Jumpstart\jswtrayutil.exe [528384 2008-09-26] (Atheros Communications, Inc.)
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: ExplorerEx -> {E056AFDD-03E9-4D73-8D33-8FCCBCA73438} => No File
BootExecute:
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exehttp://istart.webssearches.com/?type=sc&ts=1406813021&from=amt&uid=SAMSUNGXHD080HJ_S08EJ1TLB06440
SearchScopes: HKLM - DefaultScope {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL =
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =http://istart.webssearches.com/web/?type=ds&ts=1406813021&from=amt&uid=SAMSUNGXHD080HJ_S08EJ1TLB06440&q={searchTerms}
SearchScopes: HKLM - {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL =
BHO: Adobe PDF Reader Bağı Yardımı -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Mercan Programlar Toolbar -> {b475cfd8-45d8-4905-b319-ad995327abeb} -> C:\Program Files\Mercan_Programlar\tbMer0.dll No File
BHO: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: AllDaySavings -> {fbdff406-2c4c-5d35-8469-34bb67ea3353} -> C:\Program Files\569B28CA-75D1-4EA2-9778-830E01DBBC88\kzhxnitccw.dll ()
Toolbar: HKLM - Mercan Programlar Toolbar - {b475cfd8-45d8-4905-b319-ad995327abeb} - C:\Program Files\Mercan_Programlar\tbMer0.dll No File
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA}http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\TEMP.ECE\AppData\Roaming\Mozilla\Firefox\Profiles\yyxrht0w.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\portalsepeti.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\webssearches.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yandex-tr.xml
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\user.ZEKI\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\faststartff@gmail.com
Chrome:
=======
CHR CustomProfile: C:\Users\TEMP.ECE\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Users\TEMP.ECE\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj [2014-09-22]
CHR Extension: (Domain Error Assistant) - C:\Users\TEMP.ECE\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj [2014-09-22]
CHR Extension: (Skype Click to Call) - C:\Users\TEMP.ECE\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-09-22]
CHR Extension: (Slick Savings) - C:\Users\TEMP.ECE\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2014-09-22]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\TEMP.ECE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2014-09-22]
CHR Extension: (Google Wallet) - C:\Users\TEMP.ECE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-22]
CHR Extension: (Amazon Shopping Assistant by Spigot) - C:\Users\TEMP.ECE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp [2014-09-22]
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2013-12-27]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\user\AppData\Local\Slick Savings\coupons.crx [2014-01-20]
CHR HKLM\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx [2014-01-20]
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AIPS; C:\Program Files\netcut\services\AIPS.exe [262144 2011-07-28] (Arcai.com) [File not signed]
R2 AllDaySavingsService; C:\Program Files\569B28CA-75D1-4EA2-9778-830E01DBBC88\cnfygfszki.exe [151040 2014-07-24] () [File not signed]
S3 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [397664 2012-05-08] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [385376 2012-05-08] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [694784 2014-07-31] (Cherished Technololgy LIMITED) [File not signed]
R2 jswpbapi; C:\Program Files\Jumpstart\jswpbapi.exe [188416 2008-09-26] (Atheros Communications, Inc.) [File not signed]
S3 jswpsapi; C:\Program Files\Jumpstart\jswpsapi.exe [954368 2008-09-26] (Atheros Communications, Inc.) [File not signed]
R2 jxbalvtmyz32; C:\Program Files\005\jxbalvtmyz32.exe [543232 2014-07-31] () [File not signed]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151744 2014-01-06] (IObit)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 RtlService; C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe [36864 2007-07-27] (Realtek) [File not signed]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S2 Sed; C:\Users\user.ZEKI\AppData\Roaming\ntsvc\ntsvc.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [66912 2012-05-08] (BlueStack Systems)
R2 DgiVecp; C:\Windows\System32\Drivers\DgiVecp.sys [41984 2004-05-17] (DeviceGuys, Inc.) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R1 netfilter; C:\Windows\System32\drivers\netfilter.sys [31744 2014-07-31] (NetFilterSDK.com) [File not signed]
R2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
R0 oem-drv86; C:\Windows\System32\DRIVERS\oem-drv86.sys [28160 2014-09-23] (secr9tos) [File not signed]
S3 RTL8187; C:\Windows\System32\DRIVERS\RTL8187.sys [335872 2012-05-11] (Realtek Semiconductor Corporation )
R1 RtlProt; C:\Windows\System32\DRIVERS\rtlprot.sys [25896 2007-04-23] (Windows (R) Codename Longhorn DDK provider)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-03-07] ()
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-23 09:49 - 2014-09-23 09:49 - 00014448 _____ () C:\Users\TEMP.ECE\Desktop\FRST.txt
2014-09-23 09:49 - 2014-09-23 09:49 - 00000000 ____D () C:\FRST
2014-09-23 09:48 - 2014-09-23 09:47 - 01097728 _____ (Farbar) C:\Users\TEMP.ECE\Desktop\FRST.exe
2014-09-23 09:47 - 2014-09-23 09:47 - 01097728 _____ (Farbar) C:\Users\TEMP.ECE\Downloads\FRST.exe
2014-09-23 09:04 - 2014-09-23 09:04 - 00704512 _____ () C:\Windows\isRS-000.tmp
2014-09-23 09:04 - 2014-09-23 09:04 - 00000941 _____ () C:\Users\TEMP.ECE\Desktop\netcut.lnk
2014-09-23 09:04 - 2014-09-23 09:04 - 00000046 _____ () C:\Users\TEMP.ECE\Desktop\netcut support.url
2014-09-23 09:04 - 2014-09-23 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\arcai.com
2014-09-23 08:37 - 2014-09-23 08:36 - 01748153 _____ (arcai.com ) C:\Users\TEMP.ECE\Desktop\netcut (1).exe
2014-09-23 08:34 - 2014-09-23 08:36 - 01748153 _____ (arcai.com ) C:\Users\TEMP.ECE\Downloads\netcut (1).exe
2014-09-23 08:14 - 2014-09-23 08:19 - 00341600 _____ (arcai.com ) C:\Users\TEMP.ECE\Downloads\netcut.exe
2014-09-23 08:09 - 2014-09-23 08:09 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\WinRAR
2014-09-23 08:09 - 2014-09-23 08:09 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\InstallShield
2014-09-23 08:08 - 2014-09-23 08:08 - 00000363 _____ () C:\Users\TEMP.ECE\Desktop\Bilgisayar - Kısayol.lnk
2014-09-23 08:08 - 2014-02-14 11:46 - 00000757 _____ () C:\Users\TEMP.ECE\Desktop\Yedek 22.11.2013 - Kısayol.lnk
2014-09-22 15:31 - 2014-09-22 15:31 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Local\CrashDumps
2014-09-22 14:43 - 2014-09-22 14:43 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\Macromedia
2014-09-22 14:43 - 2014-09-22 14:43 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\Adobe
2014-09-22 14:43 - 2014-09-22 14:43 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Local\Macromedia
2014-09-22 14:40 - 2014-09-22 14:40 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\Mozilla
2014-09-22 14:40 - 2014-09-22 14:40 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Local\Mozilla
2014-09-22 14:40 - 2014-09-22 14:40 - 00000000 ____D () C:\Mozilla
2014-09-22 13:50 - 2014-09-22 13:50 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\Macromedia
2014-09-22 13:47 - 2014-09-22 13:47 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\InstallShield
2014-09-22 13:46 - 2014-09-22 13:46 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\GRETECH
2014-09-22 13:46 - 2014-09-22 13:46 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\Adobe
2014-09-22 13:46 - 2014-09-22 13:46 - 00000000 ____D () C:\Users\Ece1\AppData\Local\Adobe
2014-09-22 13:45 - 2014-09-22 13:45 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\WinRAR
2014-09-22 13:44 - 2014-09-22 13:44 - 00000363 _____ () C:\Users\Ece1\Desktop\Bilgisayar - Kısayol.lnk
2014-09-22 13:44 - 2014-02-14 11:46 - 00000757 _____ () C:\Users\Ece1\Desktop\Yedek 22.11.2013 - Kısayol.lnk
2014-09-22 13:42 - 2014-09-22 13:42 - 00133536 _____ () C:\Users\Ece1\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-22 13:42 - 2014-09-22 13:42 - 00001401 _____ () C:\Users\Ece1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-22 13:42 - 2014-09-22 13:42 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\Zbshareware Lab
2014-09-22 13:42 - 2014-09-22 13:42 - 00000000 ____D () C:\Users\Ece1\AppData\Local\Google
2014-09-22 13:41 - 2014-09-22 13:42 - 00000000 ____D () C:\Users\Ece1
2014-09-22 13:41 - 2014-09-22 13:41 - 00000020 ___SH () C:\Users\Ece1\ntuser.ini
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 _SHDL () C:\Users\Ece1\Documents\Videolarım
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 _SHDL () C:\Users\Ece1\Documents\Resimlerim
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 _SHDL () C:\Users\Ece1\Documents\Müziğim
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 _SHDL () C:\Users\Ece1\Belgelerim
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 _SHDL () C:\Users\Ece1\AppData\Roaming\Microsoft\Windows\Start Menu\Programlar
2014-09-22 13:41 - 2014-06-04 12:34 - 00002036 _____ () C:\Users\Ece1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-09-22 13:41 - 2009-07-14 07:42 - 00000000 ___RD () C:\Users\Ece1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-22 13:41 - 2009-07-14 07:37 - 00000000 ___RD () C:\Users\Ece1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-22 13:38 - 2014-09-22 13:38 - 00133536 _____ () C:\Users\TEMP.ECE\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-22 13:38 - 2014-09-22 13:38 - 00001401 _____ () C:\Users\TEMP.ECE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-22 13:38 - 2014-09-22 13:38 - 00000020 ___SH () C:\Users\TEMP.ECE\ntuser.ini
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 _SHDL () C:\Users\TEMP.ECE\Documents\Videolarım
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 _SHDL () C:\Users\TEMP.ECE\Documents\Resimlerim
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 _SHDL () C:\Users\TEMP.ECE\Documents\Müziğim
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 _SHDL () C:\Users\TEMP.ECE\Belgelerim
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 _SHDL () C:\Users\TEMP.ECE\AppData\Roaming\Microsoft\Windows\Start Menu\Programlar
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\Zbshareware Lab
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\ProductData
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Local\Google
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 ____D () C:\Users\TEMP.ECE
2014-09-22 13:38 - 2014-06-04 12:34 - 00002036 _____ () C:\Users\TEMP.ECE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-09-22 13:38 - 2009-07-14 07:42 - 00000000 ___RD () C:\Users\TEMP.ECE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-22 13:38 - 2009-07-14 07:37 - 00000000 ___RD () C:\Users\TEMP.ECE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-19 11:42 - 2014-09-19 11:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-09-19 11:42 - 2014-09-19 11:42 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-09-19 11:29 - 2014-09-19 11:29 - 00000000 ____D () C:\.Trash-1000
2014-09-19 08:18 - 2014-09-22 14:07 - 00018559 _____ () C:\Windows\WindowsUpdate.log
2014-09-19 08:17 - 2014-09-23 09:07 - 00000672 _____ () C:\Windows\setupact.log
2014-09-19 08:17 - 2014-09-19 08:17 - 00490456 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-19 08:17 - 2014-09-19 08:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-18 10:30 - 2014-09-18 10:30 - 00133536 _____ () C:\Users\user.ZEKI\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-17 10:56 - 2014-09-17 10:56 - 00846848 _____ () C:\Users\user.ZEKI\Downloads\06110413_tantingilizce.ppt
2014-09-11 11:42 - 2014-09-18 10:04 - 00000000 ____D () C:\Windows\Minidump
2014-09-10 14:30 - 2014-09-23 08:09 - 00000922 _____ () C:\Users\Public\Desktop\Jumpstart.lnk
2014-09-10 14:30 - 2014-09-10 14:30 - 00000000 ____D () C:\Users\user.ZEKI\AppData\Roaming\InstallShield
2014-09-10 14:30 - 2014-09-10 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atheros
2014-09-10 14:29 - 2014-01-14 13:20 - 01682432 _____ (CasaTech Inc.) C:\Users\user.ZEKI\Desktop\Dumpper v4.exe
2014-09-10 12:56 - 2008-05-15 03:28 - 00020384 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\jswpslwf.sys
2014-09-10 12:11 - 2014-09-23 08:09 - 00000000 ____D () C:\Program Files\Jumpstart
2014-09-10 12:10 - 2014-09-10 12:11 - 00000000 ____D () C:\ProgramData\Atheros
2014-09-08 10:54 - 2014-09-10 13:59 - 00000000 ____D () C:\Users\user.ZEKI\Desktop\Bulgar
2014-08-26 11:17 - 2014-08-26 11:17 - 00000000 ____D () C:\ProgramData\IObit
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-23 09:49 - 2014-09-23 09:49 - 00014448 _____ () C:\Users\TEMP.ECE\Desktop\FRST.txt
2014-09-23 09:49 - 2014-09-23 09:49 - 00000000 ____D () C:\FRST
2014-09-23 09:48 - 2014-07-31 16:28 - 00000000 ____D () C:\Program Files\AllDaySavings
2014-09-23 09:47 - 2014-09-23 09:48 - 01097728 _____ (Farbar) C:\Users\TEMP.ECE\Desktop\FRST.exe
2014-09-23 09:47 - 2014-09-23 09:47 - 01097728 _____ (Farbar) C:\Users\TEMP.ECE\Downloads\FRST.exe
2014-09-23 09:33 - 2014-08-18 15:28 - 00001004 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-23 09:17 - 2014-02-07 16:30 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-09-23 09:15 - 2009-07-14 07:34 - 00029200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-23 09:15 - 2009-07-14 07:34 - 00029200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-23 09:09 - 2014-01-20 14:34 - 00000000 ____D () C:\ProgramData\ProductData
2014-09-23 09:08 - 2014-08-18 15:28 - 00001000 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-23 09:07 - 2014-09-19 08:17 - 00000672 _____ () C:\Windows\setupact.log
2014-09-23 09:07 - 2013-11-22 19:56 - 00028160 _____ (secr9tos) C:\Windows\system32\Drivers\oem-drv86.sys
