Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Srv.exe


  • This topic is locked This topic is locked
17 replies to this topic

#1 tunarinc

tunarinc

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 14 November 2015 - 10:27 AM

Hi, i just got infected from a virus, i dont know which file is causing it but there are some symptoms that i encountered.

 

  • Whenever i open a .exe file "filename"Srv.exe is created.
  • Internet explorer has stopped working error pops up and spams generally (even when i dont use it).
  • My internet speed slowed heavily only on this device.

How can i get rid of this virus?

 

Thanks.



BC AdBot (Login to Remove)

 


#2 tunarinc

tunarinc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 14 November 2015 - 12:05 PM

Up



#3 tunarinc

tunarinc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 14 November 2015 - 04:54 PM

up



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:01 PM

Posted 15 November 2015 - 04:38 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 tunarinc

tunarinc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 15 November 2015 - 04:56 AM

Thanks for your reply;

deeprybka

Before i post the logs i have to tell you that i've already made some scans with other softwares, at first i began with AdwCleaner and made a small cleaning, than used Combofix and finally i started using malware bytes and still using it. Every time i start an .exe file  "filename"Srv.exe generates and malwarebytes says that this file has Trojan.Zbot virus on it.

- Hope you can understand me because my english is not enough to describe what i have done.

 

*Here are the logs*

 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by Belgeler (administrator) on 130315BEYAZ (15-11-2015 11:46:37)
Running from C:\Users\Belgeler\Downloads
Loaded Profiles: Belgeler (Available Profiles: Belgeler)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Türkçe (Türkiye)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek) C:\Program Files (x86)\lnca\11n USB Wireless LAN Utility\RtlService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\lnca\11n USB Wireless LAN Utility\RtWLan.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{0C44AB8C-E944-4163-A54C-1833EC7F78BD}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{E86AB87D-E465-44BB-A2A7-7B3AD03E7194}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{F7C3B0FB-63A6-4E6D-89D8-9CF4C4AAA649}: [DhcpNameServer] 192.168.2.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3479016494-1360464811-1450154057-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3479016494-1360464811-1450154057-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3479016494-1360464811-1450154057-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-03-13] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-03-13] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-03-13] (Oracle Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2011-11-12] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-11-12] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll [2011-11-12] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2011-11-12] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-03-13] ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-03-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-03-13] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-11-12] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-12-10] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-03-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2015-01-09] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-03-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-03-13] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-11-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Belgeler\AppData\Roaming\raidcall\plugins\nprcplugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3479016494-1360464811-1450154057-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Belgeler\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
 
