Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Roguekiiller found Pum.dns


  • This topic is locked This topic is locked
4 replies to this topic

#1 SR2

SR2

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 10 April 2015 - 11:54 AM

I found 4 Pum.dns in registry.When I rebooted and ran RK again it found 4 Pum.Dns entries, again in the registry. Adwcleaner, MBAM, JRTand Rkill didn't find  malware. How can I tell if my system is clean and fully removed of pum.dns?  

FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015

Ran by Oyuncu (administrator) on GORKEMPC on 09-04-2015 19:15:02
Running from C:\Users\gorkemeren\Downloads
Loaded Profiles: Oyuncu (Available profiles: Oyuncu)
Platform: Windows 8.1 Pro (X64) OS Language: Türkçe (Türkiye)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Razer Inc.) D:\Razer Cortex\RzKLService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7199448 2014-08-28] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10801944 2014-07-28] (Logitech Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-03-25] (Raptr, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-03-19] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-966167090-4290164784-3041656091-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-966167090-4290164784-3041656091-1001\...\Run: [EADM] => D:\Origin\Origin.exe [3619160 2015-01-27] (Electronic Arts)
HKU\S-1-5-21-966167090-4290164784-3041656091-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-966167090-4290164784-3041656091-1001\...\MountPoints2: {2fbb71ca-2ea0-11e4-8255-08606ef3c5c4} - "N:\setup.exe" 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-966167090-4290164784-3041656091-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-966167090-4290164784-3041656091-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-966167090-4290164784-3041656091-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.tr.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2014-12-02] (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-09-18] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-16] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-09-18] (Kaspersky Lab ZAO)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-14] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-09-18] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-09-18] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-16] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-09-18] (Kaspersky Lab ZAO)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-09-18] (Kaspersky Lab ZAO)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-08-30] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{06BB80B0-BEF6-4357-97C2-C1ABC695616A}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-18] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-30] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin HKU\S-1-5-21-966167090-4290164784-3041656091-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\gorkemeren\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Модуль перевірки посилань - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-09-18]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-09-18]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-09-18]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-09-18]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-09-18]
 