2014-09-23 09:07 - 2009-07-14 07:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-23 09:06 - 2013-11-27 11:28 - 00000814 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-23 09:04 - 2014-09-23 09:04 - 00704512 _____ () C:\Windows\isRS-000.tmp
2014-09-23 09:04 - 2014-09-23 09:04 - 00000941 _____ () C:\Users\TEMP.ECE\Desktop\netcut.lnk
2014-09-23 09:04 - 2014-09-23 09:04 - 00000046 _____ () C:\Users\TEMP.ECE\Desktop\netcut support.url
2014-09-23 09:04 - 2014-09-23 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\arcai.com
2014-09-23 09:04 - 2014-07-01 13:55 - 00000000 ____D () C:\Program Files\netcut
2014-09-23 08:36 - 2014-09-23 08:37 - 01748153 _____ (arcai.com ) C:\Users\TEMP.ECE\Desktop\netcut (1).exe
2014-09-23 08:36 - 2014-09-23 08:34 - 01748153 _____ (arcai.com ) C:\Users\TEMP.ECE\Downloads\netcut (1).exe
2014-09-23 08:19 - 2014-09-23 08:14 - 00341600 _____ (arcai.com ) C:\Users\TEMP.ECE\Downloads\netcut.exe
2014-09-23 08:09 - 2014-09-23 08:09 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\WinRAR
2014-09-23 08:09 - 2014-09-23 08:09 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\InstallShield
2014-09-23 08:09 - 2014-09-10 14:30 - 00000922 _____ () C:\Users\Public\Desktop\Jumpstart.lnk
2014-09-23 08:09 - 2014-09-10 12:11 - 00000000 ____D () C:\Program Files\Jumpstart
2014-09-23 08:08 - 2014-09-23 08:08 - 00000363 _____ () C:\Users\TEMP.ECE\Desktop\Bilgisayar - Kısayol.lnk
2014-09-22 15:31 - 2014-09-22 15:31 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Local\CrashDumps
2014-09-22 14:43 - 2014-09-22 14:43 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\Macromedia
2014-09-22 14:43 - 2014-09-22 14:43 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\Adobe
2014-09-22 14:43 - 2014-09-22 14:43 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Local\Macromedia
2014-09-22 14:40 - 2014-09-22 14:40 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\Mozilla
2014-09-22 14:40 - 2014-09-22 14:40 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Local\Mozilla
2014-09-22 14:40 - 2014-09-22 14:40 - 00000000 ____D () C:\Mozilla
2014-09-22 14:07 - 2014-09-19 08:18 - 00018559 _____ () C:\Windows\WindowsUpdate.log
2014-09-22 13:50 - 2014-09-22 13:50 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\Macromedia
2014-09-22 13:47 - 2014-09-22 13:47 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\InstallShield
2014-09-22 13:46 - 2014-09-22 13:46 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\GRETECH
2014-09-22 13:46 - 2014-09-22 13:46 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\Adobe
2014-09-22 13:46 - 2014-09-22 13:46 - 00000000 ____D () C:\Users\Ece1\AppData\Local\Adobe
2014-09-22 13:45 - 2014-09-22 13:45 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\WinRAR
2014-09-22 13:44 - 2014-09-22 13:44 - 00000363 _____ () C:\Users\Ece1\Desktop\Bilgisayar - Kısayol.lnk
2014-09-22 13:42 - 2014-09-22 13:42 - 00133536 _____ () C:\Users\Ece1\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-22 13:42 - 2014-09-22 13:42 - 00001401 _____ () C:\Users\Ece1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-22 13:42 - 2014-09-22 13:42 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\Zbshareware Lab
2014-09-22 13:42 - 2014-09-22 13:42 - 00000000 ____D () C:\Users\Ece1\AppData\Local\Google
2014-09-22 13:42 - 2014-09-22 13:41 - 00000000 ____D () C:\Users\Ece1
2014-09-22 13:41 - 2014-09-22 13:41 - 00000020 ___SH () C:\Users\Ece1\ntuser.ini
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 _SHDL () C:\Users\Ece1\Documents\Videolarım
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 _SHDL () C:\Users\Ece1\Documents\Resimlerim
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 _SHDL () C:\Users\Ece1\Documents\Müziğim
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 _SHDL () C:\Users\Ece1\Belgelerim
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 _SHDL () C:\Users\Ece1\AppData\Roaming\Microsoft\Windows\Start Menu\Programlar
2014-09-22 13:38 - 2014-09-22 13:38 - 00133536 _____ () C:\Users\TEMP.ECE\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-22 13:38 - 2014-09-22 13:38 - 00001401 _____ () C:\Users\TEMP.ECE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-22 13:38 - 2014-09-22 13:38 - 00000020 ___SH () C:\Users\TEMP.ECE\ntuser.ini
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 _SHDL () C:\Users\TEMP.ECE\Documents\Videolarım
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 _SHDL () C:\Users\TEMP.ECE\Documents\Resimlerim
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 _SHDL () C:\Users\TEMP.ECE\Documents\Müziğim
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 _SHDL () C:\Users\TEMP.ECE\Belgelerim
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 _SHDL () C:\Users\TEMP.ECE\AppData\Roaming\Microsoft\Windows\Start Menu\Programlar
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\Zbshareware Lab
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\ProductData
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Local\Google
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 ____D () C:\Users\TEMP.ECE
2014-09-19 11:42 - 2014-09-19 11:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-09-19 11:42 - 2014-09-19 11:42 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-09-19 11:30 - 2014-02-11 14:34 - 00000000 ____D () C:\Users\user.ZEKI
2014-09-19 11:29 - 2014-09-19 11:29 - 00000000 ____D () C:\.Trash-1000
2014-09-19 08:17 - 2014-09-19 08:17 - 00490456 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-19 08:17 - 2014-09-19 08:17 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-18 14:57 - 2014-05-12 11:10 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-18 11:00 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-09-18 10:30 - 2014-09-18 10:30 - 00133536 _____ () C:\Users\user.ZEKI\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-18 10:04 - 2014-09-11 11:42 - 00000000 ____D () C:\Windows\Minidump
2014-09-18 09:54 - 2014-02-12 09:18 - 00000000 ____D () C:\Users\user.ZEKI\AppData\Local\Opera Software
2014-09-18 09:54 - 2013-11-27 10:22 - 00000000 ____D () C:\Program Files\Opera
2014-09-18 09:53 - 2014-02-12 09:18 - 00000000 ____D () C:\Users\user.ZEKI\AppData\Roaming\Opera Software
2014-09-17 10:56 - 2014-09-17 10:56 - 00846848 _____ () C:\Users\user.ZEKI\Downloads\06110413_tantingilizce.ppt
2014-09-17 10:34 - 2014-08-01 15:31 - 00000000 ____D () C:\Program Files\installAPK
2014-09-16 08:44 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-15 10:55 - 2013-11-23 12:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-15 10:36 - 2014-08-05 14:00 - 00000000 ____D () C:\Users\user.ZEKI\AppData\Local\CrashDumps
2014-09-15 09:25 - 2013-11-25 11:19 - 00000072 _____ () C:\Windows\KMSTMVM.ini
2014-09-11 15:01 - 2014-08-18 15:32 - 00002125 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-11 12:26 - 2014-02-13 14:43 - 00000000 ____D () C:\Users\user.ZEKI\AppData\Roaming\Skype
2014-09-11 09:52 - 2011-04-12 10:02 - 00658722 _____ () C:\Windows\system32\perfh01F.dat
2014-09-11 09:52 - 2011-04-12 10:02 - 00140424 _____ () C:\Windows\system32\perfc01F.dat
2014-09-11 09:52 - 2010-11-21 00:01 - 01576552 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-11 08:56 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 08:10 - 2009-07-14 07:53 - 00032590 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-10 14:30 - 2014-09-10 14:30 - 00000000 ____D () C:\Users\user.ZEKI\AppData\Roaming\InstallShield
2014-09-10 14:30 - 2014-09-10 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atheros
2014-09-10 14:30 - 2013-11-26 09:20 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-09-10 13:59 - 2014-09-08 10:54 - 00000000 ____D () C:\Users\user.ZEKI\Desktop\Bulgar
2014-09-10 12:11 - 2014-09-10 12:10 - 00000000 ____D () C:\ProgramData\Atheros
2014-09-10 12:08 - 2013-11-27 11:28 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-10 12:08 - 2013-11-23 12:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-01 10:53 - 2014-08-07 10:23 - 00000000 ____D () C:\Users\Administrator
2014-09-01 10:53 - 2014-02-11 14:35 - 00000000 ____D () C:\Users\user.ZEKI\AppData\Roaming\ProductData
2014-09-01 10:53 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-09-01 10:53 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\registration
2014-09-01 10:53 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\AppCompat
2014-08-26 11:17 - 2014-08-26 11:17 - 00000000 ____D () C:\ProgramData\IObit
Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\AskSLib.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-16 08:42
==================== End Of Log ============================
2. si de
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-09-2014 01
Ran by user at 2014-09-23 09:50:48
Running from C:\Users\TEMP.ECE\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Turkish (HKLM\...\{AC76BA86-7AD7-1055-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\{C8550AA9-484D-4B17-9526-8027D199F470}) (Version: 11.6.1.629 - Adobe System, Inc.)
BlueStacks (beta-1) (HKLM\...\{7F4E0156-C818-40C6-A43A-2BD5C62F84D2}) (Version: 0.7.0.702 - BlueStack Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.10 - Piriform)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version: 7.3.393 - Softland)
Fotoğraf Galerisi (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
GOM Player (HKLM\...\GOM Player) (Version: 2.1.28.5039 - Gretech Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
iras.exe (HKLM\...\iras.exe) (Version: - )
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jumpstart Installation Program (HKLM\...\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}) (Version: - Atheros)
Junk Mail filter update (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 2.0.713 - Kyocera Mita Corporation)
LibreOffice 4.1 Help Pack (Turkish) (HKLM\...\{6357E7AA-E0F8-4BB7-9144-FB4EC07E19C2}) (Version: 4.1.4.2 - The Document Foundation)
LibreOffice 4.1.3.2 (HKLM\...\{4F3722AD-197D-4DBB-BDFB-D2F0D6776354}) (Version: 4.1.3.2 - The Document Foundation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (TRK) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Türkçe) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1055) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 programları için Microsoft PDF veya XPS Eklentisi Olarak Kaydet (HKLM\...\{90120000-00B2-041F-0000-0000000FF1CE}) (Version: 12.0.4518.1027 - Microsoft Corporation)
Microsoft Office Access MUI (Turkish) 2007 (Version: 12.0.4518.1027 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Turkish) 2007 (Version: 12.0.4518.1027 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Turkish) 2007 (Version: 12.0.4518.1027 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Turkish) 2007 (Version: 12.0.4518.1027 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Turkish) 2007 (Version: 12.0.4518.1027 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-041F-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (Turkish) 2007 (Version: 12.0.4518.1027 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Turkish) 2007 (Version: 12.0.4518.1027 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Turkish) 2007 (Version: 12.0.4518.1027 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Turkish) 2007 (Version: 12.0.4518.1027 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Turkish) 2007 (Version: 12.0.4518.1027 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Turkish) 2007 (Version: 12.0.4518.1027 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Turkish) 2007 (Version: 12.0.4518.1027 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 tr) (HKLM\...\Mozilla Firefox 31.0 (x86 tr)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
neroxml (Version: 1.0.0 - Nero AG) Hidden
NetCut 2.1.4 (HKLM\...\NetCut_is1) (Version: - arcai.com)
OmniPage SE (HKLM\...\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}) (Version: 2.00.0004 - ScanSoft, Inc.)
OpenOffice 4.1.0 (HKLM\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
Photo Common (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
REALTEK RTL8187 Wireless LAN Driver and Utility (HKLM\...\{BE686891-3C56-4714-AFEF-341A7867BA80}) (Version: Package:1.00.0023 Driver:6.1313.613.2008 UI:500.1510.1203.2007 - REALTEK Semiconductor Corp.)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
StarBoard Contents (Version: 9.34 - Hitachi Solutions, Ltd.) Hidden
StarBoard Document Capture (Version: 8.2 - Hitachi Software Engineering Co., Ltd.) Hidden
StarBoard Driver (Version: 9.33.0000 - Hitachi Solutions, Ltd.) Hidden
StarBoard Software (Version: 9.3.4 - Hitachi Solutions, Ltd.) Hidden
StarBoard Software for Fatih 1.1 (HKLM\...\{08D48CA8-4653-4630-8446-0366763CFD54}) (Version: 1.1.0 - Hitachi Solutions, Ltd.)
System Requirements Lab for Intel (HKLM\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
Ubuntu (HKLM\...\Wubi) (Version: 12.04.3-rev279 - Ubuntu)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version: - Microsoft)
USB Disk Security (HKLM\...\USB Disk Security_is1) (Version: - Zbshareware Lab)
Winamp Pro 6.5.1.3133 (HKLM\...\{3B17534F-6B8D-4A41-B72D-E634F14F0F58}) (Version: 6.5.1.3133 - Dante_Imp)
Windows Live (HKLM\...\{35062638-6676-4525-909D-916C53636143}) (Version: 1.0.0.0 - Dante_Imp)
Windows Live Communications Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Temel Parçalar (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
22-09-2014 10:48:01 Installed Jumpstart Installation Program
23-09-2014 05:09:21 Installed Jumpstart Installation Program
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 05:04 - 2009-06-11 00:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1E0EDB2F-A5FF-4C1A-97C1-8DB96BF54A40} - System32\Tasks\{EE7A227D-2070-4474-A00B-1971E2FAF659} => c:\program files\opera\launcher.exe
Task: {3F6A04A3-538F-420A-BB2F-67A79C518057} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe
Task: {73C222E1-2B7B-4362-9600-45F54A2610E9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-08-18] (Google Inc.)