Chrome: 
=======
CHR HomePage: Profile 1 -> hxxp://www.google.com.tr/
CHR StartupUrls: Profile 1 -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Belgeler\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Oz'a giden yolu bulun) - C:\Users\Belgeler\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dgmbnhmcbgnenhcjpmgfhneiiamfijel [2015-05-01]
CHR Extension: (Chrome Web Mağazası Ödemeleri) - C:\Users\Belgeler\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
StartMenuInternet: Google Chrome.KFW4LGO66OAVAXWAPMLW3Y7YOQ - C:\Users\Belgeler\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation)
S4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
S4 Disc Soft Ultra Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [1378576 2015-02-27] (Disc Soft Ltd)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed]
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-06-03] (NVIDIA Corporation)
R2 Inca11nSU; C:\Program Files (x86)\lnca\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
S4 jswpbapi; C:\Program Files (x86)\Jumpstart\jswpbapi.exe [265216 2008-09-26] (Atheros Communications, Inc.) [File not signed]
S4 jswpsapi; C:\Program Files (x86)\Jumpstart\jswpsapi.exe [1015808 2015-09-01] (Atheros Communications, Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [397312 2015-09-01] (Microsoft Corporation) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3611808 2015-07-22] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-06-03] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23007376 2015-06-03] (NVIDIA Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S3 mi-raysat_3dsmax2015_64; "D:\AutoDesk3DsMax\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe" [X]
S3 WsAppService; "C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2012-12-04] (Advanced Micro Devices Inc.)
S3 CEDRIVER60; C:\Program Files (x86)\Cheat Engine 6.4\dbk64.sys [64064 2014-06-20] ()
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-03-18] (Disc Soft Ltd)
R3 dtultrascsibus; C:\Windows\System32\DRIVERS\dtultrascsibus.sys [30352 2015-03-15] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-15] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-06-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46768 2015-05-19] (NVIDIA Corporation)
R3 Serenum; C:\Windows\System32\DRIVERS\nuvserenum.sys [23552 2014-01-12] (Windows ® Win 7 DDK provider)
R3 Serial; C:\Windows\System32\DRIVERS\nuvserial.sys [86016 2014-01-12] (Nuvoton Technology Corp.)
R3 wovad_micarray; C:\Windows\System32\drivers\womic.sys [27056 2015-02-22] (Windows ® Win 7 DDK provider)
S3 AndnetBus; system32\DRIVERS\lgandnetbus64.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
U4 JavaQuickStarterService; no ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 XFDriver64; \??\C:\Program Files (x86)\Xfire2\XFDriver64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S3 xspirit; \??\C:\Windows\xspirit.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-15 11:46 - 2015-11-15 11:46 - 00013364 _____ C:\Users\Belgeler\Downloads\FRST.txt
2015-11-15 11:46 - 2015-11-15 11:46 - 00000000 ____D C:\FRST
2015-11-15 11:41 - 2015-11-15 11:45 - 02198528 _____ (Farbar) C:\Users\Belgeler\Downloads\FRST64.exe
2015-11-14 20:55 - 2015-11-14 20:55 - 00112272 _____ C:\Users\Belgeler\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-14 20:08 - 2015-11-14 22:06 - 00000000 ____D C:\Users\Belgeler\AppData\Local\Microsoft Games
2015-11-14 19:26 - 2015-11-14 19:26 - 00000000 ____D C:\$Windows.~WS
2015-11-14 19:17 - 2015-11-14 19:17 - 00291816 _____ C:\Windows\Minidump\111415-31403-01.dmp
2015-11-14 19:05 - 2015-11-14 19:07 - 07635472 _____ (Microsoft Corporation) C:\Users\Belgeler\Downloads\GetWindows10-sds_____________.exe
2015-11-14 17:28 - 2015-11-15 11:37 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-14 17:27 - 2015-11-14 17:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-14 17:27 - 2015-11-14 17:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-14 17:27 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-14 17:27 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-14 17:27 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-14 17:10 - 2015-11-14 17:10 - 00000000 ____D C:\Users\Belgeler\AppData\Roaming\TeamViewer
2015-11-14 00:07 - 2015-11-14 00:07 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2015-11-14 00:06 - 2014-07-09 16:22 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2015-11-13 23:03 - 2015-11-13 23:03 - 00020674 _____ C:\ComboFix.txt
2015-11-13 22:26 - 2015-11-13 22:26 - 00003114 _____ C:\Windows\System32\Tasks\{BD85E735-4A84-4D0B-A041-3349606E48F0}
2015-11-13 21:49 - 2015-11-13 22:16 - 01787392 _____ C:\Users\Belgeler\Downloads\adwcleaner_5.020.exe
2015-11-13 21:49 - 2015-11-13 21:53 - 05638248 ____R (Swearware) C:\Users\Belgeler\Downloads\ComboFix.exe
2015-11-13 17:30 - 2015-11-13 17:37 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2015-10-29 21:26 - 2015-10-29 21:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-10-16 21:39 - 2015-10-16 21:39 - 00000000 ____D C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS3
2015-10-16 21:39 - 2015-10-16 21:39 - 00000000 ____D C:\Program Files (x86)\Adobe Photoshop CS3
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-15 11:43 - 2015-05-15 23:11 - 00001020 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-15 11:43 - 2009-07-14 06:45 - 00023168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-15 11:43 - 2009-07-14 06:45 - 00023168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-15 11:42 - 2015-03-13 20:37 - 00000940 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3479016494-1360464811-1450154057-1000UA.job
2015-11-15 11:39 - 2015-03-13 20:19 - 01842568 _____ C:\Windows\WindowsUpdate.log
2015-11-15 11:37 - 2015-05-15 23:11 - 00001016 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-15 11:36 - 2010-11-21 05:47 - 00255242 _____ C:\Windows\PFRO.log
2015-11-15 11:36 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-15 11:36 - 2009-07-14 06:51 - 00111416 _____ C:\Windows\setupact.log
2015-11-14 22:14 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\Offline Web Pages
2015-11-14 20:42 - 2015-03-13 20:37 - 00000918 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3479016494-1360464811-1450154057-1000Core.job
2015-11-14 20:00 - 2015-03-13 20:23 - 00000000 ____D C:\Users\Belgeler
2015-11-14 19:26 - 2015-03-13 20:16 - 00000000 ____D C:\Windows\Panther
2015-11-14 19:17 - 2015-08-08 16:50 - 510278787 _____ C:\Windows\MEMORY.DMP
2015-11-14 19:17 - 2015-08-08 16:50 - 00000000 ____D C:\Windows\Minidump
2015-11-14 18:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-11-14 18:06 - 2009-07-14 06:45 - 00422064 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-14 17:49 - 2015-08-03 18:51 - 00000000 ____D C:\Program Files (x86)\Jumpstart
2015-11-14 17:49 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Resources
2015-11-14 17:07 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-11-14 17:05 - 2015-03-15 20:05 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-14 17:03 - 2015-03-18 23:51 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2015-11-14 16:23 - 2015-03-14 20:13 - 00000000 ____D C:\Users\Belgeler\AppData\Roaming\Skype
2015-11-14 12:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2015-11-14 12:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\tr-TR
2015-11-14 12:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-11-14 11:39 - 2015-03-21 20:05 - 00000000 ____D C:\Users\Belgeler\AppData\Local\Akamai
2015-11-13 23:03 - 2015-06-03 17:26 - 00000000 ____D C:\Qoobox
2015-11-13 22:57 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-11-13 22:31 - 2015-03-13 20:43 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-13 22:20 - 2015-10-10 15:42 - 00000000 ____D C:\ProgramData\TEMP
2015-11-13 22:15 - 2015-03-13 20:36 - 00356480 _____ C:\Windows\DirectX.log
2015-11-13 21:17 - 2015-03-19 00:14 - 00000000 ____D C:\Users\Belgeler\Documents\Visual Studio 2013
2015-11-13 20:20 - 2011-04-12 16:56 - 00658722 _____ C:\Windows\system32\perfh01F.dat
2015-11-13 20:20 - 2011-04-12 16:56 - 00140424 _____ C:\Windows\system32\perfc01F.dat
2015-11-13 20:20 - 2009-07-14 07:13 - 01576552 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-02 09:28 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-10-31 16:17 - 2015-08-03 11:39 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-31 16:16 - 2015-08-03 11:39 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-29 21:23 - 2015-10-13 16:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia
2015-10-29 21:23 - 2015-10-13 16:46 - 00000000 ____D C:\Users\Belgeler\Documents\IK Multimedia
2015-10-29 19:45 - 2015-03-16 19:40 - 00000000 ____D C:\Users\Belgeler\AppData\Roaming\uTorrent
2015-10-26 17:29 - 2015-10-13 16:51 - 00000016 _____ C:\Windows\SysWOW64\w3data.vss
2015-10-26 17:29 - 2015-10-13 16:51 - 00000016 _____ C:\Windows\msocreg32.dat
2015-10-26 17:29 - 2015-10-13 16:51 - 00000016 _____ C:\ProgramData\autobk.inc
2015-10-16 22:25 - 2015-03-13 20:37 - 00000000 ____D C:\Users\Belgeler\AppData\Local\Adobe
2015-10-16 21:39 - 2015-03-13 20:37 - 00000000 ____D C:\Users\Belgeler\AppData\Roaming\Adobe
2015-10-16 16:49 - 2015-03-13 20:47 - 00000000 ____D C:\ProgramData\Skype
 
==================== Files in the root of some directories =======
 
2015-10-13 16:51 - 2015-10-26 17:29 - 0000016 _____ () C:\ProgramData\autobk.inc
2015-03-13 20:36 - 2015-03-13 20:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <===== ATTENTION
 