Chrome: 
=======
CHR Profile: C:\Users\gorkemeren\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Kaspersky Protection) - C:\Users\gorkemeren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2015-02-21]
CHR Extension: (AdBlock) - C:\Users\gorkemeren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-21]
CHR Extension: (Skype Click to Call) - C:\Users\gorkemeren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-02-21]
CHR Extension: (Google Wallet) - C:\Users\gorkemeren\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-21]
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-29]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-29]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-29] (Kaspersky Lab ZAO)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-14] (Microsoft Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
S2 MBAMService; D:\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [1910128 2015-01-27] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-09-28] ()
S2 RadeonPro Support Service; D:\RadeonPro\RadeonProSupport.exe [20608 2013-11-04] (Mr. John aka japamd) [File not signed]
R2 RzKLService; D:\Razer Cortex\RzKLService.exe [105448 2014-08-28] (Razer Inc.)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026432 2015-03-15] (Enigma Software Group USA, LLC.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-12-21] (Advanced Micro Devices)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-08-28] (Disc Soft Ltd)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-03-15] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-03-15] ()
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-04-01] (REALiX™)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-09-18] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2014-09-18] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [115296 2014-09-18] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-09-18] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-10-29] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-09-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-29] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [65120 2014-09-18] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2014-09-18] (Kaspersky Lab ZAO)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-03-11] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-04-04] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-16] (Apple, Inc.) [File not signed]
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [101680 2015-04-05] (Zemana Ltd.)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-09 19:15 - 2015-04-09 19:15 - 00018134 _____ () C:\Users\gorkemeren\Downloads\FRST.txt
2015-04-09 19:15 - 2015-04-09 19:15 - 00000000 ____D () C:\FRST
2015-04-09 19:06 - 2015-04-09 19:12 - 00000469 _____ () C:\Users\gorkemeren\Desktop\Yeni Metin Belgesi (9).txt
2015-04-09 19:04 - 2015-04-09 19:04 - 02095616 _____ (Farbar) C:\Users\gorkemeren\Downloads\FRST64.exe
2015-04-09 17:03 - 2015-04-09 17:03 - 02482146 _____ () C:\Users\gorkemeren\Downloads\FRCRY4TYV200 (2).rar
2015-04-09 17:02 - 2015-04-09 17:03 - 02482146 _____ () C:\Users\gorkemeren\Downloads\FRCRY4TYV200 (1).rar
2015-04-09 17:02 - 2015-04-09 17:02 - 02482146 _____ () C:\Users\gorkemeren\Downloads\FRCRY4TYV200.rar
2015-04-08 17:36 - 2015-04-08 17:36 - 00000729 _____ () C:\Users\Public\Desktop\Far Cry 4 - Gold Edition.lnk
2015-04-07 21:36 - 2015-04-08 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Far Cry 4 - Gold Edition
2015-04-07 17:36 - 2015-04-07 17:37 - 00000000 ____D () C:\KVRT_Data
2015-04-07 15:55 - 2015-04-09 16:00 - 00000348 _____ () C:\Windows\setupact.log
2015-04-07 15:55 - 2015-04-07 15:55 - 00482608 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-07 15:55 - 2015-04-07 15:55 - 00000570 _____ () C:\Windows\PFRO.log
2015-04-07 15:55 - 2015-04-07 15:55 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-06 18:18 - 2015-04-06 18:18 - 00000637 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-06 18:18 - 2015-04-06 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-06 18:18 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-06 18:18 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-06 18:11 - 2015-04-06 18:11 - 00027505 _____ () C:\Users\gorkemeren\Downloads\PureRa.zip
2015-04-06 17:02 - 2015-04-06 18:18 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-06 17:02 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-05 14:40 - 2015-04-05 14:40 - 00101680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2015-04-05 14:39 - 2015-04-05 14:39 - 00000000 ____D () C:\Users\gorkemeren\AppData\Local\Zemana
2015-04-01 17:21 - 2015-04-01 17:21 - 00002400 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Oyuncu
2015-04-01 17:21 - 2015-04-01 17:21 - 00000298 _____ () C:\Windows\Tasks\Uninstaller_SkipUac_Oyuncu.job
2015-04-01 17:21 - 2015-04-01 17:21 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2015-04-01 17:21 - 2015-04-01 17:21 - 00000000 ____D () C:\ProgramData\ProductData
2015-04-01 17:21 - 2015-04-01 17:21 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2015-04-01 17:21 - 2015-01-10 15:32 - 00128288 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll
2015-04-01 17:21 - 2014-06-04 15:17 - 00034080 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe
2015-04-01 17:20 - 2015-04-01 17:22 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-04-01 17:20 - 2015-04-01 17:21 - 00002876 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Oyuncu)
2015-04-01 17:20 - 2015-04-01 17:21 - 00000000 ____D () C:\Users\gorkemeren\AppData\Roaming\IObit
2015-04-01 17:20 - 2015-04-01 17:21 - 00000000 ____D () C:\ProgramData\IObit
2015-04-01 17:20 - 2015-04-01 17:20 - 00026528 _____ (REALiX™) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2015-04-01 17:20 - 2015-04-01 17:20 - 00000000 ____D () C:\Users\Oyuncu\AppData\Roaming\IObit