Task: {80BE577E-1025-4A88-963B-4573B1C13E75} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {A1674E79-12D2-4F67-A324-748F78ADBB72} - System32\Tasks\AmiUpdXp => C:\Users\user.ZEKI\AppData\Local\20512\a2158.exe <==== ATTENTION
Task: {B3BC1D3B-CCC2-40B3-9DFE-B08BFD8C4A4B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-08-18] (Google Inc.)
Task: {E8840DBE-A55D-45D8-9C81-F02E9FA18E21} - System32\Tasks\{784FB22C-7E36-49AB-A32E-B826D00BF082} => c:\program files\opera\launcher.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-07-24 23:25 - 2014-07-24 23:25 - 00151040 _____ () C:\Program Files\569B28CA-75D1-4EA2-9778-830E01DBBC88\cnfygfszki.exe
2014-07-24 23:25 - 2014-07-24 23:25 - 00102400 _____ () C:\Program Files\569B28CA-75D1-4EA2-9778-830E01DBBC88\nfapi.dll
2014-07-24 23:25 - 2014-07-24 23:25 - 00323584 _____ () C:\Program Files\569B28CA-75D1-4EA2-9778-830E01DBBC88\ProtocolFilters.dll
2014-07-31 16:27 - 2014-07-31 16:27 - 00543232 _____ () C:\Program Files\005\jxbalvtmyz32.exe
2014-02-10 09:38 - 2006-10-26 23:30 - 00131072 _____ () C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\EnumDevLib.dll
2013-11-23 12:05 - 2011-05-28 23:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2014-07-01 13:55 - 2006-09-21 13:59 - 00389120 _____ () C:\Windows\system32\actskn43.ocx
2006-10-26 13:56 - 2006-10-26 13:56 - 00757008 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2014-09-11 15:00 - 2014-09-04 06:01 - 08577864 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-11 15:00 - 2014-09-04 06:01 - 00331592 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-11 15:00 - 2014-09-04 06:01 - 01660232 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
2014-09-11 15:00 - 2014-09-04 06:01 - 14891848 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll
2014-09-22 14:27 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\TEMP.ECE\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-09-22 14:27 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\TEMP.ECE\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: c2cpnrsvc => 2
MSCONFIG\startupreg: jswtrayutil => "C:\Program Files\Jumpstart\jswtrayutil.exe"
MSCONFIG\startupreg: OpwareSE2 => "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
MSCONFIG\startupreg: StarBoardDriver => "C:\Program Files\Hitachi Software Engineering\StarBoard Driver\DGBoard.exe"
MSCONFIG\startupreg: StarBoardPrintListener => "C:\Program Files\HitachiSoft\StarBoard Software\win32\release\starboardprintlistener.exe"
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tünel Bağdaştırıcısı
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: PS/2 Uyumlu Fare
Description: PS/2 Uyumlu Fare
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Standart PS/2 Klavye
Description: Standart PS/2 Klavye
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standart klavyeler)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/23/2014 09:26:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: netcut.exe programının 2.0.6.0 sürümü, Windows ile birlikte çalışmayı durdurdu ve kapatıldı. Sorun hakkında daha fazla bilgi olup olmadığını görmek için Eylem Merkezi denetim masasında sorunun geçmişini denetleyin.
İşlem Kimlik No: c9c
Başlatma Saati: 01cfd6f4c23f0771
Sona Erdirme Saati: 40
Uygulama Yolu: C:\Program Files\netcut\netcut.exe
Rapor Kimliği: 77a43d1b-42ea-11e4-a9e5-003005d15131
Error: (09/23/2014 09:09:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/23/2014 08:09:21 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Birim Gölge Kopya Hizmeti hatası: IVssWriterCallback arabirimi sorgulanırken hata oluştu. hr = 0x80070005, Erişim engellendi.
.
Bu duruma genellikle yazan veya istekte bulunan işlemdeki yanlış güvenlik ayarları neden olur.
İşlem:
Yazıcı Verileri Toplanıyor
Bağlam:
Yazıcı Sınıf Kimliği: {e8132975-6f93-4464-a53e-1050253ae220}
Yazıcı Adı: System Writer
Yazıcı Örnek Kimliği: {6c854d31-d7ca-4839-97e4-3ad14451cb74}
Error: (09/23/2014 08:08:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/22/2014 03:31:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Hatalı uygulama adı: netcut.exe, sürüm: 2.0.6.0, zaman damgası: 0x4e53beba
Hatalı modül adı: netcut.exe, sürüm: 2.0.6.0, zaman damgası: 0x4e53beba
Özel durum kodu: 0xc0000005
Hata uzaklığı 0x00020ff8
Hatalı işlem kimliği: 0x16a0
Uygulama başlangıç zamanı: 0xnetcut.exe0
Hatalı uygulama yolu: netcut.exe1
Hatalı modül yolu: netcut.exe2
Rapor kimliği: netcut.exe3
Error: (09/22/2014 02:59:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: netcut.exe programının 2.0.6.0 sürümü, Windows ile birlikte çalışmayı durdurdu ve kapatıldı. Sorun hakkında daha fazla bilgi olup olmadığını görmek için Eylem Merkezi denetim masasında sorunun geçmişini denetleyin.
İşlem Kimlik No: 144
Başlatma Saati: 01cfd657cf5fb8ad
Sona Erdirme Saati: 80
Uygulama Yolu: C:\Program Files\netcut\netcut.exe
Rapor Kimliği: d96de13f-424f-11e4-a5e7-003005d15131
Error: (09/22/2014 01:48:01 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Birim Gölge Kopyası Hizmeti hatası: ConvertStringSidToSid(S-1-5-21-1686586300-1644319395-1546198616-1000.bak) yordamı çağrılırken beklenmeyen hata. hr = 0x80070539, Güvenlik kimliği yapısı geçersiz.
.
İşlem:
OnIdentify olayı
Yazıcı Verileri Toplanıyor
Bağlam:
Yürütme İçeriği: Shadow Copy Optimization Writer
Yazıcı Sınıf Kimliği: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Yazıcı Adı: Shadow Copy Optimization Writer
Yazıcı Örnek Kimliği: {2d1f1c5f-5932-4bbd-a5e3-ff2e17aa4f29}
Error: (09/22/2014 01:48:00 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Birim Gölge Kopyası Hizmeti hatası: ConvertStringSidToSid(S-1-5-21-1686586300-1644319395-1546198616-1000.bak) yordamı çağrılırken beklenmeyen hata. hr = 0x80070539, Güvenlik kimliği yapısı geçersiz.
.
İşlem:
OnIdentify olayı
Yazıcı Verileri Toplanıyor
Bağlam:
Yürütme İçeriği: Shadow Copy Optimization Writer
Yazıcı Sınıf Kimliği: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Yazıcı Adı: Shadow Copy Optimization Writer
Yazıcı Örnek Kimliği: {2d1f1c5f-5932-4bbd-a5e3-ff2e17aa4f29}
Error: (09/22/2014 01:48:00 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Birim Gölge Kopya Hizmeti hatası: IVssWriterCallback arabirimi sorgulanırken hata oluştu. hr = 0x80070005, Erişim engellendi.
.
Bu duruma genellikle yazan veya istekte bulunan işlemdeki yanlış güvenlik ayarları neden olur.
İşlem:
Yazıcı Verileri Toplanıyor
Bağlam:
Yazıcı Sınıf Kimliği: {e8132975-6f93-4464-a53e-1050253ae220}
Yazıcı Adı: System Writer
Yazıcı Örnek Kimliği: {d0ecff93-adc2-49e9-b1ac-15d2612681f7}
Error: (09/22/2014 01:42:06 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (3196) WindowsMail0: Yedekleme, istemci tarafından sonlandırılmış olduğundan veya istemciyle olan bağlantı kesildiğinden durduruldu.
System errors:
=============
Error: (09/23/2014 09:09:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: LiveUpdate hizmeti beklenmeyen bir şekilde sonlandırıldı. Bu durum 1 defa oluştu.
Error: (09/23/2014 09:07:38 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: Diskteki dosya sistemi yapısı bozuk ve kullanılamaz durumda.
C: birimindeki chkdsk yardımcı programını çalıştırın.
Error: (09/23/2014 09:07:38 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Net Service Event Handler hizmeti şu hata nedeniyle başlatılamadı:
%%2
Error: (09/23/2014 09:06:51 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: Diskteki dosya sistemi yapısı bozuk ve kullanılamaz durumda.
C: birimindeki chkdsk yardımcı programını çalıştırın.
Error: (09/23/2014 09:06:51 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: Diskteki dosya sistemi yapısı bozuk ve kullanılamaz durumda.
C: birimindeki chkdsk yardımcı programını çalıştırın.
Error: (09/23/2014 09:06:40 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (09/23/2014 08:08:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: LiveUpdate hizmeti beklenmeyen bir şekilde sonlandırıldı. Bu durum 1 defa oluştu.
Error: (09/23/2014 08:07:01 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: Diskteki dosya sistemi yapısı bozuk ve kullanılamaz durumda.
C: birimindeki chkdsk yardımcı programını çalıştırın.
Error: (09/23/2014 08:07:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Net Service Event Handler hizmeti şu hata nedeniyle başlatılamadı:
%%2
Error: (09/22/2014 03:45:15 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Diskteki dosya sistemi yapısı bozuk ve kullanılamaz durumda.
C: birimindeki chkdsk yardımcı programını çalıştırın.
Microsoft Office Sessions:
=========================
Error: (03/28/2014 11:09:39 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 47 seconds with 0 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Processor: Intel(R) Celeron(R) D CPU 3.33GHz
Percentage of memory in use: 54%
Total physical RAM: 3062.55 MB
Available physical RAM: 1402.84 MB
Total Pagefile: 6123.4 MB
Available Pagefile: 4497.76 MB
Total Virtual: 2047.88 MB
Available Virtual: 1892.98 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:39.32 GB) (Free:12.92 GB) NTFS
Drive d: (depo) (Fixed) (Total:35.11 GB) (Free:20.66 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 2C1CFD0A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=39.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=35.1 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Alıntıları Göster
- Lollipop gibi abidik gubidik isimli bir programı sildim program ekle/kaldırdan.
- Loader32.exe ve Loader64.exe isimli birşeyler gördüm görev yöneticisinde. Önce sonlardırıp sonra program filesta bu mereti bulup sildim.
- Regedite girip "tollbah" diye aratıp bu meretle ilgili birşeyleri sildim.
- SpyHunter 4 ile pcyi taratıp yaklaşık 150-160 kadar tehditi silerek işimi bitirdim.
-
Loglarınızda çok zararlı gözüküyor. İnceledikten sonra yazacağım.quote:
Orijinalden alıntı: DgnByz
3gün önce arkadaşımın pcsini temizledim, sildiğim reklamcılardan biri de buydu.Hatırladığım kadarıyla anlatayım yaptıklarımı;
- Lollipop gibi abidik gubidik isimli bir programı sildim program ekle/kaldırdan.
- Loader32.exe ve Loader64.exe isimli birşeyler gördüm görev yöneticisinde. Önce sonlardırıp sonra program filesta bu mereti bulup sildim.
- Regedite girip "tollbah" diye aratıp bu meretle ilgili birşeyleri sildim.
- SpyHunter 4 ile pcyi taratıp yaklaşık 150-160 kadar tehditi silerek işimi bitirdim.
Alıntıları Göster
-
Teşekkür ederim.quote:
Orijinalden alıntı: Malware Removal
Loglarınızda çok zararlı gözüküyor. İnceledikten sonra yazacağım.
Alıntıları Göster -
Farbar recovery scanner tool yazılımını yönetici olarak açın.quote:
Orijinalden alıntı: atiranda
Teşekkür ederim.
Alıntıları Göster
Altta verdiğim adresteki bilgileri bir not defteri içerisine kopyalayıp yapıştırın.
http://pastebin.com/byNREnK1
Dosya adı fixlist , dosya tipi tüm dosyalar olarak masaüstüne kaydedin.
Aktif güvenlik yazılımlarınızı ve diğer dosya ve klasörlerinizi kapatın.
Fix butonuna basın.
Çıkan sonuç Logu paylaşın. İşlemler devam edecek.
Not: İOBit yazılımlarının hiçbirini kullanmamanızı tavsiye derim.
< Bu mesaj bu kişi tarafından değiştirildi Malware Removal -- 23 Eylül 2014; 16:26:36 >
-
@kızgın güneş,quote:
Orijinalden alıntı: Malware Removal
Farbar recovery scanner tool yazılımını yönetici olarak açın.
Altta verdiğim adresteki bilgileri bir not defteri içerisine kopyalayıp yapıştırın.
http://pastebin.com/byNREnK1
Dosya adı fixlist , dosya tipi tüm dosyalar olarak masaüstüne kaydedin.
Aktif güvenlik yazılımlarınızı ve diğer dosya ve klasörlerinizi kapatın.
Fix butonuna basın.
Çıkan sonuç Logu paylaşın. İşlemler devam edecek.
Not: İOBit yazılımlarının hiçbirini kullanmamanızı tavsiye derim.
Alıntıları Göster
verdiğiniz siteye giremiyorum. Şöyle bir uyarı veriyor.
Bu internet sitesi (pastebin.com) hakkında Ankara CBS'nin 08/03/2012 tarih ve.... Telekominikasyon İletişim Başkanlığı tarafından KORUMA TEDBİRİ uygulanmaktadır.
< Bu mesaj bu kişi tarafından değiştirildi atiranda -- 24 Eylül 2014; 9:18:53 >
-
Bu uyarıyı anlamak zor. Dünyanın en iyi Upload sitelerinden birisidir. Sanırım sizin sistem ayarları ile ilgilidir. Herneyse.quote:
Orijinalden alıntı: atiranda
@kızgın güneş,
verdiğiniz siteye giremiyorum. Şöyle bir uyarı veriyor.