 
LastRegBack: 2015-11-10 18:07
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by Belgeler (2015-11-15 11:47:11)
Running from C:\Users\Belgeler\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2015-03-13 18:23:32)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3479016494-1360464811-1450154057-500 - Administrator - Disabled)
Belgeler (S-1-5-21-3479016494-1360464811-1450154057-1000 - Administrator - Enabled) => C:\Users\Belgeler
Guest (S-1-5-21-3479016494-1360464811-1450154057-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3479016494-1360464811-1450154057-1000\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Turkish (HKLM-x32\...\{AC76BA86-7AD7-1055-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe Photoshop CS3_is1) (Version: 10.0 - -[ sk8er_boi ]-)
Adobe Shockwave Player 12.1 (HKLM-x32\...\{7E33E883-0D17-4397-A461-B576605E34B1}) (Version: 12.1.6.156 - Adobe Systems, Inc)
Akamai NetSession Interface (HKU\S-1-5-21-3479016494-1360464811-1450154057-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.6.8.3 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.6.8.3 - ASUSTek COMPUTER INC.) Hidden
Autodesk 3ds Max 2015 (Version: 17.1.149.0 - Autodesk) Hidden
Autodesk 3ds Max 2015 SP1 (HKLM\...\Autodesk 3ds Max 2015 SP1) (Version: 17.1.149.0 - Autodesk)
Autodesk DirectConnect 2015 64-bit Hotfix1 (HKLM\...\Autodesk DirectConnect 2015 64-bit_9001) (Version: 9.0.56.4 - Autodesk)
AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Behaviors SDK (XAML) for Visual Studio (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Call of Duty® 2 Patch 1.3 (x32 Version: 1.3 - ) Hidden
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Cok Free Auto Clicker 3.0 (HKLM-x32\...\Cok Free Auto Clicker_is1) (Version: 3.0 - Cok Software)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
DAEMON Tools Ultra (HKLM-x32\...\DAEMON Tools Ultra) (Version: 3.0.0.0310 - Disc Soft Ltd)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Guitar Pro 5.2 (HKLM-x32\...\Guitar Pro 5_is1) (Version:  - Arobas Music)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JavaScript Tooling (Version: 12.0.21005 - Microsoft Corporation) Hidden
Jumpstart Installation Program (HKLM-x32\...\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}) (Version:  - Atheros)
K-Lite Mega Codec Pack 10.3.6 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.3.6 - )
lnca Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0175 - REALTEK Semiconductor Corp.)
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
Malwarebytes Anti-Malware 2.2.0.1024 sürümü (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{30FF5906-91BB-35BF-9AB8-9EE0B007FD75}) (Version: 4.5.52213 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (TRK) (HKLM\...\{04922FCE-0280-3BDE-813D-5C50BEBFB068}) (Version: 4.5.52213 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Excel 2007 Help Güncelleştirmesi (KB963678) (HKLM-x32\...\{90120000-0016-041F-0000-0000000FF1CE}_PROPLUS_{E792E914-5172-48B2-A58A-65C3F311C4E2}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Powerpoint 2007 Help Güncelleştirmesi (KB963669) (HKLM-x32\...\{90120000-0018-041F-0000-0000000FF1CE}_PROPLUS_{8C762073-C6A4-4A11-A639-1C73014FAE00}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word 2007 Help Güncelleştirmesi (KB963665) (HKLM-x32\...\{90120000-001B-041F-0000-0000000FF1CE}_PROPLUS_{96E44099-EB0F-45A3-8831-40412110810D}) (Version:  - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40820 - Microsoft Corporation)
Microsoft Visual Studio Ultimate 2013 (HKLM-x32\...\{cd09eea6-d0b3-4246-bb80-e047ceadf61f}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)
NVIDIA 3D Vision Denetleyici Sürücüsü 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.5.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.44 - NVIDIA Corporation)
NVIDIA Grafik Sürücüsü 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD Ses Sürücüsü 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX Sistem Yazılımı 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
osu! (HKLM-x32\...\{8c650ed2-15e8-462f-b771-d036ec8c44dc}) (Version: latest - ppy Pty Ltd)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden
Ralink RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.0.8.0 - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Sakura Clicker (HKLM-x32\...\Steam App 383080) (Version:  - Winged Cloud)
SharePoint Client Components (Version: 15.0.4481.1505 - Microsoft Corporation) Hidden
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.44 - NVIDIA Corporation) Hidden
Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Workflow Manager Client 1.0 (Version: 2.0.30813.2 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.30725.1 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3479016494-1360464811-1450154057-1000_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> D:\AutoDesk3DsMax\3ds Max 2015\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-3479016494-1360464811-1450154057-1000_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> D:\AutoDesk3DsMax\3ds Max 2015\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-3479016494-1360464811-1450154057-1000_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> D:\AutoDesk3DsMax\3ds Max 2015\Inventor Server\Bin\TestServer.dll => No File
 