2015-04-01 17:20 - 2015-04-01 17:20 - 00000000 ____D () C:\Users\gorkemeren\AppData\Roaming\ProductData
2015-03-30 17:17 - 2015-03-30 17:17 - 00074233 _____ () C:\Users\gorkemeren\Downloads\Far Cry 4 - Gold Edition.iso.torrent
2015-03-27 20:33 - 2015-03-27 20:33 - 00000000 ____D () C:\Users\gorkemeren\Desktop\Batman Arkham Asylum
2015-03-25 20:48 - 2015-03-25 20:48 - 00000000 ____D () C:\Users\gorkemeren\Documents\Eidos
2015-03-25 20:42 - 2015-03-25 20:42 - 00000000 ____D () C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2015-03-25 20:20 - 2015-03-25 20:20 - 00000000 ____D () C:\Windows\6833245EDD86479A882A8360D62C8194.TMP
2015-03-25 20:20 - 2015-03-25 20:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
2015-03-25 20:19 - 2015-03-25 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eidos
2015-03-25 19:09 - 2015-03-25 19:09 - 00041080 _____ () C:\Users\gorkemeren\Downloads\Batman.Arkham.Asylum-RELOADED (1).torrent
2015-03-25 19:01 - 2015-03-25 19:01 - 00041080 _____ () C:\Users\gorkemeren\Downloads\Batman.Arkham.Asylum-RELOADED.torrent
2015-03-25 18:38 - 2015-03-25 18:40 - 100155692 _____ () C:\Users\gorkemeren\Downloads\Batman Arkham Asylum Türkçe Yama v2.00.exe
2015-03-25 18:37 - 2015-03-25 18:39 - 279694592 _____ () C:\Users\gorkemeren\Downloads\Batman_TU_v1.1_EFIGS.exe
2015-03-21 12:29 - 2015-03-21 12:29 - 00000000 ____D () C:\Users\gorkemeren\AppData\Roaming\ATI
2015-03-21 12:29 - 2015-03-21 12:29 - 00000000 ____D () C:\Users\gorkemeren\AppData\Local\ATI
2015-03-21 12:29 - 2015-03-21 12:29 - 00000000 ____D () C:\ProgramData\ATI
2015-03-21 12:27 - 2015-03-21 12:27 - 00054252 _____ () C:\Windows\SysWOW64\CCCInstall_201503211127538809.log
2015-03-21 12:27 - 2015-03-21 12:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-03-21 12:27 - 2015-03-21 12:27 - 00000000 ____D () C:\ProgramData\AMD
2015-03-21 12:27 - 2015-03-21 12:27 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2015-03-21 12:27 - 2015-03-21 12:27 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2015-03-21 12:27 - 2015-03-21 12:27 - 00000000 _____ () C:\Windows\ativpsrm.bin
2015-03-21 00:34 - 2015-03-21 00:34 - 00000000 ____D () C:\Users\gorkemeren\Desktop\Mass Effect 2
2015-03-19 22:53 - 2015-03-19 22:53 - 00000224 _____ () C:\Users\gorkemeren\Desktop\Yeni Metin Belgesi (8).txt
2015-03-19 22:18 - 2015-03-19 22:18 - 00000000 ____D () C:\Users\gorkemeren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kasumi Stolen Memory Türkçe Yama
2015-03-19 22:17 - 2015-03-19 22:17 - 00000000 ____D () C:\Users\gorkemeren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zaeed - The Price of Revenge Türkçe Yama
2015-03-19 22:17 - 2015-03-19 22:17 - 00000000 ____D () C:\Users\gorkemeren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lair of the Shadow Broker Türkçe Yama
2015-03-19 22:11 - 2015-03-19 22:13 - 00000000 ____D () C:\Users\gorkemeren\Downloads\ME TR YAMALAR
2015-03-19 22:08 - 2015-03-19 22:08 - 00001845 _____ () C:\Users\gorkemeren\Documents\Mass Effect 2 1.01.log
2015-03-19 22:08 - 2015-03-19 22:08 - 00001776 _____ () C:\Users\gorkemeren\Documents\Mass Effect 2 1.02.log
2015-03-19 22:08 - 2015-03-19 22:08 - 00000722 _____ () C:\Users\gorkemeren\Desktop\Mass Effect 2.lnk
2015-03-19 22:08 - 2015-03-19 22:08 - 00000000 ____D () C:\Users\gorkemeren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mass Effect 2
2015-03-19 21:56 - 2015-03-19 21:56 - 00000000 ____D () C:\Windows\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP
2015-03-19 18:58 - 2015-03-19 19:02 - 00000200 _____ () C:\Users\gorkemeren\Desktop\Yeni Metin Belgesi (7).txt
2015-03-19 07:15 - 2015-03-19 07:15 - 01357168 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2015-03-19 07:15 - 2015-03-19 07:15 - 01133664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2015-03-19 07:15 - 2015-03-19 07:15 - 00450744 _____ () C:\Windows\system32\amdmiracast.dll
2015-03-19 07:15 - 2015-03-19 07:15 - 00144328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2015-03-19 07:15 - 2015-03-19 07:15 - 00128384 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2015-03-19 07:15 - 2015-03-19 07:15 - 00126848 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2015-03-19 07:15 - 2015-03-19 07:15 - 00118096 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2015-03-19 07:15 - 2015-03-19 07:15 - 00118096 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2015-03-19 07:15 - 2015-03-19 07:15 - 00102128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2015-03-19 07:15 - 2015-03-19 07:15 - 00100032 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2015-03-19 07:15 - 2015-03-19 07:15 - 00096448 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2015-03-19 07:15 - 2015-03-19 07:15 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2015-03-19 07:15 - 2015-03-19 07:15 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2015-03-19 07:15 - 2015-03-19 07:15 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2015-03-19 07:15 - 2015-03-19 07:15 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2015-03-19 07:14 - 2015-03-19 07:14 - 11083488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2015-03-19 07:14 - 2015-03-19 07:14 - 09406112 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2015-03-19 07:14 - 2015-03-19 07:14 - 08381280 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2015-03-19 07:14 - 2015-03-19 07:14 - 08368872 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2015-03-19 07:14 - 2015-03-19 07:14 - 07559840 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2015-03-19 07:14 - 2015-03-19 07:14 - 07077264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2015-03-19 07:12 - 2015-03-19 07:12 - 00294600 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2015-03-19 07:09 - 2015-03-19 07:09 - 19338240 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2015-03-19 06:55 - 2015-03-19 06:55 - 01187342 _____ () C:\Windows\system32\amdocl_as64.exe