Bu internet sitesi (pastebin.com) hakkında Ankara CBS'nin 08/03/2012 tarih ve.... Telekominikasyon İletişim Başkanlığı tarafından KORUMA TEDBİRİ uygulanmaktadır.
Alıntıları Göster
Buraya bakın.
-
quote:
Orijinalden alıntı: Malware Removal
Bu uyarıyı anlamak zor. Dünyanın en iyi Upload sitelerinden birisidir. Sanırım sizin sistem ayarları ile ilgilidir. Herneyse.
Buraya bakın.
Alıntıları GösterScan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-09-2014
Ran by user (administrator) on ECE on 25-09-2014 08:35:10
Running from C:\Users\TEMP.ECE\Desktop
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Türkçe (Türkiye)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Arcai.com) C:\Program Files\netcut\services\aips.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Atheros Communications, Inc.) C:\Program Files\Jumpstart\jswpbapi.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
(Realtek) C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe
(Realtek Semiconductor Corp.) C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe
(Zbshareware Lab) C:\Program Files\USB Disk Security\USBGuard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Arcai.com) C:\Program Files\netcut\netcut.exe
(Atheros Communications, Inc.) C:\Program Files\Jumpstart\jswtrayutil.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
() C:\Program Files\Google\Update\Install\{65DCA794-CD1B-4706-AEB2-CEBFF263BCA4}\37.0.2062.124_37.0.2062.120_chrome_updater.exe
(Google Inc.) C:\Windows\Temp\CR_95CA0.tmp\setup.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [USB Security] => C:\Program Files\USB Disk Security\USBGuard.exe [623520 2011-01-31] (Zbshareware Lab)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [AGSServer] => C:\AGSoft\AGSserver.exe
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [jswtrayutil] => C:\Program Files\Jumpstart\jswtrayutil.exe [528384 2008-09-26] (Atheros Communications, Inc.)
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: ExplorerEx -> {E056AFDD-03E9-4D73-8D33-8FCCBCA73438} => No File
BootExecute:
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exehttp://istart.webssearches.com/?type=sc&ts=1406813021&from=amt&uid=SAMSUNGXHD080HJ_S08EJ1TLB06440
SearchScopes: HKLM - DefaultScope {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL =
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =http://istart.webssearches.com/web/?type=ds&ts=1406813021&from=amt&uid=SAMSUNGXHD080HJ_S08EJ1TLB06440&q={searchTerms}
SearchScopes: HKLM - {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Reader Bağı Yardımı -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Mercan Programlar Toolbar -> {b475cfd8-45d8-4905-b319-ad995327abeb} -> C:\Program Files\Mercan_Programlar\tbMer0.dll No File
BHO: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: AllDaySavings -> {fbdff406-2c4c-5d35-8469-34bb67ea3353} -> C:\Program Files\569B28CA-75D1-4EA2-9778-830E01DBBC88\kzhxnitccw.dll No File
Toolbar: HKLM - Mercan Programlar Toolbar - {b475cfd8-45d8-4905-b319-ad995327abeb} - C:\Program Files\Mercan_Programlar\tbMer0.dll No File
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA}http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\TEMP.ECE\AppData\Roaming\Mozilla\Firefox\Profiles\yyxrht0w.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\portalsepeti.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\webssearches.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yandex-tr.xml
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\user.ZEKI\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\faststartff@gmail.com
Chrome:
=======
CHR CustomProfile: C:\Users\TEMP.ECE\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Users\TEMP.ECE\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj [2014-09-22]
CHR Extension: (Domain Error Assistant) - C:\Users\TEMP.ECE\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj [2014-09-22]
CHR Extension: (Slick Savings) - C:\Users\TEMP.ECE\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2014-09-22]
CHR Extension: (Google Wallet) - C:\Users\TEMP.ECE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-22]
CHR Extension: (Amazon Shopping Assistant by Spigot) - C:\Users\TEMP.ECE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp [2014-09-22]
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2013-12-27]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\user\AppData\Local\Slick Savings\coupons.crx [2014-01-20]
CHR HKLM\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx [2014-01-20]
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AIPS; C:\Program Files\netcut\services\AIPS.exe [262144 2011-07-28] (Arcai.com) [File not signed]
S3 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [397664 2012-05-08] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [385376 2012-05-08] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [694784 2014-07-31] (Cherished Technololgy LIMITED) [File not signed]
R2 jswpbapi; C:\Program Files\Jumpstart\jswpbapi.exe [188416 2008-09-26] (Atheros Communications, Inc.) [File not signed]
S3 jswpsapi; C:\Program Files\Jumpstart\jswpsapi.exe [954368 2008-09-26] (Atheros Communications, Inc.) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [5857128 2014-07-28] (Reimage®)
R2 RtlService; C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe [36864 2007-07-27] (Realtek) [File not signed]
S2 AllDaySavingsService; C:\Program Files\569B28CA-75D1-4EA2-9778-830E01DBBC88\cnfygfszki.exe [X]
S2 jxbalvtmyz32; C:\Program Files\005\jxbalvtmyz32.exe run options=01100010050000000000000000000000 sourceguid=569B28CA-75D1-4EA2-9778-830E01DBBC88 [X]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S2 Sed; C:\Users\user.ZEKI\AppData\Roaming\ntsvc\ntsvc.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [66912 2012-05-08] (BlueStack Systems)
R2 DgiVecp; C:\Windows\System32\Drivers\DgiVecp.sys [41984 2004-05-17] (DeviceGuys, Inc.) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R1 MpKslda461b6d; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{221E30B6-4DF9-4986-854C-EF815DDB687A}\MpKslda461b6d.sys [39464 2014-09-25] (Microsoft Corporation)
R1 netfilter; C:\Windows\System32\drivers\netfilter.sys [31744 2014-07-31] (NetFilterSDK.com) [File not signed]
R2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
R0 oem-drv86; C:\Windows\System32\DRIVERS\oem-drv86.sys [28160 2014-09-25] (secr9tos) [File not signed]
S3 RTL8187; C:\Windows\System32\DRIVERS\RTL8187.sys [335872 2012-05-11] (Realtek Semiconductor Corporation )
R1 RtlProt; C:\Windows\System32\DRIVERS\rtlprot.sys [25896 2007-04-23] (Windows (R) Codename Longhorn DDK provider)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-03-07] ()
S3 esgiguard; No ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-25 08:34 - 2014-09-25 08:34 - 00000000 ____D () C:\Users\TEMP.ECE\Desktop\FRST-OlderVersion
2014-09-25 08:33 - 2014-09-25 08:33 - 00000027 _____ () C:\Users\TEMP.ECE\Desktop\fixlist.txt
2014-09-24 13:35 - 2014-09-24 13:35 - 00000218 _____ () C:\Users\TEMP.ECE\.recently-used.xbel
2014-09-24 13:04 - 2014-09-24 13:01 - 952295424 _____ () C:\Users\TEMP.ECE\Desktop\tails-i386-1.1.1.iso
2014-09-24 11:52 - 2014-09-24 13:01 - 952295424 _____ () C:\Users\TEMP.ECE\Downloads\tails-i386-1.1.1.iso
2014-09-24 11:39 - 2014-09-24 11:33 - 00000801 _____ () C:\Users\TEMP.ECE\Desktop\tails-i386-1.1.1.iso.sig
2014-09-24 11:14 - 2014-09-24 11:14 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\live-usb-install
2014-09-24 10:12 - 2014-09-24 16:46 - 00000000 ____D () C:\Users\TEMP.ECE\Desktop\USB
2014-09-24 08:48 - 2014-09-24 08:48 - 00000000 ____D () C:\sh4ldr
2014-09-24 08:47 - 2014-09-24 15:55 - 00000000 ____D () C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2014-09-24 08:43 - 2014-09-24 15:54 - 00000000 ____D () C:\Users\TEMP.ECE\Desktop\SpyHntr.4.16.5.4290.WT
2014-09-24 08:36 - 2014-09-25 08:25 - 00002700 _____ () C:\Windows\WindowsUpdate.log
2014-09-24 08:35 - 2014-09-25 08:29 - 00000224 _____ () C:\Windows\setupact.log
2014-09-24 08:35 - 2014-09-24 08:35 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-24 08:17 - 2014-09-24 15:54 - 00000000 ____D () C:\Users\TEMP.ECE\Desktop\Spy
2014-09-23 13:48 - 2014-09-23 15:49 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\Skype
2014-09-23 13:48 - 2014-09-23 13:48 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Local\Skype
2014-09-23 13:35 - 2014-09-23 13:35 - 00000000 _____ () C:\autoexec.bat
2014-09-23 13:33 - 2014-09-23 13:33 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-09-23 12:53 - 2014-09-23 12:54 - 00392720 _____ () C:\Users\TEMP.ECE\Downloads\SpyHunter Full 4.17.6.4336 Tam indir__6666_i1334476297_il277965.exe
2014-09-23 11:12 - 2014-09-23 11:12 - 00570032 _____ () C:\Users\TEMP.ECE\Downloads\WifiKill For PC.exe
2014-09-23 11:05 - 2014-09-23 11:07 - 00000000 ____D () C:\ProgramData\Reimage Protector
2014-09-23 11:04 - 2014-09-24 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2014-09-23 11:04 - 2014-09-23 11:04 - 00002058 _____ () C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2014-09-23 11:02 - 2014-09-23 11:21 - 00000000 ____D () C:\rei
2014-09-23 11:02 - 2014-09-23 11:07 - 00000000 ____D () C:\Program Files\Reimage
2014-09-23 11:00 - 2014-09-23 11:55 - 00000120 _____ () C:\Windows\Reimage.ini
2014-09-23 10:58 - 2014-09-23 10:59 - 00853960 _____ (Reimage®) C:\Users\TEMP.ECE\Downloads\ReimageRepair.exe
2014-09-23 10:32 - 2014-09-23 10:32 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft Wireless Network Watcher
2014-09-23 10:32 - 2014-09-23 10:32 - 00000000 ____D () C:\Program Files\NirSoft
2014-09-23 10:30 - 2014-09-23 10:31 - 00304408 _____ () C:\Users\TEMP.ECE\Downloads\wnetwatcher_setup.exe
2014-09-23 09:50 - 2014-09-23 09:53 - 00025652 _____ () C:\Users\TEMP.ECE\Desktop\Addition.txt
2014-09-23 09:49 - 2014-09-25 08:35 - 00014155 _____ () C:\Users\TEMP.ECE\Desktop\FRST.txt
2014-09-23 09:49 - 2014-09-25 08:35 - 00000000 ____D () C:\FRST
2014-09-23 09:48 - 2014-09-25 08:34 - 01098240 _____ (Farbar) C:\Users\TEMP.ECE\Desktop\FRST.exe
2014-09-23 09:47 - 2014-09-23 09:47 - 01097728 _____ (Farbar) C:\Users\TEMP.ECE\Downloads\FRST.exe
2014-09-23 09:04 - 2014-09-24 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\arcai.com
2014-09-23 09:04 - 2014-09-23 09:04 - 00000941 _____ () C:\Users\TEMP.ECE\Desktop\netcut.lnk
2014-09-23 09:04 - 2014-09-23 09:04 - 00000046 _____ () C:\Users\TEMP.ECE\Desktop\netcut support.url
2014-09-23 08:37 - 2014-09-23 08:36 - 01748153 _____ (arcai.com ) C:\Users\TEMP.ECE\Desktop\netcut (1).exe
2014-09-23 08:34 - 2014-09-23 08:36 - 01748153 _____ (arcai.com ) C:\Users\TEMP.ECE\Downloads\netcut (1).exe
2014-09-23 08:09 - 2014-09-23 08:09 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\WinRAR
2014-09-23 08:09 - 2014-09-23 08:09 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\InstallShield
2014-09-23 08:08 - 2014-09-23 08:08 - 00000363 _____ () C:\Users\TEMP.ECE\Desktop\Bilgisayar - Kısayol.lnk
2014-09-23 08:08 - 2014-02-14 11:46 - 00000757 _____ () C:\Users\TEMP.ECE\Desktop\Yedek 22.11.2013 - Kısayol.lnk
2014-09-22 15:31 - 2014-09-23 10:55 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Local\CrashDumps
2014-09-22 14:43 - 2014-09-22 14:43 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\Macromedia
2014-09-22 14:43 - 2014-09-22 14:43 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\Adobe
2014-09-22 14:43 - 2014-09-22 14:43 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Local\Macromedia
2014-09-22 14:40 - 2014-09-22 14:40 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\Mozilla
2014-09-22 14:40 - 2014-09-22 14:40 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Local\Mozilla
2014-09-22 14:40 - 2014-09-22 14:40 - 00000000 ____D () C:\Mozilla
2014-09-22 13:50 - 2014-09-22 13:50 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\Macromedia
2014-09-22 13:47 - 2014-09-22 13:47 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\InstallShield
2014-09-22 13:46 - 2014-09-24 15:54 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\GRETECH
2014-09-22 13:46 - 2014-09-22 13:46 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\Adobe
2014-09-22 13:46 - 2014-09-22 13:46 - 00000000 ____D () C:\Users\Ece1\AppData\Local\Adobe
2014-09-22 13:45 - 2014-09-22 13:45 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\WinRAR
2014-09-22 13:44 - 2014-09-22 13:44 - 00000363 _____ () C:\Users\Ece1\Desktop\Bilgisayar - Kısayol.lnk
2014-09-22 13:44 - 2014-02-14 11:46 - 00000757 _____ () C:\Users\Ece1\Desktop\Yedek 22.11.2013 - Kısayol.lnk
2014-09-22 13:42 - 2014-09-24 15:54 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\Zbshareware Lab
2014-09-22 13:42 - 2014-09-24 15:53 - 00000000 ____D () C:\Users\Ece1\AppData\Local\Google
2014-09-22 13:42 - 2014-09-22 13:42 - 00133536 _____ () C:\Users\Ece1\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-22 13:42 - 2014-09-22 13:42 - 00001401 _____ () C:\Users\Ece1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-22 13:41 - 2014-09-24 15:54 - 00000000 ___RD () C:\Users\Ece1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-22 13:41 - 2014-09-24 15:54 - 00000000 ___RD () C:\Users\Ece1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-22 13:41 - 2014-09-24 15:54 - 00000000 ____D () C:\Users\Ece1