==================== Restore Points =========================
 
29-10-2015 19:59:24 Installed DirectX
01-11-2015 16:30:24 Installed DirectX
08-11-2015 17:27:29 Zamanlanan Denetim Noktası
13-11-2015 17:28:58 Installed BlueStacks App Player 0.9.6.4092 SuperUser BSEasy
13-11-2015 22:13:10 Installed DirectX
13-11-2015 22:21:41 Removed QuickTime
13-11-2015 22:27:27 Female Voices for MorphVOX
13-11-2015 22:29:11 Removed WCF RIA Services V1.0 SP2
13-11-2015 22:29:33 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
13-11-2015 22:30:00 Removed Secure Download Manager
13-11-2015 22:30:53 MorphVOX Pro
14-11-2015 00:05:36 Yüklenen LG United Mobile Driver
14-11-2015 12:02:38 Windows Modül Yükleyicisi
14-11-2015 17:02:10 Removed WCF RIA Services V1.0 SP2
14-11-2015 17:04:30 Kaldırılan LG United Mobile Driver
14-11-2015 17:06:09 Removed BlueStacks App Player 0.9.6.4092 SuperUser BSEasy
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-11-13 22:55 - 2015-11-13 22:57 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {10F428CA-2A13-4C28-BD5C-4BEBE2F1D8AF} - System32\Tasks\{C4536272-AD58-4C6B-B4DE-B1CE2CF21B1E} => pcalua.exe -a "D:\Guitar Pro 6\GPInstaller.exe" -d "D:\Guitar Pro 6"
Task: {1AD0CE62-DD20-49A2-9435-96BD749A5FED} - System32\Tasks\{927AE681-8B2A-4079-974C-FF012A2FCFED} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.2.59.103/tr/abandoninstall?page=tsMain
Task: {20C1C190-0D1C-4240-8332-656524C74A91} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3479016494-1360464811-1450154057-1000Core => C:\Users\Belgeler\AppData\Local\Facebook\Update\FacebookUpdate.exe [2015-03-13] (Facebook Inc.)
Task: {2AD735DB-75C9-4B2A-B6E0-CAD319FEA976} - System32\Tasks\{6566C957-D318-492F-A518-B266AD52152C} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.3.60.101/tr/abandoninstall?page=tsMain
Task: {4D1AFF15-82F8-4C49-9AB5-2DD4FD89721A} - System32\Tasks\{BD85E735-4A84-4D0B-A041-3349606E48F0} => pcalua.exe -a "C:\Program Files (x86)\CoC Bot\CoC Bot\Uninstall.exe"
Task: {7C7ADF5B-BC13-42C2-942F-E753A5F3A104} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-15] (Google Inc.)
Task: {7D7BA0B4-201F-4C27-83E8-6CBB604A2938} - System32\Tasks\{95591752-A273-4FCC-8A40-66C0D8E7AC3D} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.3.0.101/tr/abandoninstall?page=tsMain
Task: {8DD898C4-83A6-49F1-A582-404A4607ABE6} - System32\Tasks\{CC33B6EF-057B-4885-9A86-4A9EB36BF5C9} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.2.0.103/tr/go/help.faq.installer?LastError=1603
Task: {A9E60148-1371-4558-A973-6E6E6C4A983C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3479016494-1360464811-1450154057-1000UA => C:\Users\Belgeler\AppData\Local\Facebook\Update\FacebookUpdate.exe [2015-03-13] (Facebook Inc.)
Task: {D7EA3777-D77F-4AD3-B1AF-387961E83969} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DF2E47D5-A863-40F6-98A0-5CEE13AE1092} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-15] (Google Inc.)
Task: {F0B18E2B-01FE-4332-B691-C13DCF54592F} - System32\Tasks\{917BF815-37AE-41E3-8115-5FF94E089D9B} => pcalua.exe -a C:\Users\Belgeler\Desktop\MorphVOXPro4_Install-1.exe -d C:\Users\Belgeler\Desktop
Task: {FB80BBD8-71C1-420C-A843-F2682BA947D6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3479016494-1360464811-1450154057-1000Core.job => C:\Users\Belgeler\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3479016494-1360464811-1450154057-1000UA.job => C:\Users\Belgeler\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-03-13 20:54 - 2014-07-02 20:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-09-24 20:15 - 2015-09-24 20:22 - 00188416 _____ () C:\Program Files (x86)\lnca\11n USB Wireless LAN Utility\EnumDevLib.dll
2015-04-20 19:08 - 2015-06-03 23:06 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-11-13 17:53 - 2015-11-07 06:36 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
2015-11-13 17:53 - 2015-11-07 06:36 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows\system32\Drivers\acpi.sys:manifest
AlternateDataStreams: C:\ProgramData\TEMP:56EF6D33
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3479016494-1360464811-1450154057-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: ASGT => 2
MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BstHdUpdaterSvc => 2
MSCONFIG\Services: Disc Soft Lite Bus Service => 3
MSCONFIG\Services: Disc Soft Ultra Bus Service => 3
MSCONFIG\Services: FlexNet Licensing Service 64 => 3
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: jswpbapi => 2
MSCONFIG\Services: jswpsapi => 3
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: SbieSvc => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\startupfolder: C:^Users^Belgeler^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Curse.lnk => C:\Windows\pss\Curse.lnk.Startup
MSCONFIG\startupreg: AceStream => C:\Users\Belgeler\AppData\Roaming\ACEStream\engine\ace_engine.exe
MSCONFIG\startupreg: AceUpdater => C:\Users\Belgeler\AppData\Roaming\ACEStream\updater\ace_update.exe
MSCONFIG\startupreg: AceWebException => C:\Users\Belgeler\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Belgeler\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: Clownfish => "C:\Users\Belgeler\Desktop\za\Clownfish.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DAEMON Tools Ultra Agent => "C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe" -autorun
MSCONFIG\startupreg: IDMan => C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
MSCONFIG\startupreg: jswtrayutil => "C:\Program Files (x86)\Jumpstart\jswtrayutil.exe"
MSCONFIG\startupreg: MSConfig => "C:\Users\Belgeler\nsrulqie.exe"
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: Server.exe => C:\Windows\System32\Server.exe
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: SkypeVoiceChanger => C:\Users\Belgeler\Desktop\SkypeVoiceChanger.exe /auto
MSCONFIG\startupreg: Spotify => "C:\Users\Belgeler\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Belgeler\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "D:\Steam\steam.exe" -silent
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"
MSCONFIG\startupreg: XMouseButtonControl => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe /notportable