2015-03-19 06:55 - 2015-03-19 06:55 - 01061902 _____ () C:\Windows\system32\amdocl_ld64.exe
2015-03-19 06:55 - 2015-03-19 06:55 - 00995342 _____ () C:\Windows\SysWOW64\amdocl_as32.exe
2015-03-19 06:55 - 2015-03-19 06:55 - 00798734 _____ () C:\Windows\SysWOW64\amdocl_ld32.exe
2015-03-19 06:55 - 2015-03-19 06:55 - 00235008 _____ () C:\Windows\system32\clinfo.exe
2015-03-19 06:54 - 2015-03-19 06:54 - 47902720 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2015-03-19 06:54 - 2015-03-19 06:54 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll
2015-03-19 06:54 - 2015-03-19 06:54 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll
2015-03-19 06:54 - 2015-03-19 06:54 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2015-03-19 06:54 - 2015-03-19 06:54 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2015-03-19 06:51 - 2015-03-19 06:51 - 40989696 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2015-03-19 06:48 - 2015-03-19 06:48 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-03-19 06:47 - 2015-03-19 06:47 - 00058880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-03-19 05:50 - 2015-03-19 05:50 - 00134656 _____ () C:\Windows\system32\amdhdl64.dll
2015-03-19 05:50 - 2015-03-19 05:50 - 00123392 _____ () C:\Windows\SysWOW64\amdhdl32.dll
2015-03-19 05:49 - 2015-03-19 05:49 - 28354560 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2015-03-19 05:46 - 2015-03-19 05:46 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2015-03-19 05:46 - 2015-03-19 05:46 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2015-03-19 05:45 - 2015-03-19 05:45 - 05837312 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2015-03-19 05:29 - 2015-03-19 05:29 - 04590592 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2015-03-19 05:28 - 2015-03-19 05:28 - 23626752 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2015-03-19 05:23 - 2015-03-19 05:23 - 00639088 _____ () C:\Windows\SysWOW64\atiapfxx.blb
2015-03-19 05:23 - 2015-03-19 05:23 - 00639088 _____ () C:\Windows\system32\atiapfxx.blb
2015-03-19 05:22 - 2015-03-19 05:22 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2015-03-19 05:22 - 2015-03-19 05:22 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2015-03-19 05:22 - 2015-03-19 05:22 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2015-03-19 05:22 - 2015-03-19 05:22 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2015-03-19 05:22 - 2015-03-19 05:22 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2015-03-19 05:21 - 2015-03-19 05:21 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2015-03-19 05:18 - 2015-03-19 05:18 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2015-03-19 05:15 - 2015-03-19 05:15 - 00091648 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2015-03-19 05:15 - 2015-03-19 05:15 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2015-03-19 05:09 - 2015-03-19 05:09 - 00049664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2015-03-19 05:09 - 2015-03-19 05:09 - 00038912 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2015-03-19 05:04 - 2015-03-19 05:04 - 03437632 _____ () C:\Windows\system32\atiumd6a.cap
2015-03-19 05:04 - 2015-03-19 05:04 - 00776192 _____ (AMD) C:\Windows\system32\atieclxx.exe
2015-03-19 05:04 - 2015-03-19 05:04 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2015-03-19 05:04 - 2015-03-19 05:04 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll
2015-03-19 05:03 - 2015-03-19 05:03 - 00246272 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2015-03-19 05:02 - 2015-03-19 05:02 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2015-03-19 05:01 - 2015-03-19 05:01 - 00204952 _____ () C:\Windows\SysWOW64\ativvsvl.dat
2015-03-19 05:01 - 2015-03-19 05:01 - 00204952 _____ () C:\Windows\system32\ativvsvl.dat
2015-03-19 05:01 - 2015-03-19 05:01 - 00157144 _____ () C:\Windows\SysWOW64\ativvsva.dat
2015-03-19 05:01 - 2015-03-19 05:01 - 00157144 _____ () C:\Windows\system32\ativvsva.dat
2015-03-19 04:52 - 2015-03-19 04:52 - 03471376 _____ () C:\Windows\SysWOW64\atiumdva.cap
2015-03-19 04:45 - 2015-03-19 04:45 - 00846848 _____ (AMD) C:\Windows\system32\coinst_14.50.dll
2015-03-19 04:42 - 2015-03-19 04:42 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2015-03-19 04:42 - 2015-03-19 04:42 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2015-03-19 04:40 - 2015-03-19 04:40 - 01218560 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2015-03-19 04:40 - 2015-03-19 04:40 - 00905728 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2015-03-19 04:39 - 2015-03-19 04:39 - 00591872 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2015-03-19 04:39 - 2015-03-19 04:39 - 00146944 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2015-03-19 04:39 - 2015-03-19 04:39 - 00133632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2015-03-19 04:39 - 2015-03-19 04:39 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2015-03-19 04:39 - 2015-03-19 04:39 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2015-03-19 04:39 - 2015-03-19 04:39 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2015-03-19 04:31 - 2015-03-19 04:31 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2015-03-19 01:05 - 2015-03-19 01:05 - 00051200 _____ () C:\Windows\system32\kdbsdk64.dll
2015-03-19 01:00 - 2015-03-19 01:00 - 00038912 _____ () C:\Windows\SysWOW64\kdbsdk32.dll
2015-03-15 17:02 - 2015-03-20 22:06 - 00001337 _____ () C:\Users\gorkemeren\Desktop\SpyHunter.lnk
2015-03-15 17:02 - 2015-03-15 17:02 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-03-15 17:02 - 2015-03-15 17:02 - 00000000 ____D () C:\Users\gorkemeren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-03-15 17:02 - 2015-03-15 17:02 - 00000000 ____D () C:\Users\gorkemeren\AppData\Roaming\Enigma Software Group