2014-09-22 13:41 - 2014-09-22 13:41 - 00000020 ___SH () C:\Users\Ece1\ntuser.ini
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 _SHDL () C:\Users\Ece1\Documents\Videolarım
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 _SHDL () C:\Users\Ece1\Documents\Resimlerim
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 _SHDL () C:\Users\Ece1\Documents\Müziğim
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 _SHDL () C:\Users\Ece1\Belgelerim
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 _SHDL () C:\Users\Ece1\AppData\Roaming\Microsoft\Windows\Start Menu\Programlar
2014-09-22 13:41 - 2014-06-04 12:34 - 00002036 _____ () C:\Users\Ece1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-09-22 13:38 - 2014-09-24 15:56 - 00000000 ____D () C:\Users\TEMP.ECE
2014-09-22 13:38 - 2014-09-22 13:38 - 00133536 _____ () C:\Users\TEMP.ECE\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-22 13:38 - 2014-09-22 13:38 - 00001401 _____ () C:\Users\TEMP.ECE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-22 13:38 - 2014-09-22 13:38 - 00000020 ___SH () C:\Users\TEMP.ECE\ntuser.ini
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 _SHDL () C:\Users\TEMP.ECE\Documents\Videolarım
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 _SHDL () C:\Users\TEMP.ECE\Documents\Resimlerim
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 _SHDL () C:\Users\TEMP.ECE\Documents\Müziğim
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 _SHDL () C:\Users\TEMP.ECE\Belgelerim
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 _SHDL () C:\Users\TEMP.ECE\AppData\Roaming\Microsoft\Windows\Start Menu\Programlar
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\Zbshareware Lab
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\ProductData
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Local\Google
2014-09-22 13:38 - 2014-06-04 12:34 - 00002036 _____ () C:\Users\TEMP.ECE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-09-22 13:38 - 2009-07-14 07:42 - 00000000 ___RD () C:\Users\TEMP.ECE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-22 13:38 - 2009-07-14 07:37 - 00000000 ___RD () C:\Users\TEMP.ECE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-19 11:42 - 2014-09-19 11:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-09-19 11:42 - 2014-09-19 11:42 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-09-19 08:17 - 2014-09-19 08:17 - 00490456 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-18 10:30 - 2014-09-18 10:30 - 00133536 _____ () C:\Users\user.ZEKI\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-17 10:56 - 2014-09-17 10:56 - 00846848 _____ () C:\Users\user.ZEKI\Downloads\06110413_tantingilizce.ppt
2014-09-11 11:42 - 2014-09-18 10:04 - 00000000 ____D () C:\Windows\Minidump
2014-09-10 14:30 - 2014-09-24 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atheros
2014-09-10 14:30 - 2014-09-23 08:09 - 00000922 _____ () C:\Users\Public\Desktop\Jumpstart.lnk
2014-09-10 14:30 - 2014-09-10 14:30 - 00000000 ____D () C:\Users\user.ZEKI\AppData\Roaming\InstallShield
2014-09-10 14:29 - 2014-01-14 13:20 - 01682432 _____ (CasaTech Inc.) C:\Users\user.ZEKI\Desktop\Dumpper v4.exe
2014-09-10 12:56 - 2008-05-15 03:28 - 00020384 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\jswpslwf.sys
2014-09-10 12:11 - 2014-09-23 08:09 - 00000000 ____D () C:\Program Files\Jumpstart
2014-09-10 12:10 - 2014-09-10 12:11 - 00000000 ____D () C:\ProgramData\Atheros
2014-09-08 10:54 - 2014-09-10 13:59 - 00000000 ____D () C:\Users\user.ZEKI\Desktop\Bulgar
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-25 08:35 - 2014-09-23 09:49 - 00014155 _____ () C:\Users\TEMP.ECE\Desktop\FRST.txt
2014-09-25 08:35 - 2014-09-23 09:49 - 00000000 ____D () C:\FRST
2014-09-25 08:34 - 2014-09-25 08:34 - 00000000 ____D () C:\Users\TEMP.ECE\Desktop\FRST-OlderVersion
2014-09-25 08:34 - 2014-09-23 09:48 - 01098240 _____ (Farbar) C:\Users\TEMP.ECE\Desktop\FRST.exe
2014-09-25 08:33 - 2014-09-25 08:33 - 00000027 _____ () C:\Users\TEMP.ECE\Desktop\fixlist.txt
2014-09-25 08:33 - 2014-08-18 15:28 - 00001004 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-25 08:29 - 2014-09-24 08:35 - 00000224 _____ () C:\Windows\setupact.log
2014-09-25 08:29 - 2014-08-18 15:28 - 00001000 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-25 08:29 - 2009-07-14 07:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-25 08:28 - 2013-11-22 19:56 - 00028160 _____ (secr9tos) C:\Windows\system32\Drivers\oem-drv86.sys
2014-09-25 08:25 - 2014-09-24 08:36 - 00002700 _____ () C:\Windows\WindowsUpdate.log
2014-09-25 08:21 - 2009-07-14 07:34 - 00029200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-25 08:21 - 2009-07-14 07:34 - 00029200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-24 16:46 - 2014-09-24 10:12 - 00000000 ____D () C:\Users\TEMP.ECE\Desktop\USB
2014-09-24 15:57 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-24 15:56 - 2014-09-22 13:38 - 00000000 ____D () C:\Users\TEMP.ECE
2014-09-24 15:55 - 2014-09-24 08:47 - 00000000 ____D () C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2014-09-24 15:55 - 2014-05-05 12:04 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-09-24 15:55 - 2013-12-12 10:37 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.1
2014-09-24 15:55 - 2013-11-23 12:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-09-24 15:55 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-09-24 15:54 - 2014-09-24 08:43 - 00000000 ____D () C:\Users\TEMP.ECE\Desktop\SpyHntr.4.16.5.4290.WT
2014-09-24 15:54 - 2014-09-24 08:17 - 00000000 ____D () C:\Users\TEMP.ECE\Desktop\Spy
2014-09-24 15:54 - 2014-09-23 11:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2014-09-24 15:54 - 2014-09-23 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\arcai.com
2014-09-24 15:54 - 2014-09-22 13:46 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\GRETECH
2014-09-24 15:54 - 2014-09-22 13:42 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\Zbshareware Lab
2014-09-24 15:54 - 2014-09-22 13:41 - 00000000 ___RD () C:\Users\Ece1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-24 15:54 - 2014-09-22 13:41 - 00000000 ___RD () C:\Users\Ece1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-24 15:54 - 2014-09-22 13:41 - 00000000 ____D () C:\Users\Ece1
2014-09-24 15:54 - 2014-09-10 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atheros
2014-09-24 15:54 - 2014-08-18 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-24 15:54 - 2014-08-07 10:23 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Zbshareware Lab
2014-09-24 15:54 - 2014-08-07 10:23 - 00000000 ____D () C:\Users\Administrator
2014-09-24 15:54 - 2014-07-23 09:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-24 15:54 - 2014-07-01 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2014-09-24 15:54 - 2014-06-04 12:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-09-24 15:54 - 2014-05-12 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iras.exe
2014-09-24 15:54 - 2014-05-12 10:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-24 15:54 - 2014-03-03 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-09-24 15:54 - 2014-02-10 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REALTEK RTL8187 Wireless LAN Utility
2014-09-24 15:54 - 2014-01-30 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\doPDF 7
2014-09-24 15:54 - 2013-11-26 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSoft OmniPage SE 2.0
2014-09-24 15:54 - 2013-11-25 11:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kyocera
2014-09-24 15:54 - 2013-11-23 12:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-24 15:54 - 2013-11-23 12:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Disk Security
2014-09-24 15:54 - 2013-11-23 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
2014-09-24 15:54 - 2013-11-23 12:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-24 15:54 - 2013-11-23 12:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-24 15:54 - 2009-07-14 07:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-24 15:54 - 2009-07-14 05:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-24 15:54 - 2009-07-14 05:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-24 15:54 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\registration
2014-09-24 15:53 - 2014-09-22 13:42 - 00000000 ____D () C:\Users\Ece1\AppData\Local\Google
2014-09-24 15:34 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-09-24 13:35 - 2014-09-24 13:35 - 00000218 _____ () C:\Users\TEMP.ECE\.recently-used.xbel
2014-09-24 13:01 - 2014-09-24 13:04 - 952295424 _____ () C:\Users\TEMP.ECE\Desktop\tails-i386-1.1.1.iso
2014-09-24 13:01 - 2014-09-24 11:52 - 952295424 _____ () C:\Users\TEMP.ECE\Downloads\tails-i386-1.1.1.iso
2014-09-24 11:33 - 2014-09-24 11:39 - 00000801 _____ () C:\Users\TEMP.ECE\Desktop\tails-i386-1.1.1.iso.sig
2014-09-24 11:14 - 2014-09-24 11:14 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\live-usb-install
2014-09-24 08:48 - 2014-09-24 08:48 - 00000000 ____D () C:\sh4ldr
2014-09-24 08:35 - 2014-09-24 08:35 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-24 08:17 - 2011-04-12 10:02 - 00658722 _____ () C:\Windows\system32\perfh01F.dat
2014-09-24 08:17 - 2011-04-12 10:02 - 00140424 _____ () C:\Windows\system32\perfc01F.dat
2014-09-24 08:17 - 2010-11-21 00:01 - 01576552 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-23 16:06 - 2013-11-27 11:28 - 00000814 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-23 15:49 - 2014-09-23 13:48 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\Skype
2014-09-23 14:55 - 2014-02-17 15:44 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-23 14:19 - 2014-06-04 12:34 - 00002295 _____ () C:\Users\user.ZEKI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-09-23 14:19 - 2014-03-03 09:55 - 00002140 _____ () C:\Users\user.ZEKI\Desktop\Apps.lnk
2014-09-23 13:48 - 2014-09-23 13:48 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Local\Skype
2014-09-23 13:35 - 2014-09-23 13:35 - 00000000 _____ () C:\autoexec.bat
2014-09-23 13:33 - 2014-09-23 13:33 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-09-23 12:54 - 2014-09-23 12:53 - 00392720 _____ () C:\Users\TEMP.ECE\Downloads\SpyHunter Full 4.17.6.4336 Tam indir__6666_i1334476297_il277965.exe
2014-09-23 12:23 - 2014-07-31 16:28 - 00000000 ____D () C:\Program Files\AllDaySavings
2014-09-23 11:55 - 2014-09-23 11:00 - 00000120 _____ () C:\Windows\Reimage.ini
2014-09-23 11:21 - 2014-09-23 11:02 - 00000000 ____D () C:\rei
2014-09-23 11:12 - 2014-09-23 11:12 - 00570032 _____ () C:\Users\TEMP.ECE\Downloads\WifiKill For PC.exe
2014-09-23 11:07 - 2014-09-23 11:05 - 00000000 ____D () C:\ProgramData\Reimage Protector
2014-09-23 11:07 - 2014-09-23 11:02 - 00000000 ____D () C:\Program Files\Reimage
2014-09-23 11:04 - 2014-09-23 11:04 - 00002058 _____ () C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2014-09-23 10:59 - 2014-09-23 10:58 - 00853960 _____ (Reimage®) C:\Users\TEMP.ECE\Downloads\ReimageRepair.exe
2014-09-23 10:55 - 2014-09-22 15:31 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Local\CrashDumps
2014-09-23 10:32 - 2014-09-23 10:32 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft Wireless Network Watcher
2014-09-23 10:32 - 2014-09-23 10:32 - 00000000 ____D () C:\Program Files\NirSoft
2014-09-23 10:31 - 2014-09-23 10:30 - 00304408 _____ () C:\Users\TEMP.ECE\Downloads\wnetwatcher_setup.exe
2014-09-23 09:53 - 2014-09-23 09:50 - 00025652 _____ () C:\Users\TEMP.ECE\Desktop\Addition.txt
2014-09-23 09:47 - 2014-09-23 09:47 - 01097728 _____ (Farbar) C:\Users\TEMP.ECE\Downloads\FRST.exe
2014-09-23 09:17 - 2014-02-07 16:30 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-09-23 09:09 - 2014-01-20 14:34 - 00000000 ____D () C:\ProgramData\ProductData
2014-09-23 09:04 - 2014-09-23 09:04 - 00000941 _____ () C:\Users\TEMP.ECE\Desktop\netcut.lnk
2014-09-23 09:04 - 2014-09-23 09:04 - 00000046 _____ () C:\Users\TEMP.ECE\Desktop\netcut support.url
2014-09-23 09:04 - 2014-07-01 13:55 - 00000000 ____D () C:\Program Files\netcut
2014-09-23 08:36 - 2014-09-23 08:37 - 01748153 _____ (arcai.com ) C:\Users\TEMP.ECE\Desktop\netcut (1).exe
2014-09-23 08:36 - 2014-09-23 08:34 - 01748153 _____ (arcai.com ) C:\Users\TEMP.ECE\Downloads\netcut (1).exe
2014-09-23 08:09 - 2014-09-23 08:09 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\WinRAR
2014-09-23 08:09 - 2014-09-23 08:09 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\InstallShield
2014-09-23 08:09 - 2014-09-10 14:30 - 00000922 _____ () C:\Users\Public\Desktop\Jumpstart.lnk
2014-09-23 08:09 - 2014-09-10 12:11 - 00000000 ____D () C:\Program Files\Jumpstart
2014-09-23 08:08 - 2014-09-23 08:08 - 00000363 _____ () C:\Users\TEMP.ECE\Desktop\Bilgisayar - Kısayol.lnk
2014-09-22 14:43 - 2014-09-22 14:43 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\Macromedia
2014-09-22 14:43 - 2014-09-22 14:43 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\Adobe