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{9EF58FEB-0EF5-4DEB-B2E4-64C18DBACEBF}] => (Allow) C:\Users\Belgeler\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{9BCB20D7-3E6C-477B-B55C-C0B730354B57}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C2A21AFE-7D81-4024-BF6B-014A567E08D6}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{FFA92BEB-28F9-469C-A0BA-0D3AE2ED9A26}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{69A29739-5643-4D7D-9A99-EC5FBBB891C2}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{4242B0BC-E000-4FC7-B0DC-0B600B1C00A2}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{BC93EE00-0E5A-4C2E-9237-85AC2744535E}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{EB1F13B1-5292-4071-A12D-4D0173357E3B}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{59130662-D128-413D-BE43-87E06BDBB7A1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{67C1AE0E-AD86-4283-B0DB-08DD4BCC2D09}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9BAFE900-AC76-41F8-93B1-1F13E284505C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{700EDFA8-DC75-4126-B4F2-C77CFEC27825}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{89ADB105-567D-4A4E-86D8-605165704C2E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EA879876-2E06-4866-B9E3-623CAC5BE670}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{108E0E43-000A-4579-B04E-EC065C6F3223}] => (Allow) C:\Users\Belgeler\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{82B84651-2C76-463F-BFB7-7B0261D6BF1F}] => (Allow) C:\Users\Belgeler\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{15AA77D0-8871-484C-8146-D4E9961CABF9}D:\gh 3\gh3.exe] => (Allow) D:\gh 3\gh3.exe
FirewallRules: [UDP Query User{0B8DB127-C16A-4CCB-BBA2-4114891C0BB9}D:\gh 3\gh3.exe] => (Allow) D:\gh 3\gh3.exe
FirewallRules: [{9050E4B3-BF0F-43CE-9B0B-5D864B17267E}] => (Allow) D:\Visual Studio 2013\VS2013\Common7\IDE\devenv.exe
FirewallRules: [{42904AF6-78C9-481C-8929-E1545A224961}] => (Allow) D:\Visual Studio 2013\VS2013\Common7\IDE\devenv.exe
FirewallRules: [{9D5D9EBC-F9DB-4334-8C2B-EA1BA69AA9A0}] => (Allow) D:\Visual Studio 2013\VS2013\Common7\IDE\devenv.exe
FirewallRules: [{A223B586-7D2D-47AB-8E9B-C4BB451AE39A}] => (Allow) D:\Visual Studio 2013\VS2013\Common7\IDE\devenv.exe
FirewallRules: [{FA947925-1268-40BB-BF79-F406860F4665}] => (Allow) D:\Visual Studio 2013\VS2013\Common7\IDE\devenv.exe
FirewallRules: [{713B6919-63F8-436D-8CF4-717F661B9947}] => (Allow) D:\Visual Studio 2013\VS2013\Common7\IDE\devenv.exe
FirewallRules: [{4CCE58AF-4B65-4F0A-8C1A-EAD8A9324B71}] => (Allow) D:\Visual Studio 2013\VS2013\Common7\IDE\devenv.exe
FirewallRules: [{8B8493B9-0F9F-41EC-A715-B84B567ED279}] => (Allow) LPort=12292
FirewallRules: [TCP Query User{9AF16D13-A57E-4E7E-BEAD-BD3F26596AE0}C:\users\belgeler\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\belgeler\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{F3487BA7-39E0-4167-B67C-77FBD7CDCB7A}C:\users\belgeler\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\belgeler\appdata\local\akamai\netsession_win.exe
FirewallRules: [{4B229616-6DF2-48DA-AAD4-B9BDF3D6E117}] => (Allow) D:\AutoDesk3DsMax\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe
FirewallRules: [{7CA4742D-25ED-44B1-AB1E-A1A95949CD92}] => (Allow) D:\AutoDesk3DsMax\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe
FirewallRules: [{AA1769A7-ED01-4C3C-963E-E84D643D207F}] => (Allow) D:\AutoDesk3DsMax\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64.exe
FirewallRules: [{28DFCC66-74B2-4DC1-95F0-2AD0730580C3}] => (Allow) D:\AutoDesk3DsMax\3ds Max 2015\NVIDIA\Satellite\raysat_3dsmax2015_64.exe
FirewallRules: [TCP Query User{B6438F2C-C773-40C5-B770-0227391F9B4A}C:\program files (x86)\xfire2\xfire.exe] => (Allow) C:\program files (x86)\xfire2\xfire.exe
FirewallRules: [UDP Query User{C193979B-6FE4-406D-A2D7-7F3955135E85}C:\program files (x86)\xfire2\xfire.exe] => (Allow) C:\program files (x86)\xfire2\xfire.exe
FirewallRules: [TCP Query User{7A3D75FA-4103-45BE-B742-D97D3DD8A4AF}D:\cod2\cod2mp_s.exe] => (Allow) D:\cod2\cod2mp_s.exe
FirewallRules: [UDP Query User{43BE4F7A-F17F-4CF8-A557-A04A8EDBCC18}D:\cod2\cod2mp_s.exe] => (Allow) D:\cod2\cod2mp_s.exe
FirewallRules: [TCP Query User{5117DB66-8F2F-490B-9079-D508EDD2A350}D:\gh world tour mod\ghwt.exe] => (Allow) D:\gh world tour mod\ghwt.exe
FirewallRules: [UDP Query User{D7E8039A-052A-4356-9EB6-2835C6D2DD61}D:\gh world tour mod\ghwt.exe] => (Allow) D:\gh world tour mod\ghwt.exe
FirewallRules: [TCP Query User{330292E0-390F-4076-8A0F-D3AF029D2902}C:\users\belgeler\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\belgeler\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{0DB876F7-F99B-444D-863A-5A17212A762D}C:\users\belgeler\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\belgeler\downloads\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{E61062E9-D9CB-4675-BE67-23F866EDCF5F}] => (Allow) D:\Battle.net\Battle.net.exe
FirewallRules: [{5EB6D77F-FD09-4F87-85AB-138163467D35}] => (Allow) D:\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{C311BA74-EC7B-4548-88C8-A294EC3B4E48}D:\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{E2AA0BE4-7525-41DC-9BC1-DCDCCA10A6BB}D:\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{018A6077-55A7-48B7-94B2-0EE3893F143F}D:\heroes of the storm\versions\base35634\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base35634\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{B08592F4-8B0E-4887-BCDE-2B54A003A263}D:\heroes of the storm\versions\base35634\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base35634\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{F69ED447-6B3C-4C1D-AF26-D052AB9D395A}D:\wolfteamts\wolfteam.bin] => (Allow) D:\wolfteamts\wolfteam.bin
FirewallRules: [UDP Query User{A2496D4C-C097-44F5-B7F4-24AEBBC72E43}D:\wolfteamts\wolfteam.bin] => (Allow) D:\wolfteamts\wolfteam.bin
FirewallRules: [TCP Query User{0399B13A-D0C5-4E1E-98CD-15567B038C33}D:\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{1EAC1E2C-B709-4259-B068-90DB9BD6A1B3}D:\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{E51434B3-3262-4358-AD3D-D5E3B69CB221}D:\metin2 - kopya\lovapvp.bin] => (Allow) D:\metin2 - kopya\lovapvp.bin
FirewallRules: [UDP Query User{E26FD467-E414-4504-B8A2-A966F5AE27C5}D:\metin2 - kopya\lovapvp.bin] => (Allow) D:\metin2 - kopya\lovapvp.bin
FirewallRules: [{A18466C3-8E66-468C-B50A-C6AE0F82359A}] => (Allow) C:\Program Files (x86)\WOMic\womicclient.exe
FirewallRules: [{964F6441-DCA4-4F43-947C-76ACBD6F6E7B}] => (Allow) LPort=8126