2015-03-15 17:02 - 2015-03-15 17:02 - 00000000 ____D () C:\sh4ldr
2015-03-15 17:02 - 2015-03-15 17:02 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-03-14 18:30 - 2015-03-14 18:34 - 682835885 _____ () C:\Users\gorkemeren\Downloads\FIFAexTReme15_RP2.rar
2015-03-14 13:56 - 2015-03-14 13:56 - 01143298 _____ () C:\Users\gorkemeren\Downloads\ReShade_0.15.0_Public_Beta_with_SweetFX_2.0_Preview_7.7z
2015-03-14 12:35 - 2015-03-14 12:35 - 00000000 ____D () C:\Users\gorkemeren\Documents\Assassin's Creed Rogue
2015-03-14 12:35 - 2015-03-14 12:35 - 00000000 ____D () C:\Users\gorkemeren\AppData\Roaming\uplay
2015-03-14 11:17 - 2015-03-14 11:17 - 00000000 ____D () C:\NPE
2015-03-14 11:16 - 2015-03-14 11:16 - 00000000 ____D () C:\ProgramData\Norton
2015-03-14 00:26 - 2015-03-14 00:26 - 00000081 _____ () C:\Users\gorkemeren\Desktop\Yeni Metin Belgesi (6).txt
2015-03-14 00:15 - 2015-03-14 00:15 - 00000305 _____ () C:\Users\gorkemeren\Downloads\Dying Light v1.5.0 Junk File Remover.rar
2015-03-14 00:15 - 2015-03-14 00:15 - 00000305 _____ () C:\Users\gorkemeren\Downloads\Dying Light v1.5.0 Junk File Remover (1).rar
2015-03-13 23:53 - 2015-03-13 23:53 - 00001217 _____ () C:\Users\gorkemeren\Desktop\Uplay.lnk
2015-03-13 23:53 - 2015-03-13 23:53 - 00000105 _____ () C:\Users\Public\Desktop\Assassin's Creed Rogue.url
2015-03-13 23:46 - 2015-03-13 23:46 - 00011818 _____ () C:\Users\gorkemeren\Downloads\Dying.Light.Update.v1.5.0.RELOADED.torrent
2015-03-13 23:45 - 2015-03-13 23:45 - 53197385 _____ () C:\Users\gorkemeren\Downloads\Suikastci.dislanmis.duzgun.guncelleme.v1.1.0-SpAwN.rar
2015-03-13 23:45 - 2015-03-13 23:45 - 01846745 _____ () C:\Users\gorkemeren\Downloads\Olu.Isik.V1.5.0.coklu-koop.ilac-SpAwN.rar
2015-03-13 22:22 - 2015-03-13 22:22 - 00079762 _____ () C:\Users\gorkemeren\Downloads\Assassins.Creed.Rogue-CODEX-[torrent-oyun.com].torrent
2015-03-12 20:15 - 2015-03-12 20:15 - 00000000 ____D () C:\Users\gorkemeren\Documents\ProcAlyzer Dumps
2015-03-12 18:54 - 2015-03-14 00:36 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-03-12 18:54 - 2015-03-14 00:35 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-03-12 18:54 - 2015-03-12 18:54 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-03-11 18:45 - 2015-03-11 18:45 - 00000045 _____ () C:\Users\gorkemeren\Desktop\Yeni Metin Belgesi (5).txt
2015-03-11 17:15 - 2015-02-04 02:58 - 00264000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-03-11 17:15 - 2015-02-04 02:58 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-03-11 17:15 - 2015-02-04 02:58 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-03-11 17:15 - 2015-02-03 02:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2015-03-11 17:15 - 2015-02-03 02:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2015-03-11 17:15 - 2015-01-29 03:59 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-03-11 17:15 - 2015-01-29 03:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-03-11 17:15 - 2015-01-27 06:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
2015-03-11 17:15 - 2015-01-24 04:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2015-03-11 17:14 - 2015-03-06 05:53 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 17:14 - 2015-03-06 05:33 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 17:14 - 2015-02-26 02:26 - 04178944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 17:14 - 2015-02-21 04:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 17:14 - 2015-02-21 03:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 17:14 - 2015-02-21 03:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 17:14 - 2015-02-21 03:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-03-11 17:14 - 2015-02-21 03:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 17:14 - 2015-02-21 02:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 17:14 - 2015-02-21 02:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 17:14 - 2015-02-20 06:03 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 17:14 - 2015-02-20 05:58 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 17:14 - 2015-02-20 05:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 17:14 - 2015-02-20 05:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 17:14 - 2015-02-20 05:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 17:14 - 2015-02-20 05:35 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-11 17:14 - 2015-02-20 05:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 17:14 - 2015-02-20 05:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 17:14 - 2015-02-20 05:20 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 17:14 - 2015-02-20 05:15 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 17:14 - 2015-02-20 05:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 17:14 - 2015-02-20 05:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-03-11 17:14 - 2015-02-20 05:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 17:14 - 2015-02-20 05:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 17:14 - 2015-02-20 05:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 17:14 - 2015-02-20 04:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-03-11 17:14 - 2015-02-20 04:56 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-03-11 17:14 - 2015-02-20 04:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-03-11 17:14 - 2015-02-20 04:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 17:14 - 2015-02-20 04:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 17:14 - 2015-02-20 04:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 17:14 - 2015-02-20 04:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 17:14 - 2015-02-20 04:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 17:14 - 2015-02-20 04:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-03-11 17:14 - 2015-02-20 04:29 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-03-11 