2014-09-22 14:43 - 2014-09-22 14:43 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Local\Macromedia
2014-09-22 14:40 - 2014-09-22 14:40 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\Mozilla
2014-09-22 14:40 - 2014-09-22 14:40 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Local\Mozilla
2014-09-22 14:40 - 2014-09-22 14:40 - 00000000 ____D () C:\Mozilla
2014-09-22 13:50 - 2014-09-22 13:50 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\Macromedia
2014-09-22 13:47 - 2014-09-22 13:47 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\InstallShield
2014-09-22 13:46 - 2014-09-22 13:46 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\Adobe
2014-09-22 13:46 - 2014-09-22 13:46 - 00000000 ____D () C:\Users\Ece1\AppData\Local\Adobe
2014-09-22 13:45 - 2014-09-22 13:45 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\WinRAR
2014-09-22 13:44 - 2014-09-22 13:44 - 00000363 _____ () C:\Users\Ece1\Desktop\Bilgisayar - Kısayol.lnk
2014-09-22 13:42 - 2014-09-22 13:42 - 00133536 _____ () C:\Users\Ece1\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-22 13:42 - 2014-09-22 13:42 - 00001401 _____ () C:\Users\Ece1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-22 13:41 - 2014-09-22 13:41 - 00000020 ___SH () C:\Users\Ece1\ntuser.ini
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 _SHDL () C:\Users\Ece1\Documents\Videolarım
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 _SHDL () C:\Users\Ece1\Documents\Resimlerim
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 _SHDL () C:\Users\Ece1\Documents\Müziğim
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 _SHDL () C:\Users\Ece1\Belgelerim
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 _SHDL () C:\Users\Ece1\AppData\Roaming\Microsoft\Windows\Start Menu\Programlar
2014-09-22 13:38 - 2014-09-22 13:38 - 00133536 _____ () C:\Users\TEMP.ECE\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-22 13:38 - 2014-09-22 13:38 - 00001401 _____ () C:\Users\TEMP.ECE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-22 13:38 - 2014-09-22 13:38 - 00000020 ___SH () C:\Users\TEMP.ECE\ntuser.ini
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 _SHDL () C:\Users\TEMP.ECE\Documents\Videolarım
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 _SHDL () C:\Users\TEMP.ECE\Documents\Resimlerim
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 _SHDL () C:\Users\TEMP.ECE\Documents\Müziğim
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 _SHDL () C:\Users\TEMP.ECE\Belgelerim
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 _SHDL () C:\Users\TEMP.ECE\AppData\Roaming\Microsoft\Windows\Start Menu\Programlar
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\Zbshareware Lab
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\ProductData
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Local\Google
2014-09-19 11:42 - 2014-09-19 11:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-09-19 11:42 - 2014-09-19 11:42 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-09-19 11:30 - 2014-02-11 14:34 - 00000000 ____D () C:\Users\user.ZEKI
2014-09-19 08:17 - 2014-09-19 08:17 - 00490456 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-18 14:57 - 2014-05-12 11:10 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-18 10:30 - 2014-09-18 10:30 - 00133536 _____ () C:\Users\user.ZEKI\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-18 10:04 - 2014-09-11 11:42 - 00000000 ____D () C:\Windows\Minidump
2014-09-18 09:54 - 2014-02-12 09:18 - 00000000 ____D () C:\Users\user.ZEKI\AppData\Local\Opera Software
2014-09-18 09:54 - 2013-11-27 10:22 - 00000000 ____D () C:\Program Files\Opera
2014-09-18 09:53 - 2014-02-12 09:18 - 00000000 ____D () C:\Users\user.ZEKI\AppData\Roaming\Opera Software
2014-09-17 10:56 - 2014-09-17 10:56 - 00846848 _____ () C:\Users\user.ZEKI\Downloads\06110413_tantingilizce.ppt
2014-09-17 10:34 - 2014-08-01 15:31 - 00000000 ____D () C:\Program Files\installAPK
2014-09-15 10:55 - 2013-11-23 12:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-15 10:36 - 2014-08-05 14:00 - 00000000 ____D () C:\Users\user.ZEKI\AppData\Local\CrashDumps
2014-09-15 09:25 - 2013-11-25 11:19 - 00000072 _____ () C:\Windows\KMSTMVM.ini
2014-09-11 15:01 - 2014-08-18 15:32 - 00002125 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-11 12:26 - 2014-02-13 14:43 - 00000000 ____D () C:\Users\user.ZEKI\AppData\Roaming\Skype
2014-09-11 08:56 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 08:10 - 2009-07-14 07:53 - 00032590 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-10 14:30 - 2014-09-10 14:30 - 00000000 ____D () C:\Users\user.ZEKI\AppData\Roaming\InstallShield
2014-09-10 14:30 - 2013-11-26 09:20 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-09-10 13:59 - 2014-09-08 10:54 - 00000000 ____D () C:\Users\user.ZEKI\Desktop\Bulgar
2014-09-10 12:11 - 2014-09-10 12:10 - 00000000 ____D () C:\ProgramData\Atheros
2014-09-10 12:08 - 2013-11-27 11:28 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-10 12:08 - 2013-11-23 12:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-01 10:53 - 2014-02-11 14:35 - 00000000 ____D () C:\Users\user.ZEKI\AppData\Roaming\ProductData
2014-09-01 10:53 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\AppCompat
Some content of TEMP:
====================
C:\Users\TEMP.ECE\AppData\Local\Temp\ReimagePackage.exe
C:\Users\TEMP.ECE\AppData\Local\Temp\sqlite3.exe
C:\Users\user\AppData\Local\Temp\AskSLib.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-16 08:42
==================== End Of Log ============================
-
O site hakkında BTK sitesinde şöyle yazıyor;quote:
Orijinalden alıntı: atirandaScan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-09-2014
Ran by user (administrator) on ECE on 25-09-2014 08:35:10
Running from C:\Users\TEMP.ECE\Desktop
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Türkçe (Türkiye)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Arcai.com) C:\Program Files\netcut\services\aips.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Atheros Communications, Inc.) C:\Program Files\Jumpstart\jswpbapi.exe
(Reimage®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
(Realtek) C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe
(Realtek Semiconductor Corp.) C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtWLan.exe
(Zbshareware Lab) C:\Program Files\USB Disk Security\USBGuard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Arcai.com) C:\Program Files\netcut\netcut.exe
(Atheros Communications, Inc.) C:\Program Files\Jumpstart\jswtrayutil.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
() C:\Program Files\Google\Update\Install\{65DCA794-CD1B-4706-AEB2-CEBFF263BCA4}\37.0.2062.124_37.0.2062.120_chrome_updater.exe
(Google Inc.) C:\Windows\Temp\CR_95CA0.tmp\setup.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [USB Security] => C:\Program Files\USB Disk Security\USBGuard.exe [623520 2011-01-31] (Zbshareware Lab)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [AGSServer] => C:\AGSoft\AGSserver.exe
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [jswtrayutil] => C:\Program Files\Jumpstart\jswtrayutil.exe [528384 2008-09-26] (Atheros Communications, Inc.)
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: ExplorerEx -> {E056AFDD-03E9-4D73-8D33-8FCCBCA73438} => No File
BootExecute:
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exehttp://istart.webssearches.com/?type=sc&ts=1406813021&from=amt&uid=SAMSUNGXHD080HJ_S08EJ1TLB06440
SearchScopes: HKLM - DefaultScope {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL =
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =http://istart.webssearches.com/web/?type=ds&ts=1406813021&from=amt&uid=SAMSUNGXHD080HJ_S08EJ1TLB06440&q={searchTerms}
SearchScopes: HKLM - {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Reader Bağı Yardımı -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Mercan Programlar Toolbar -> {b475cfd8-45d8-4905-b319-ad995327abeb} -> C:\Program Files\Mercan_Programlar\tbMer0.dll No File
BHO: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: AllDaySavings -> {fbdff406-2c4c-5d35-8469-34bb67ea3353} -> C:\Program Files\569B28CA-75D1-4EA2-9778-830E01DBBC88\kzhxnitccw.dll No File
Toolbar: HKLM - Mercan Programlar Toolbar - {b475cfd8-45d8-4905-b319-ad995327abeb} - C:\Program Files\Mercan_Programlar\tbMer0.dll No File
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA}http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\TEMP.ECE\AppData\Roaming\Mozilla\Firefox\Profiles\yyxrht0w.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\portalsepeti.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\webssearches.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yandex-tr.xml
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\user.ZEKI\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\faststartff@gmail.com
Chrome:
=======
CHR CustomProfile: C:\Users\TEMP.ECE\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Ebay Shopping Assistant by Spigot) - C:\Users\TEMP.ECE\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj [2014-09-22]
CHR Extension: (Domain Error Assistant) - C:\Users\TEMP.ECE\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj [2014-09-22]
CHR Extension: (Slick Savings) - C:\Users\TEMP.ECE\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk [2014-09-22]
CHR Extension: (Google Wallet) - C:\Users\TEMP.ECE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-22]
CHR Extension: (Amazon Shopping Assistant by Spigot) - C:\Users\TEMP.ECE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp [2014-09-22]
CHR HKLM\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files\Common Files\Spigot\GC\saebay_1.1.crx [2013-10-14]
CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.3.crx [2013-12-27]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Users\user\AppData\Local\Slick Savings\coupons.crx [2014-01-20]
CHR HKLM\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx [2014-01-20]
CHR HKLM\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files\Common Files\Spigot\GC\saamazon_1.0.crx [2012-11-22]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AIPS; C:\Program Files\netcut\services\AIPS.exe [262144 2011-07-28] (Arcai.com) [File not signed]
S3 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [397664 2012-05-08] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [385376 2012-05-08] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [694784 2014-07-31] (Cherished Technololgy LIMITED) [File not signed]
R2 jswpbapi; C:\Program Files\Jumpstart\jswpbapi.exe [188416 2008-09-26] (Atheros Communications, Inc.) [File not signed]
S3 jswpsapi; C:\Program Files\Jumpstart\jswpsapi.exe [954368 2008-09-26] (Atheros Communications, Inc.) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [5857128 2014-07-28] (Reimage®)
R2 RtlService; C:\Program Files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe [36864 2007-07-27] (Realtek) [File not signed]
S2 AllDaySavingsService; C:\Program Files\569B28CA-75D1-4EA2-9778-830E01DBBC88\cnfygfszki.exe [X]
S2 jxbalvtmyz32; C:\Program Files\005\jxbalvtmyz32.exe run options=01100010050000000000000000000000 sourceguid=569B28CA-75D1-4EA2-9778-830E01DBBC88 [X]
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [X]
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]
S2 Sed; C:\Users\user.ZEKI\AppData\Roaming\ntsvc\ntsvc.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [66912 2012-05-08] (BlueStack Systems)
R2 DgiVecp; C:\Windows\System32\Drivers\DgiVecp.sys [41984 2004-05-17] (DeviceGuys, Inc.) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R1 MpKslda461b6d; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{221E30B6-4DF9-4986-854C-EF815DDB687A}\MpKslda461b6d.sys [39464 2014-09-25] (Microsoft Corporation)
R1 netfilter; C:\Windows\System32\drivers\netfilter.sys [31744 2014-07-31] (NetFilterSDK.com) [File not signed]
R2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
R0 oem-drv86; C:\Windows\System32\DRIVERS\oem-drv86.sys [28160 2014-09-25] (secr9tos) [File not signed]
S3 RTL8187; C:\Windows\System32\DRIVERS\RTL8187.sys [335872 2012-05-11] (Realtek Semiconductor Corporation )
R1 RtlProt; C:\Windows\System32\DRIVERS\rtlprot.sys [25896 2007-04-23] (Windows (R) Codename Longhorn DDK provider)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2014-03-07] ()
S3 esgiguard; No ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-25 08:34 - 2014-09-25 08:34 - 00000000 ____D () C:\Users\TEMP.ECE\Desktop\FRST-OlderVersion
2014-09-25 08:33 - 2014-09-25 08:33 - 00000027 _____ () C:\Users\TEMP.ECE\Desktop\fixlist.txt
2014-09-24 13:35 - 2014-09-24 13:35 - 00000218 _____ () C:\Users\TEMP.ECE\.recently-used.xbel
2014-09-24 13:04 - 2014-09-24 13:01 - 952295424 _____ () C:\Users\TEMP.ECE\Desktop\tails-i386-1.1.1.iso
2014-09-24 11:52 - 2014-09-24 13:01 - 952295424 _____ () C:\Users\TEMP.ECE\Downloads\tails-i386-1.1.1.iso
2014-09-24 11:39 - 2014-09-24 11:33 - 00000801 _____ () C:\Users\TEMP.ECE\Desktop\tails-i386-1.1.1.iso.sig
2014-09-24 11:14 - 2014-09-24 11:14 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\live-usb-install