FirewallRules: [{71937E20-CBB0-4A6E-A43F-76ADA0579A5A}] => (Allow) D:\Point Blank\PointBlank.exe
FirewallRules: [{9E208053-C373-420F-8D70-FD5E5148B760}] => (Allow) D:\Point Blank\PointBlank.exe
FirewallRules: [{10812202-64B3-494D-87AF-1D5E65D7796F}] => (Allow) D:\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{18A5FEE1-3CE7-47E5-82DD-506DB0F32E9D}] => (Allow) D:\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [TCP Query User{EEB91531-E192-4D82-88B6-518DC755F5D8}C:\program files (x86)\lolreplay\lolreplay.exe] => (Allow) C:\program files (x86)\lolreplay\lolreplay.exe
FirewallRules: [UDP Query User{5FCD7B46-360D-4FE2-8A3F-883EB51725A0}C:\program files (x86)\lolreplay\lolreplay.exe] => (Allow) C:\program files (x86)\lolreplay\lolreplay.exe
FirewallRules: [TCP Query User{79A5C996-98A1-4FAC-A49E-D00C675ABF47}C:\windows\syswow64\svchost.exe] => (Allow) C:\windows\syswow64\svchost.exe
FirewallRules: [UDP Query User{6F933BCD-207E-48EC-ABD4-2E9BD048D579}C:\windows\syswow64\svchost.exe] => (Allow) C:\windows\syswow64\svchost.exe
FirewallRules: [TCP Query User{59AE5793-0AFA-480F-8776-1407B9E74F52}D:\rocketleague\binaries\win32\rocketleague.exe] => (Allow) D:\rocketleague\binaries\win32\rocketleague.exe
FirewallRules: [UDP Query User{80BE7E65-1C13-4020-A491-896085144A38}D:\rocketleague\binaries\win32\rocketleague.exe] => (Allow) D:\rocketleague\binaries\win32\rocketleague.exe
FirewallRules: [TCP Query User{9899941B-BBB9-4A09-9A20-3ECDF32A817C}D:\rocket league\binaries\win32\rocketleague.exe] => (Allow) D:\rocket league\binaries\win32\rocketleague.exe
FirewallRules: [UDP Query User{5F6987A1-3C3F-4D80-9392-5BFD6A6BDF15}D:\rocket league\binaries\win32\rocketleague.exe] => (Allow) D:\rocket league\binaries\win32\rocketleague.exe
FirewallRules: [TCP Query User{BA8F352C-CBE6-4D67-B3F4-1573D4B900E9}C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe
FirewallRules: [UDP Query User{B2B227DC-CB62-45E5-9105-CC09E8D3D4F4}C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe
FirewallRules: [TCP Query User{A74FB5E0-A554-46F4-B848-58F8D931C2E7}D:\metin2\dantemetin2.bin] => (Allow) D:\metin2\dantemetin2.bin
FirewallRules: [UDP Query User{01E9808A-42FD-4D3B-A566-F64832EE85D5}D:\metin2\dantemetin2.bin] => (Allow) D:\metin2\dantemetin2.bin
FirewallRules: [{619A1299-F260-489B-9F72-3B7A7B3E06A4}] => (Allow) D:\Steam\SteamApps\common\Sakura Clicker\Sakura Clicker.exe
FirewallRules: [{CEDACD06-4C2D-4549-BB97-5F83E64A43C0}] => (Allow) D:\Steam\SteamApps\common\Sakura Clicker\Sakura Clicker.exe
FirewallRules: [TCP Query User{3F91B772-D3C9-4131-89D9-2E960FD8CC4F}C:\users\belgeler\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\belgeler\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{9D253B18-8F39-48E1-936F-31FE1D081F73}C:\users\belgeler\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\belgeler\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{A11946C4-01A1-4418-9765-F1D48AEB4648}D:\dantemetin2\dantemetin2.bin] => (Allow) D:\dantemetin2\dantemetin2.bin
FirewallRules: [UDP Query User{C08E8AAB-D986-4A68-BCAC-A1C18A9D7793}D:\dantemetin2\dantemetin2.bin] => (Allow) D:\dantemetin2\dantemetin2.bin
FirewallRules: [TCP Query User{D3BDDABC-9A0C-4BA0-8349-7DDBEDDBCB90}C:\users\belgeler\desktop\mc\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\belgeler\desktop\mc\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{574E9CBD-0740-45A0-A183-ABCFEFE7B8C3}C:\users\belgeler\desktop\mc\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\belgeler\desktop\mc\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{EAD18A29-65B1-4DAD-A551-9A154EACD61D}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{BC3FEF20-1493-43E1-8E47-002ADB065570}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{E6B007C9-70C1-48A2-A3A1-074D35AA3957}C:\users\belgeler\desktop\skypevoicechanger.exe] => (Allow) C:\users\belgeler\desktop\skypevoicechanger.exe
FirewallRules: [UDP Query User{59740C43-2CA3-4BDE-A1A9-CAA6773F82C3}C:\users\belgeler\desktop\skypevoicechanger.exe] => (Allow) C:\users\belgeler\desktop\skypevoicechanger.exe
FirewallRules: [TCP Query User{8E992735-99B5-4E7C-B5DB-6619ADDA7662}C:\program files (x86)\raidcall\raidcall.exe] => (Allow) C:\program files (x86)\raidcall\raidcall.exe
FirewallRules: [UDP Query User{55B5E305-FC52-4B93-8C54-0FA8998771B0}C:\program files (x86)\raidcall\raidcall.exe] => (Allow) C:\program files (x86)\raidcall\raidcall.exe
FirewallRules: [TCP Query User{7D7BC6DE-813F-40FD-8BB0-DF3A4751F944}C:\users\belgeler\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\belgeler\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{A41DBD12-B3A5-4C9A-9258-F2C95503AC46}C:\users\belgeler\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\belgeler\appdata\roaming\spotify\spotify.exe
FirewallRules: [{51A68C1F-D9CB-46F3-A7F8-91A26A13A1D9}] => (Allow) C:\Program Files (x86)\RaidCall\rcplugin.exe
FirewallRules: [{807B4513-31E6-440B-ACAE-04081EB2A707}] => (Allow) C:\Program Files (x86)\RaidCall\rcplugin.exe
FirewallRules: [{858EF662-C588-4EB6-86E2-A2C1B5DBEAAD}] => (Allow) C:\Program Files (x86)\Wireless LAN Utility\11n USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{40634239-BC40-4CDC-9BCE-5AA5F2337745}] => (Allow) C:\Program Files (x86)\Wireless LAN Utility\11n USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{020E774B-1286-4E27-B2A9-ACAB8F1A5EF4}] => (Allow) LPort=1542
FirewallRules: [{300B2DDF-8CDA-42DD-A060-F88EDEE535BE}] => (Allow) LPort=1542
FirewallRules: [{18B81270-BDAB-40E5-A008-242E020A2D20}] => (Allow) LPort=53
FirewallRules: [{5C75CF87-57EC-4171-9993-5A030FCC28FB}] => (Allow) C:\Program Files (x86)\lnca\11n USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{54779F13-74B3-4710-894A-69C398DD36A2}] => (Allow) C:\Program Files (x86)\lnca\11n USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{A8EA1C73-C01F-4826-98F8-352AC0B199F5}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{81372B5D-6D2A-4E53-899E-FE99B6E93C8D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/15/2015 11:38:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/15/2015 11:36:55 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows aşağıdakilerden biri nedeniyle  dosyasına erişemiyor: 
Ağ bağlantısında, dosyanın depolandığı diskte veya bu bilgisayara yüklenmiş
depolama sürücülerinde bir sorun var; ya da disk yok. 
Windows bu hata yüzünden Internet Explorer programını kapattı.
 