17:14 - 2015-02-20 04:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 17:14 - 2015-02-20 04:26 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-03-11 17:14 - 2015-02-20 04:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 17:14 - 2015-02-20 04:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 17:14 - 2015-02-20 04:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 17:14 - 2015-02-20 04:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 17:14 - 2015-02-20 04:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 17:14 - 2015-02-20 03:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 17:14 - 2015-02-20 03:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 17:14 - 2015-02-12 20:40 - 22291584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 17:14 - 2015-02-12 20:34 - 19731824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 17:14 - 2015-02-08 02:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-03-11 17:14 - 2015-02-08 02:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2015-03-11 17:14 - 2015-02-07 02:09 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml
2015-03-11 17:14 - 2015-02-06 04:28 - 02257408 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-03-11 17:14 - 2015-02-06 04:08 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-03-11 17:14 - 2015-02-05 23:24 - 01113920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-03-11 17:14 - 2015-02-03 03:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2015-03-11 17:14 - 2015-02-03 03:02 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2015-03-11 17:14 - 2015-01-31 02:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-03-11 17:14 - 2015-01-31 02:29 - 02484224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-03-11 17:14 - 2015-01-31 02:20 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 17:14 - 2015-01-30 06:01 - 00097792 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2015-03-11 17:14 - 2015-01-30 05:03 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2015-03-11 17:14 - 2015-01-30 05:03 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2015-03-11 17:14 - 2015-01-30 05:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2015-03-11 17:14 - 2015-01-30 04:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2015-03-11 17:14 - 2015-01-30 04:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2015-03-11 17:14 - 2015-01-30 04:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2015-03-11 17:14 - 2015-01-30 04:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2015-03-11 17:14 - 2015-01-30 04:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll
2015-03-11 17:14 - 2015-01-30 04:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2015-03-11 17:14 - 2015-01-30 04:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2015-03-11 17:14 - 2015-01-30 04:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2015-03-11 17:14 - 2015-01-30 04:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2015-03-11 17:14 - 2015-01-30 04:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2015-03-11 17:14 - 2015-01-29 21:45 - 01763352 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 17:14 - 2015-01-29 21:34 - 01488040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 17:14 - 2015-01-29 04:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2015-03-11 17:14 - 2015-01-29 04:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
2015-03-11 17:14 - 2015-01-29 04:11 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-11 17:14 - 2015-01-29 04:04 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-03-11 17:14 - 2015-01-29 04:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-03-11 17:14 - 2015-01-29 04:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-11 17:14 - 2015-01-29 03:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-03-11 17:14 - 2015-01-29 03:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-03-11 17:14 - 2015-01-28 18:41 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 17:14 - 2015-01-28 18:41 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-03-11 17:14 - 2015-01-28 18:41 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-03-11 17:14 - 2015-01-28 05:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll
2015-03-11 17:14 - 2015-01-28 04:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll
2015-03-11 17:14 - 2015-01-28 04:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 17:14 - 2015-01-28 04:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 17:14 - 2015-01-28 02:47 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-03-11 17:14 - 2015-01-28 02:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-03-11 17:14 - 2015-01-27 07:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 17:14 - 2015-01-27 05:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 17:14 - 2015-01-23 10:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-03-11 17:14 - 2015-01-23 08:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-03-11 17:14 - 2014-12-11 08:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
2015-03-11 17:13 - 2015-01-21 08:54 - 01384712 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 17:13 - 2015-01-21 08:15 - 01123848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-09 18:24 - 2015-01-03 22:20 - 00000814 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-09 18:23 - 2014-08-28 14:01 - 00001046 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-09 18:00 - 2013-08-22 18:36 - 00000000 ____D () C:\Windows\system32\sru
2015-04-09 17:57 - 2015-02-17 21:59 - 01446223 _____ () C:\Windows\WindowsUpdate.log
2015-04-09 17:54 - 2014-08-28 12:08 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-966167090-4290164784-3041656091-1001
2015-04-09 17:39 - 2014-10-23 18:45 - 00000000 ____D () C:\Users\gorkemeren\AppData\Roaming\HD Tune Pro