2014-09-24 10:12 - 2014-09-24 16:46 - 00000000 ____D () C:\Users\TEMP.ECE\Desktop\USB
2014-09-24 08:48 - 2014-09-24 08:48 - 00000000 ____D () C:\sh4ldr
2014-09-24 08:47 - 2014-09-24 15:55 - 00000000 ____D () C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2014-09-24 08:43 - 2014-09-24 15:54 - 00000000 ____D () C:\Users\TEMP.ECE\Desktop\SpyHntr.4.16.5.4290.WT
2014-09-24 08:36 - 2014-09-25 08:25 - 00002700 _____ () C:\Windows\WindowsUpdate.log
2014-09-24 08:35 - 2014-09-25 08:29 - 00000224 _____ () C:\Windows\setupact.log
2014-09-24 08:35 - 2014-09-24 08:35 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-24 08:17 - 2014-09-24 15:54 - 00000000 ____D () C:\Users\TEMP.ECE\Desktop\Spy
2014-09-23 13:48 - 2014-09-23 15:49 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\Skype
2014-09-23 13:48 - 2014-09-23 13:48 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Local\Skype
2014-09-23 13:35 - 2014-09-23 13:35 - 00000000 _____ () C:\autoexec.bat
2014-09-23 13:33 - 2014-09-23 13:33 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-09-23 12:53 - 2014-09-23 12:54 - 00392720 _____ () C:\Users\TEMP.ECE\Downloads\SpyHunter Full 4.17.6.4336 Tam indir__6666_i1334476297_il277965.exe
2014-09-23 11:12 - 2014-09-23 11:12 - 00570032 _____ () C:\Users\TEMP.ECE\Downloads\WifiKill For PC.exe
2014-09-23 11:05 - 2014-09-23 11:07 - 00000000 ____D () C:\ProgramData\Reimage Protector
2014-09-23 11:04 - 2014-09-24 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2014-09-23 11:04 - 2014-09-23 11:04 - 00002058 _____ () C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2014-09-23 11:02 - 2014-09-23 11:21 - 00000000 ____D () C:\rei
2014-09-23 11:02 - 2014-09-23 11:07 - 00000000 ____D () C:\Program Files\Reimage
2014-09-23 11:00 - 2014-09-23 11:55 - 00000120 _____ () C:\Windows\Reimage.ini
2014-09-23 10:58 - 2014-09-23 10:59 - 00853960 _____ (Reimage®) C:\Users\TEMP.ECE\Downloads\ReimageRepair.exe
2014-09-23 10:32 - 2014-09-23 10:32 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft Wireless Network Watcher
2014-09-23 10:32 - 2014-09-23 10:32 - 00000000 ____D () C:\Program Files\NirSoft
2014-09-23 10:30 - 2014-09-23 10:31 - 00304408 _____ () C:\Users\TEMP.ECE\Downloads\wnetwatcher_setup.exe
2014-09-23 09:50 - 2014-09-23 09:53 - 00025652 _____ () C:\Users\TEMP.ECE\Desktop\Addition.txt
2014-09-23 09:49 - 2014-09-25 08:35 - 00014155 _____ () C:\Users\TEMP.ECE\Desktop\FRST.txt
2014-09-23 09:49 - 2014-09-25 08:35 - 00000000 ____D () C:\FRST
2014-09-23 09:48 - 2014-09-25 08:34 - 01098240 _____ (Farbar) C:\Users\TEMP.ECE\Desktop\FRST.exe
2014-09-23 09:47 - 2014-09-23 09:47 - 01097728 _____ (Farbar) C:\Users\TEMP.ECE\Downloads\FRST.exe
2014-09-23 09:04 - 2014-09-24 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\arcai.com
2014-09-23 09:04 - 2014-09-23 09:04 - 00000941 _____ () C:\Users\TEMP.ECE\Desktop\netcut.lnk
2014-09-23 09:04 - 2014-09-23 09:04 - 00000046 _____ () C:\Users\TEMP.ECE\Desktop\netcut support.url
2014-09-23 08:37 - 2014-09-23 08:36 - 01748153 _____ (arcai.com ) C:\Users\TEMP.ECE\Desktop\netcut (1).exe
2014-09-23 08:34 - 2014-09-23 08:36 - 01748153 _____ (arcai.com ) C:\Users\TEMP.ECE\Downloads\netcut (1).exe
2014-09-23 08:09 - 2014-09-23 08:09 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\WinRAR
2014-09-23 08:09 - 2014-09-23 08:09 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\InstallShield
2014-09-23 08:08 - 2014-09-23 08:08 - 00000363 _____ () C:\Users\TEMP.ECE\Desktop\Bilgisayar - Kısayol.lnk
2014-09-23 08:08 - 2014-02-14 11:46 - 00000757 _____ () C:\Users\TEMP.ECE\Desktop\Yedek 22.11.2013 - Kısayol.lnk
2014-09-22 15:31 - 2014-09-23 10:55 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Local\CrashDumps
2014-09-22 14:43 - 2014-09-22 14:43 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\Macromedia
2014-09-22 14:43 - 2014-09-22 14:43 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\Adobe
2014-09-22 14:43 - 2014-09-22 14:43 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Local\Macromedia
2014-09-22 14:40 - 2014-09-22 14:40 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\Mozilla
2014-09-22 14:40 - 2014-09-22 14:40 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Local\Mozilla
2014-09-22 14:40 - 2014-09-22 14:40 - 00000000 ____D () C:\Mozilla
2014-09-22 13:50 - 2014-09-22 13:50 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\Macromedia
2014-09-22 13:47 - 2014-09-22 13:47 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\InstallShield
2014-09-22 13:46 - 2014-09-24 15:54 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\GRETECH
2014-09-22 13:46 - 2014-09-22 13:46 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\Adobe
2014-09-22 13:46 - 2014-09-22 13:46 - 00000000 ____D () C:\Users\Ece1\AppData\Local\Adobe
2014-09-22 13:45 - 2014-09-22 13:45 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\WinRAR
2014-09-22 13:44 - 2014-09-22 13:44 - 00000363 _____ () C:\Users\Ece1\Desktop\Bilgisayar - Kısayol.lnk
2014-09-22 13:44 - 2014-02-14 11:46 - 00000757 _____ () C:\Users\Ece1\Desktop\Yedek 22.11.2013 - Kısayol.lnk
2014-09-22 13:42 - 2014-09-24 15:54 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\Zbshareware Lab
2014-09-22 13:42 - 2014-09-24 15:53 - 00000000 ____D () C:\Users\Ece1\AppData\Local\Google
2014-09-22 13:42 - 2014-09-22 13:42 - 00133536 _____ () C:\Users\Ece1\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-22 13:42 - 2014-09-22 13:42 - 00001401 _____ () C:\Users\Ece1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-22 13:41 - 2014-09-24 15:54 - 00000000 ___RD () C:\Users\Ece1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-22 13:41 - 2014-09-24 15:54 - 00000000 ___RD () C:\Users\Ece1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-22 13:41 - 2014-09-24 15:54 - 00000000 ____D () C:\Users\Ece1
2014-09-22 13:41 - 2014-09-22 13:41 - 00000020 ___SH () C:\Users\Ece1\ntuser.ini
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 _SHDL () C:\Users\Ece1\Documents\Videolarım
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 _SHDL () C:\Users\Ece1\Documents\Resimlerim
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 _SHDL () C:\Users\Ece1\Documents\Müziğim
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 _SHDL () C:\Users\Ece1\Belgelerim
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 _SHDL () C:\Users\Ece1\AppData\Roaming\Microsoft\Windows\Start Menu\Programlar
2014-09-22 13:41 - 2014-06-04 12:34 - 00002036 _____ () C:\Users\Ece1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-09-22 13:38 - 2014-09-24 15:56 - 00000000 ____D () C:\Users\TEMP.ECE
2014-09-22 13:38 - 2014-09-22 13:38 - 00133536 _____ () C:\Users\TEMP.ECE\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-22 13:38 - 2014-09-22 13:38 - 00001401 _____ () C:\Users\TEMP.ECE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-22 13:38 - 2014-09-22 13:38 - 00000020 ___SH () C:\Users\TEMP.ECE\ntuser.ini
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 _SHDL () C:\Users\TEMP.ECE\Documents\Videolarım
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 _SHDL () C:\Users\TEMP.ECE\Documents\Resimlerim
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 _SHDL () C:\Users\TEMP.ECE\Documents\Müziğim
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 _SHDL () C:\Users\TEMP.ECE\Belgelerim
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 _SHDL () C:\Users\TEMP.ECE\AppData\Roaming\Microsoft\Windows\Start Menu\Programlar
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\Zbshareware Lab
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\ProductData
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Local\Google
2014-09-22 13:38 - 2014-06-04 12:34 - 00002036 _____ () C:\Users\TEMP.ECE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-09-22 13:38 - 2009-07-14 07:42 - 00000000 ___RD () C:\Users\TEMP.ECE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-22 13:38 - 2009-07-14 07:37 - 00000000 ___RD () C:\Users\TEMP.ECE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-19 11:42 - 2014-09-19 11:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-09-19 11:42 - 2014-09-19 11:42 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-09-19 08:17 - 2014-09-19 08:17 - 00490456 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-18 10:30 - 2014-09-18 10:30 - 00133536 _____ () C:\Users\user.ZEKI\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-17 10:56 - 2014-09-17 10:56 - 00846848 _____ () C:\Users\user.ZEKI\Downloads\06110413_tantingilizce.ppt
2014-09-11 11:42 - 2014-09-18 10:04 - 00000000 ____D () C:\Windows\Minidump
2014-09-10 14:30 - 2014-09-24 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atheros
2014-09-10 14:30 - 2014-09-23 08:09 - 00000922 _____ () C:\Users\Public\Desktop\Jumpstart.lnk
2014-09-10 14:30 - 2014-09-10 14:30 - 00000000 ____D () C:\Users\user.ZEKI\AppData\Roaming\InstallShield
2014-09-10 14:29 - 2014-01-14 13:20 - 01682432 _____ (CasaTech Inc.) C:\Users\user.ZEKI\Desktop\Dumpper v4.exe
2014-09-10 12:56 - 2008-05-15 03:28 - 00020384 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\jswpslwf.sys
2014-09-10 12:11 - 2014-09-23 08:09 - 00000000 ____D () C:\Program Files\Jumpstart
2014-09-10 12:10 - 2014-09-10 12:11 - 00000000 ____D () C:\ProgramData\Atheros
2014-09-08 10:54 - 2014-09-10 13:59 - 00000000 ____D () C:\Users\user.ZEKI\Desktop\Bulgar
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-25 08:35 - 2014-09-23 09:49 - 00014155 _____ () C:\Users\TEMP.ECE\Desktop\FRST.txt
2014-09-25 08:35 - 2014-09-23 09:49 - 00000000 ____D () C:\FRST
2014-09-25 08:34 - 2014-09-25 08:34 - 00000000 ____D () C:\Users\TEMP.ECE\Desktop\FRST-OlderVersion
2014-09-25 08:34 - 2014-09-23 09:48 - 01098240 _____ (Farbar) C:\Users\TEMP.ECE\Desktop\FRST.exe
2014-09-25 08:33 - 2014-09-25 08:33 - 00000027 _____ () C:\Users\TEMP.ECE\Desktop\fixlist.txt
2014-09-25 08:33 - 2014-08-18 15:28 - 00001004 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-25 08:29 - 2014-09-24 08:35 - 00000224 _____ () C:\Windows\setupact.log
2014-09-25 08:29 - 2014-08-18 15:28 - 00001000 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-25 08:29 - 2009-07-14 07:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-25 08:28 - 2013-11-22 19:56 - 00028160 _____ (secr9tos) C:\Windows\system32\Drivers\oem-drv86.sys
2014-09-25 08:25 - 2014-09-24 08:36 - 00002700 _____ () C:\Windows\WindowsUpdate.log
2014-09-25 08:21 - 2009-07-14 07:34 - 00029200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-25 08:21 - 2009-07-14 07:34 - 00029200 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-24 16:46 - 2014-09-24 10:12 - 00000000 ____D () C:\Users\TEMP.ECE\Desktop\USB
2014-09-24 15:57 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-24 15:56 - 2014-09-22 13:38 - 00000000 ____D () C:\Users\TEMP.ECE
2014-09-24 15:55 - 2014-09-24 08:47 - 00000000 ____D () C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2014-09-24 15:55 - 2014-05-05 12:04 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-09-24 15:55 - 2013-12-12 10:37 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.1
2014-09-24 15:55 - 2013-11-23 12:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-09-24 15:55 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-09-24 15:54 - 2014-09-24 08:43 - 00000000 ____D () C:\Users\TEMP.ECE\Desktop\SpyHntr.4.16.5.4290.WT
2014-09-24 15:54 - 2014-09-24 08:17 - 00000000 ____D () C:\Users\TEMP.ECE\Desktop\Spy
2014-09-24 15:54 - 2014-09-23 11:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2014-09-24 15:54 - 2014-09-23 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\arcai.com
2014-09-24 15:54 - 2014-09-22 13:46 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\GRETECH
2014-09-24 15:54 - 2014-09-22 13:42 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\Zbshareware Lab
2014-09-24 15:54 - 2014-09-22 13:41 - 00000000 ___RD () C:\Users\Ece1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-24 15:54 - 2014-09-22 13:41 - 00000000 ___RD () C:\Users\Ece1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-24 15:54 - 2014-09-22 13:41 - 00000000 ____D () C:\Users\Ece1
2014-09-24 15:54 - 2014-09-10 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atheros
2014-09-24 15:54 - 2014-08-18 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-24 15:54 - 2014-08-07 10:23 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Zbshareware Lab
2014-09-24 15:54 - 2014-08-07 10:23 - 00000000 ____D () C:\Users\Administrator
2014-09-24 15:54 - 2014-07-23 09:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-24 15:54 - 2014-07-01 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2014-09-24 15:54 - 2014-06-04 12:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-09-24 15:54 - 2014-05-12 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iras.exe
2014-09-24 15:54 - 2014-05-12 10:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-24 15:54 - 2014-03-03 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-09-24 15:54 - 2014-02-10 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REALTEK RTL8187 Wireless LAN Utility