Program: Internet Explorer
Dosya: 
 
Hata değeri Ek Veriler bölümünde listelendi.
Kullanıcı Eylemi
1. Dosyayı yeniden açın. 
Bu durum, program yeniden çalıştırıldığında kendiliğinden düzelen geçici bir sorun olabilir.
2. 
Dosyaya yine ulaşılamıyorsa ve:
- Dosya, ağ üzerindeyse, 
ağ yöneticinizin ağda bir sorun olmadığını ve sunucuyla iletişim kurulabildiğini doğrulaması gerekir.
- Dosya, disket veya CD-ROM gibi çıkarılabilir bir diskteyse, diskin bilgisayara düzgün biçimde yerleştirildiğini doğrulayın.
3. CHKDSK komutunu çalıştırarak dosya sistemini denetleyin ve onarın. CHKDSK komutunu çalıştırmak için sırasıyla Başlat'ı, Çalıştır'ı tıklatın, CMD yazın ve Tamam'ı tıklatın. Komut isteminde, CHKDSK /F yazın ve ENTER tuşuna basın.
4. Sorun devam ederse, dosyayı yedek kopyasından geri yükleyin.
5. Aynı diskteki diğer dosyaların açılıp açılmadığını belirleyin. Açılmıyorsa, disk bozulmuş olabilir. Bu bir sabit diskse, daha fazla yardım için yöneticinize veya bilgisayar donanımı 
satıcınıza başvurun.
 
Ek Veriler
Hata değeri: 00000000
Disk türü: 0
 
Error: (11/15/2015 11:36:55 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows aşağıdakilerden biri nedeniyle  dosyasına erişemiyor: 
Ağ bağlantısında, dosyanın depolandığı diskte veya bu bilgisayara yüklenmiş
depolama sürücülerinde bir sorun var; ya da disk yok. 
Windows bu hata yüzünden Internet Explorer programını kapattı.
 
Program: Internet Explorer
Dosya: 
 
Hata değeri Ek Veriler bölümünde listelendi.
Kullanıcı Eylemi
1. Dosyayı yeniden açın. 
Bu durum, program yeniden çalıştırıldığında kendiliğinden düzelen geçici bir sorun olabilir.
2. 
Dosyaya yine ulaşılamıyorsa ve:
- Dosya, ağ üzerindeyse, 
ağ yöneticinizin ağda bir sorun olmadığını ve sunucuyla iletişim kurulabildiğini doğrulaması gerekir.
- Dosya, disket veya CD-ROM gibi çıkarılabilir bir diskteyse, diskin bilgisayara düzgün biçimde yerleştirildiğini doğrulayın.
3. CHKDSK komutunu çalıştırarak dosya sistemini denetleyin ve onarın. CHKDSK komutunu çalıştırmak için sırasıyla Başlat'ı, Çalıştır'ı tıklatın, CMD yazın ve Tamam'ı tıklatın. Komut isteminde, CHKDSK /F yazın ve ENTER tuşuna basın.
4. Sorun devam ederse, dosyayı yedek kopyasından geri yükleyin.
5. Aynı diskteki diğer dosyaların açılıp açılmadığını belirleyin. Açılmıyorsa, disk bozulmuş olabilir. Bu bir sabit diskse, daha fazla yardım için yöneticinize veya bilgisayar donanımı 
satıcınıza başvurun.
 
Ek Veriler
Hata değeri: 00000000
Disk türü: 0
 
Error: (11/15/2015 11:36:55 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows aşağıdakilerden biri nedeniyle  dosyasına erişemiyor: 
Ağ bağlantısında, dosyanın depolandığı diskte veya bu bilgisayara yüklenmiş
depolama sürücülerinde bir sorun var; ya da disk yok. 
Windows bu hata yüzünden Internet Explorer programını kapattı.
 
Program: Internet Explorer
Dosya: 
 
Hata değeri Ek Veriler bölümünde listelendi.
Kullanıcı Eylemi
1. Dosyayı yeniden açın. 
Bu durum, program yeniden çalıştırıldığında kendiliğinden düzelen geçici bir sorun olabilir.
2. 
Dosyaya yine ulaşılamıyorsa ve:
- Dosya, ağ üzerindeyse, 
ağ yöneticinizin ağda bir sorun olmadığını ve sunucuyla iletişim kurulabildiğini doğrulaması gerekir.
- Dosya, disket veya CD-ROM gibi çıkarılabilir bir diskteyse, diskin bilgisayara düzgün biçimde yerleştirildiğini doğrulayın.
3. CHKDSK komutunu çalıştırarak dosya sistemini denetleyin ve onarın. CHKDSK komutunu çalıştırmak için sırasıyla Başlat'ı, Çalıştır'ı tıklatın, CMD yazın ve Tamam'ı tıklatın. Komut isteminde, CHKDSK /F yazın ve ENTER tuşuna basın.
4. Sorun devam ederse, dosyayı yedek kopyasından geri yükleyin.
5. Aynı diskteki diğer dosyaların açılıp açılmadığını belirleyin. Açılmıyorsa, disk bozulmuş olabilir. Bu bir sabit diskse, daha fazla yardım için yöneticinize veya bilgisayar donanımı 
satıcınıza başvurun.
 