2015-04-09 17:36 - 2013-08-22 18:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-04-09 17:14 - 2014-08-28 22:59 - 00000000 ____D () C:\Users\gorkemeren\Documents\My Games
2015-04-09 17:13 - 2015-01-11 15:10 - 00000000 ____D () C:\Users\gorkemeren\AppData\Local\CrashDumps
2015-04-09 17:12 - 2014-08-29 13:31 - 00000000 ____D () C:\ProgramData\Orbit
2015-04-09 16:06 - 2014-09-18 16:34 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-04-09 16:04 - 2014-03-18 18:40 - 01728544 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-09 16:04 - 2014-03-18 17:58 - 00711250 _____ () C:\Windows\system32\perfh01F.dat
2015-04-09 16:04 - 2014-03-18 17:58 - 00146214 _____ () C:\Windows\system32\perfc01F.dat
2015-04-09 16:00 - 2014-08-28 14:00 - 00001042 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-09 16:00 - 2013-08-22 17:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-08 21:50 - 2013-08-22 16:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-04-08 21:49 - 2014-09-03 00:47 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-08 16:12 - 2014-09-08 00:56 - 00000000 ___RD () C:\Users\gorkemeren\Desktop\OYUNLAR
2015-04-08 16:05 - 2014-10-08 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
2015-04-07 20:54 - 2014-09-21 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-04-07 20:50 - 2014-08-28 15:46 - 00000000 ____D () C:\Users\gorkemeren\AppData\Roaming\BitTorrent
2015-04-07 20:50 - 2014-08-28 15:42 - 00000000 ____D () C:\Users\gorkemeren\AppData\Roaming\DAEMON Tools Lite
2015-04-07 20:39 - 2015-02-14 01:31 - 00000000 ____D () C:\Users\gorkemeren\Desktop\TARİH SUNUM
2015-04-06 18:16 - 2014-11-11 18:15 - 00000000 ____D () C:\Users\gorkemeren\AppData\Roaming\WiseUpdate
2015-04-06 18:16 - 2014-09-17 20:30 - 00000000 ____D () C:\Users\gorkemeren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OyunÇeviri
2015-04-06 18:16 - 2014-09-08 00:55 - 00000000 ___RD () C:\Users\gorkemeren\Desktop\Programlar
2015-04-06 18:16 - 2014-09-04 18:04 - 00000000 ____D () C:\Users\gorkemeren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grand Theft Auto IV Türkçe Yama (FINAL)
2015-04-06 17:37 - 2015-03-07 21:05 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-06 17:02 - 2014-11-19 21:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-06 16:10 - 2013-08-22 18:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-04-04 12:58 - 2014-08-28 13:05 - 00000000 ____D () C:\Users\gorkemeren\AppData\Roaming\Raptr
2015-04-04 12:55 - 2014-08-28 13:05 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-04-04 12:53 - 2014-12-14 16:55 - 00000000 ____D () C:\Program Files (x86)\Dragon Age Inquisition
2015-04-04 12:35 - 2014-12-16 17:56 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-04-04 12:27 - 2014-08-28 14:01 - 00002199 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-01 17:20 - 2014-11-08 11:19 - 00000000 ____D () C:\Users\gorkemeren\AppData\Roaming\Apple Computer
2015-04-01 17:20 - 2014-09-11 12:14 - 00000000 ____D () C:\Users\Oyuncu
2015-04-01 15:56 - 2014-08-28 12:02 - 00000000 ____D () C:\Users\gorkemeren
2015-03-28 13:52 - 2013-08-22 18:36 - 00000000 ____D () C:\Windows\registration
2015-03-25 20:20 - 2014-09-11 13:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2015-03-25 20:15 - 2014-08-28 13:21 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-21 12:27 - 2014-12-10 18:34 - 00000000 ____D () C:\Program Files (x86)\AMD
2015-03-21 12:27 - 2014-08-28 12:08 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-21 12:27 - 2014-08-28 12:07 - 00000000 ____D () C:\Program Files\AMD
2015-03-21 12:26 - 2014-08-28 12:07 - 00000000 ____D () C:\AMD
2015-03-21 12:23 - 2015-01-24 13:02 - 00000000 ____D () C:\Users\gorkemeren\Downloads\DDU 14.1.0.0
2015-03-19 22:20 - 2014-09-05 18:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oyun Çeviri
2015-03-19 21:57 - 2014-09-17 19:57 - 00000000 ____D () C:\Users\gorkemeren\Documents\BioWare
2015-03-19 21:56 - 2014-08-28 17:07 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-03-19 21:11 - 2014-08-31 20:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Games
2015-03-15 21:18 - 2014-08-28 12:03 - 00000000 ____D () C:\Users\gorkemeren\AppData\Local\Packages
2015-03-14 17:54 - 2015-03-03 19:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-14 11:19 - 2015-02-17 18:37 - 00000000 ____D () C:\Users\gorkemeren\AppData\Local\NPE
2015-03-14 11:09 - 2015-03-03 21:24 - 00000000 ____D () C:\Users\gorkemeren\Desktop\CCE
2015-03-13 18:01 - 2015-01-23 19:03 - 00000000 ____D () C:\Program Files (x86)\RivaTuner Statistics Server
2015-03-13 18:01 - 2015-01-23 19:02 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2015-03-12 17:57 - 2013-08-22 18:36 - 00000000 ____D () C:\Windows\rescache
2015-03-11 19:18 - 2013-08-22 18:36 - 00000000 ___RD () C:\Windows\ToastData
2015-03-11 19:18 - 2013-08-22 18:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-11 19:18 - 2013-08-22 18:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-11 19:18 - 2013-08-22 18:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-11 19:18 - 2013-08-22 18:36 - 00000000 ____D () C:\Windows\WinStore
2015-03-11 19:18 - 2013-08-22 18:36 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2015-03-11 19:18 - 2013-08-22 18:36 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-03-11 19:18 - 2013-08-22 18:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-03-11 19:18 - 2013-08-22 18:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-11 19:18 - 2013-08-22 18:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-11 19:17 - 2013-08-22 18:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-03-11 19:14 - 2014-08-28 13:34 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 19:13 - 2014-08-28 13:34 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 18:41 - 2015-03-07 16:53 - 00000537 _____ () C:\Users\gorkemeren\Desktop\Yeni Metin Belgesi (3).txt
 