2014-09-24 15:54 - 2014-01-30 11:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\doPDF 7
2014-09-24 15:54 - 2013-11-26 09:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSoft OmniPage SE 2.0
2014-09-24 15:54 - 2013-11-25 11:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kyocera
2014-09-24 15:54 - 2013-11-23 12:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-24 15:54 - 2013-11-23 12:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Disk Security
2014-09-24 15:54 - 2013-11-23 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
2014-09-24 15:54 - 2013-11-23 12:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-24 15:54 - 2013-11-23 12:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-24 15:54 - 2009-07-14 07:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-24 15:54 - 2009-07-14 05:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-24 15:54 - 2009-07-14 05:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-24 15:54 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\registration
2014-09-24 15:53 - 2014-09-22 13:42 - 00000000 ____D () C:\Users\Ece1\AppData\Local\Google
2014-09-24 15:34 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-09-24 13:35 - 2014-09-24 13:35 - 00000218 _____ () C:\Users\TEMP.ECE\.recently-used.xbel
2014-09-24 13:01 - 2014-09-24 13:04 - 952295424 _____ () C:\Users\TEMP.ECE\Desktop\tails-i386-1.1.1.iso
2014-09-24 13:01 - 2014-09-24 11:52 - 952295424 _____ () C:\Users\TEMP.ECE\Downloads\tails-i386-1.1.1.iso
2014-09-24 11:33 - 2014-09-24 11:39 - 00000801 _____ () C:\Users\TEMP.ECE\Desktop\tails-i386-1.1.1.iso.sig
2014-09-24 11:14 - 2014-09-24 11:14 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\live-usb-install
2014-09-24 08:48 - 2014-09-24 08:48 - 00000000 ____D () C:\sh4ldr
2014-09-24 08:35 - 2014-09-24 08:35 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-24 08:17 - 2011-04-12 10:02 - 00658722 _____ () C:\Windows\system32\perfh01F.dat
2014-09-24 08:17 - 2011-04-12 10:02 - 00140424 _____ () C:\Windows\system32\perfc01F.dat
2014-09-24 08:17 - 2010-11-21 00:01 - 01576552 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-23 16:06 - 2013-11-27 11:28 - 00000814 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-23 15:49 - 2014-09-23 13:48 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\Skype
2014-09-23 14:55 - 2014-02-17 15:44 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-23 14:19 - 2014-06-04 12:34 - 00002295 _____ () C:\Users\user.ZEKI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-09-23 14:19 - 2014-03-03 09:55 - 00002140 _____ () C:\Users\user.ZEKI\Desktop\Apps.lnk
2014-09-23 13:48 - 2014-09-23 13:48 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Local\Skype
2014-09-23 13:35 - 2014-09-23 13:35 - 00000000 _____ () C:\autoexec.bat
2014-09-23 13:33 - 2014-09-23 13:33 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-09-23 12:54 - 2014-09-23 12:53 - 00392720 _____ () C:\Users\TEMP.ECE\Downloads\SpyHunter Full 4.17.6.4336 Tam indir__6666_i1334476297_il277965.exe
2014-09-23 12:23 - 2014-07-31 16:28 - 00000000 ____D () C:\Program Files\AllDaySavings
2014-09-23 11:55 - 2014-09-23 11:00 - 00000120 _____ () C:\Windows\Reimage.ini
2014-09-23 11:21 - 2014-09-23 11:02 - 00000000 ____D () C:\rei
2014-09-23 11:12 - 2014-09-23 11:12 - 00570032 _____ () C:\Users\TEMP.ECE\Downloads\WifiKill For PC.exe
2014-09-23 11:07 - 2014-09-23 11:05 - 00000000 ____D () C:\ProgramData\Reimage Protector
2014-09-23 11:07 - 2014-09-23 11:02 - 00000000 ____D () C:\Program Files\Reimage
2014-09-23 11:04 - 2014-09-23 11:04 - 00002058 _____ () C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2014-09-23 10:59 - 2014-09-23 10:58 - 00853960 _____ (Reimage®) C:\Users\TEMP.ECE\Downloads\ReimageRepair.exe
2014-09-23 10:55 - 2014-09-22 15:31 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Local\CrashDumps
2014-09-23 10:32 - 2014-09-23 10:32 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft Wireless Network Watcher
2014-09-23 10:32 - 2014-09-23 10:32 - 00000000 ____D () C:\Program Files\NirSoft
2014-09-23 10:31 - 2014-09-23 10:30 - 00304408 _____ () C:\Users\TEMP.ECE\Downloads\wnetwatcher_setup.exe
2014-09-23 09:53 - 2014-09-23 09:50 - 00025652 _____ () C:\Users\TEMP.ECE\Desktop\Addition.txt
2014-09-23 09:47 - 2014-09-23 09:47 - 01097728 _____ (Farbar) C:\Users\TEMP.ECE\Downloads\FRST.exe
2014-09-23 09:17 - 2014-02-07 16:30 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-09-23 09:09 - 2014-01-20 14:34 - 00000000 ____D () C:\ProgramData\ProductData
2014-09-23 09:04 - 2014-09-23 09:04 - 00000941 _____ () C:\Users\TEMP.ECE\Desktop\netcut.lnk
2014-09-23 09:04 - 2014-09-23 09:04 - 00000046 _____ () C:\Users\TEMP.ECE\Desktop\netcut support.url
2014-09-23 09:04 - 2014-07-01 13:55 - 00000000 ____D () C:\Program Files\netcut
2014-09-23 08:36 - 2014-09-23 08:37 - 01748153 _____ (arcai.com ) C:\Users\TEMP.ECE\Desktop\netcut (1).exe
2014-09-23 08:36 - 2014-09-23 08:34 - 01748153 _____ (arcai.com ) C:\Users\TEMP.ECE\Downloads\netcut (1).exe
2014-09-23 08:09 - 2014-09-23 08:09 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\WinRAR
2014-09-23 08:09 - 2014-09-23 08:09 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\InstallShield
2014-09-23 08:09 - 2014-09-10 14:30 - 00000922 _____ () C:\Users\Public\Desktop\Jumpstart.lnk
2014-09-23 08:09 - 2014-09-10 12:11 - 00000000 ____D () C:\Program Files\Jumpstart
2014-09-23 08:08 - 2014-09-23 08:08 - 00000363 _____ () C:\Users\TEMP.ECE\Desktop\Bilgisayar - Kısayol.lnk
2014-09-22 14:43 - 2014-09-22 14:43 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\Macromedia
2014-09-22 14:43 - 2014-09-22 14:43 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\Adobe
2014-09-22 14:43 - 2014-09-22 14:43 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Local\Macromedia
2014-09-22 14:40 - 2014-09-22 14:40 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\Mozilla
2014-09-22 14:40 - 2014-09-22 14:40 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Local\Mozilla
2014-09-22 14:40 - 2014-09-22 14:40 - 00000000 ____D () C:\Mozilla
2014-09-22 13:50 - 2014-09-22 13:50 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\Macromedia
2014-09-22 13:47 - 2014-09-22 13:47 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\InstallShield
2014-09-22 13:46 - 2014-09-22 13:46 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\Adobe
2014-09-22 13:46 - 2014-09-22 13:46 - 00000000 ____D () C:\Users\Ece1\AppData\Local\Adobe
2014-09-22 13:45 - 2014-09-22 13:45 - 00000000 ____D () C:\Users\Ece1\AppData\Roaming\WinRAR
2014-09-22 13:44 - 2014-09-22 13:44 - 00000363 _____ () C:\Users\Ece1\Desktop\Bilgisayar - Kısayol.lnk
2014-09-22 13:42 - 2014-09-22 13:42 - 00133536 _____ () C:\Users\Ece1\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-22 13:42 - 2014-09-22 13:42 - 00001401 _____ () C:\Users\Ece1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-22 13:41 - 2014-09-22 13:41 - 00000020 ___SH () C:\Users\Ece1\ntuser.ini
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 _SHDL () C:\Users\Ece1\Documents\Videolarım
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 _SHDL () C:\Users\Ece1\Documents\Resimlerim
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 _SHDL () C:\Users\Ece1\Documents\Müziğim
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 _SHDL () C:\Users\Ece1\Belgelerim
2014-09-22 13:41 - 2014-09-22 13:41 - 00000000 _SHDL () C:\Users\Ece1\AppData\Roaming\Microsoft\Windows\Start Menu\Programlar
2014-09-22 13:38 - 2014-09-22 13:38 - 00133536 _____ () C:\Users\TEMP.ECE\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-22 13:38 - 2014-09-22 13:38 - 00001401 _____ () C:\Users\TEMP.ECE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-22 13:38 - 2014-09-22 13:38 - 00000020 ___SH () C:\Users\TEMP.ECE\ntuser.ini
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 _SHDL () C:\Users\TEMP.ECE\Documents\Videolarım
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 _SHDL () C:\Users\TEMP.ECE\Documents\Resimlerim
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 _SHDL () C:\Users\TEMP.ECE\Documents\Müziğim
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 _SHDL () C:\Users\TEMP.ECE\Belgelerim
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 _SHDL () C:\Users\TEMP.ECE\AppData\Roaming\Microsoft\Windows\Start Menu\Programlar
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\Zbshareware Lab
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Roaming\ProductData
2014-09-22 13:38 - 2014-09-22 13:38 - 00000000 ____D () C:\Users\TEMP.ECE\AppData\Local\Google
2014-09-19 11:42 - 2014-09-19 11:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-09-19 11:42 - 2014-09-19 11:42 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-09-19 11:30 - 2014-02-11 14:34 - 00000000 ____D () C:\Users\user.ZEKI
2014-09-19 08:17 - 2014-09-19 08:17 - 00490456 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-18 14:57 - 2014-05-12 11:10 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-18 10:30 - 2014-09-18 10:30 - 00133536 _____ () C:\Users\user.ZEKI\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-18 10:04 - 2014-09-11 11:42 - 00000000 ____D () C:\Windows\Minidump
2014-09-18 09:54 - 2014-02-12 09:18 - 00000000 ____D () C:\Users\user.ZEKI\AppData\Local\Opera Software
2014-09-18 09:54 - 2013-11-27 10:22 - 00000000 ____D () C:\Program Files\Opera
2014-09-18 09:53 - 2014-02-12 09:18 - 00000000 ____D () C:\Users\user.ZEKI\AppData\Roaming\Opera Software
2014-09-17 10:56 - 2014-09-17 10:56 - 00846848 _____ () C:\Users\user.ZEKI\Downloads\06110413_tantingilizce.ppt
2014-09-17 10:34 - 2014-08-01 15:31 - 00000000 ____D () C:\Program Files\installAPK
2014-09-15 10:55 - 2013-11-23 12:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-15 10:36 - 2014-08-05 14:00 - 00000000 ____D () C:\Users\user.ZEKI\AppData\Local\CrashDumps
2014-09-15 09:25 - 2013-11-25 11:19 - 00000072 _____ () C:\Windows\KMSTMVM.ini
2014-09-11 15:01 - 2014-08-18 15:32 - 00002125 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-11 12:26 - 2014-02-13 14:43 - 00000000 ____D () C:\Users\user.ZEKI\AppData\Roaming\Skype
2014-09-11 08:56 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 08:10 - 2009-07-14 07:53 - 00032590 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-10 14:30 - 2014-09-10 14:30 - 00000000 ____D () C:\Users\user.ZEKI\AppData\Roaming\InstallShield
2014-09-10 14:30 - 2013-11-26 09:20 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-09-10 13:59 - 2014-09-08 10:54 - 00000000 ____D () C:\Users\user.ZEKI\Desktop\Bulgar
2014-09-10 12:11 - 2014-09-10 12:10 - 00000000 ____D () C:\ProgramData\Atheros
2014-09-10 12:08 - 2013-11-27 11:28 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-10 12:08 - 2013-11-23 12:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-01 10:53 - 2014-02-11 14:35 - 00000000 ____D () C:\Users\user.ZEKI\AppData\Roaming\ProductData
2014-09-01 10:53 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\AppCompat
Some content of TEMP:
====================
C:\Users\TEMP.ECE\AppData\Local\Temp\ReimagePackage.exe
C:\Users\TEMP.ECE\AppData\Local\Temp\sqlite3.exe
C:\Users\user\AppData\Local\Temp\AskSLib.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-16 08:42
==================== End Of Log ============================
Alıntıları Göster
BTK
Site Adı / IP
Resim Doğrulama Kodu
Güvenlik Kodu
(pastebin.com) hakkında uygulanmakta olan kararlar:
Bu İnternet sitesi (pastebin.com) hakkında Ankara CBS'nin 08/03/2012 tarih ve 2012/27976 sayılı kararına istinaden Telekomünikasyon İletişim Başkanlığı tarafından KORUMA TEDBİRİ uygulanmaktadır.
(The PROTECTION MEASURE has been taken for this website (pastebin.com) according to Decision Nr. 2012/27976 dated 08/03/2012 of Ankara CBS has been implemented by Telekomünikasyon İletişim Başkanlığı.)
-
Gönderdiğiniz Log normal tarama Logu. Yaptığımız işlemin Logu değil. Pastebin adresi verdiğim mesajımı tekrar okuyun.quote:
Orijinalden alıntı: atiranda
O site hakkında BTK sitesinde şöyle yazıyor;
BTK
Site Adı / IP
Resim Doğrulama Kodu
Güvenlik Kodu
(pastebin.com) hakkında uygulanmakta olan kararlar:
Bu İnternet sitesi (pastebin.com) hakkında Ankara CBS'nin 08/03/2012 tarih ve 2012/27976 sayılı kararına istinaden Telekomünikasyon İletişim Başkanlığı tarafından KORUMA TEDBİRİ uygulanmaktadır.
(The PROTECTION MEASURE has been taken for this website (pastebin.com) according to Decision Nr. 2012/27976 dated 08/03/2012 of Ankara CBS has been implemented by Telekomünikasyon İletişim Başkanlığı.)
Alıntıları Göster
Benzer içerikler
- combofix windows 11
- gmail şifre kırma
- balkona kamera takmak yasal mı
- kendi mail adresimden mail geldi
- telefon numarasından konum bulunur mu
- en iyi ücretsiz antivirüs programı
- windows defender kapatma
- en iyi antivirüs programı
Ip işlemleri
Bu mesaj IP'si ile atılan mesajları ara Bu kullanıcının son IP'si ile atılan mesajları ara Bu mesaj IP'si ile kullanıcı ara Bu kullanıcının son IP'si ile kullanıcı ara
KAPAT X
Bu mesaj IP'si ile atılan mesajları ara Bu kullanıcının son IP'si ile atılan mesajları ara Bu mesaj IP'si ile kullanıcı ara Bu kullanıcının son IP'si ile kullanıcı ara
KAPAT X