==================== Files in the root of some directories =======
 
2014-09-12 16:03 - 2014-09-21 17:36 - 0000003 _____ () C:\Users\gorkemeren\AppData\Roaming\ispnetkey.dll
2014-08-28 13:21 - 2014-08-28 13:21 - 0000000 _____ () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-04 11:35
 
==================== End Of Log ============================
Addition:
 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:56 PM

Posted 12 April 2015 - 08:32 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-966167090-4290164784-3041656091-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
C:\Program Files\KMSpico

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

How is the computer running now.

p.s.
If any problems please run the RogueKiller tool and post the log for my review.

#3 SR2

SR2
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:56 AM

Posted 15 April 2015 - 10:03 AM

Thank you.

FİXLOG:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Oyuncu at 2015-04-11 23:54:13 Run:1
Running from C:\Users\gorkemeren\Desktop\Yeni klasör
Loaded Profiles: Oyuncu (Available profiles: Oyuncu)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-966167090-4290164784-3041656091-1001\...\MountPoints2: {2fbb71ca-2ea0-11e4-8255-08606ef3c5c4} - "N:\setup.exe" 
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-966167090-4290164784-3041656091-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
2014-09-12 16:03 - 2014-09-21 17:36 - 0000003 _____ () C:\Users\gorkemeren\AppData\Roaming\ispnetkey.dll
2014-08-28 13:21 - 2014-08-28 13:21 - 0000000 _____ () C:\ProgramData\DP45977C.lfl
C:\Users\gorkemeren\AppData\Local\Temp\dllnt_dump.dll
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
AlternateDataStreams: C:\Users\gorkemeren\OneDrive:ms-properties
C:\Program Files\KMSpico
 
*****************
 
"HKU\S-1-5-21-966167090-4290164784-3041656091-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2fbb71ca-2ea0-11e4-8255-08606ef3c5c4}" => Key deleted successfully.
HKCR\CLSID\{2fbb71ca-2ea0-11e4-8255-08606ef3c5c4} => Key not found. 
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-966167090-4290164784-3041656091-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa" => Key deleted successfully.
BAPIDRV => Service deleted successfully.
Service KMSELDI => Service deleted successfully.
C:\Users\gorkemeren\AppData\Roaming\ispnetkey.dll => Moved successfully.
C:\ProgramData\DP45977C.lfl => Moved successfully.
C:\Users\gorkemeren\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\ProgramData\TEMP => ":1CE11B51" ADS removed successfully.
"C:\Users\gorkemeren\OneDrive" => ":ms-properties" ADS not found.
C:\Program Files\KMSpico => Moved successfully.
 
==== End of Fixlog 23:54:13 ====

Edited by SR2, 15 April 2015 - 10:09 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:56 PM

Posted 15 April 2015 - 12:38 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:56 PM

Posted 19 April 2015 - 07:36 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users