Ek Veriler
Hata değeri: 00000000
Disk türü: 0
 
Error: (11/15/2015 11:36:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Hatalı uygulama adı: iexplore.exe, sürüm: 8.0.7601.17514, zaman damgası: 0x4ce7a313
Hatalı modül adı: unknown, sürüm: 0.0.0.0, zaman damgası: 0x00000000
Özel durum kodu: 0xc000001d
Hata uzaklığı 0x0000000000070006
Hatalı işlem kimliği: 0x7b8
Uygulama başlangıç zamanı: 0xiexplore.exe0
Hatalı uygulama yolu: iexplore.exe1
Hatalı modül yolu: iexplore.exe2
Rapor kimliği: iexplore.exe3
 
Error: (11/15/2015 11:36:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Hatalı uygulama adı: iexplore.exe, sürüm: 8.0.7601.17514, zaman damgası: 0x4ce7a313
Hatalı modül adı: unknown, sürüm: 0.0.0.0, zaman damgası: 0x00000000
Özel durum kodu: 0xc000001d
Hata uzaklığı 0x0000000000070006
Hatalı işlem kimliği: 0x6ac
Uygulama başlangıç zamanı: 0xiexplore.exe0
Hatalı uygulama yolu: iexplore.exe1
Hatalı modül yolu: iexplore.exe2
Rapor kimliği: iexplore.exe3
 
Error: (11/15/2015 11:36:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Hatalı uygulama adı: iexplore.exe, sürüm: 8.0.7601.17514, zaman damgası: 0x4ce7a313
Hatalı modül adı: unknown, sürüm: 0.0.0.0, zaman damgası: 0x00000000
Özel durum kodu: 0xc000001d
Hata uzaklığı 0x0000000000070006
Hatalı işlem kimliği: 0x6e8
Uygulama başlangıç zamanı: 0xiexplore.exe0
Hatalı uygulama yolu: iexplore.exe1
Hatalı modül yolu: iexplore.exe2
Rapor kimliği: iexplore.exe3
 
Error: (11/14/2015 11:48:33 PM) (Source: Google Update) (EventID: 20) (User: 130315beyaz)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
 
Error: (11/14/2015 10:16:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/14/2015 07:25:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (11/14/2015 11:53:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: SQL Server VSS Writer hizmeti beklenmeyen bir şekilde sonlandırıldı. Bu durum 1 defa oluştu.
 
Error: (11/14/2015 11:52:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Machine Debug Manager hizmeti beklenmeyen bir şekilde sonlandırıldı. Bu durum 1 defa oluştu.
 
Error: (11/14/2015 11:52:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Inca11nSU hizmeti beklenmeyen bir şekilde sonlandırıldı. Bu durum 1 defa oluştu.
 
Error: (11/14/2015 07:20:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Bilgisayar Tarayıcısı hizmeti, şu hata nedeniyle başlatılamayan Sunucu hizmetine bağımlıdır: 
%%1068
 
Error: (11/14/2015 07:20:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Bilgisayar Tarayıcısı hizmeti, şu hata nedeniyle başlatılamayan Sunucu hizmetine bağımlıdır: 
%%1068
 
Error: (11/14/2015 07:20:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Bilgisayar Tarayıcısı hizmeti, şu hata nedeniyle başlatılamayan Sunucu hizmetine bağımlıdır: 
%%1068
 
Error: (11/14/2015 07:20:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Bilgisayar Tarayıcısı hizmeti, şu hata nedeniyle başlatılamayan Sunucu hizmetine bağımlıdır: 
%%1068
 
Error: (11/14/2015 07:20:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Bilgisayar Tarayıcısı hizmeti, şu hata nedeniyle başlatılamayan Sunucu hizmetine bağımlıdır: 
%%1068
 
Error: (11/14/2015 07:20:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Bilgisayar Tarayıcısı hizmeti, şu hata nedeniyle başlatılamayan Sunucu hizmetine bağımlıdır: 
%%1068
 
Error: (11/14/2015 07:20:44 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068BITS{4991D34B-80A1-4291-83B6-3328366B9097}
 
 
CodeIntegrity:
===================================
  Date: 2015-11-13 22:54:09.681
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-11-13 22:54:09.665
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-11-13 22:54:09.665
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-11-13 22:54:09.634
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-09-18 20:48:52.460
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Belgeler\AppData\Local\Temp\Rar$EXa0.173\TKPUZKNL because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-09-18 20:48:52.436
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Belgeler\AppData\Local\Temp\Rar$EXa0.173\TKPUZKNL because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-09-02 13:32:33.372
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Belgeler\Desktop\SDNUMTS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-09-02 13:32:33.365
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Belgeler\Desktop\SDNUMTS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-09-02 13:31:39.259
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Belgeler\Desktop\QOELU because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-09-02 13:31:39.252
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Belgeler\Desktop\QOELU because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom™ II X4 945 Processor
Percentage of memory in use: 37%
Total physical RAM: 4095.11 MB
Available physical RAM: 2577.88 MB
Total Virtual: 8188.42 MB
Available Virtual: 6417.7 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:248.93 GB) (Free:196.94 GB) NTFS
Drive d: (yedek) (Fixed) (Total:216.74 GB) (Free:125.53 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 10B110B0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=248.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=216.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:01 PM

Posted 15 November 2015 - 05:09 AM

Every time i start an .exe file  "filename"Srv.exe generates and malwarebytes says that this file has Trojan.Zbot virus on it.


I am afraid it is something worse than ZBot.

Step 1

Don't remove on your own anything that HitmanPro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.

hitman.gif


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 tunarinc

tunarinc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 15 November 2015 - 05:16 AM

Should i also disable Windows FireWall?



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:01 PM

Posted 15 November 2015 - 05:18 AM

No.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 tunarinc

tunarinc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 15 November 2015 - 05:45 AM

By the way can formatting this computer to win10 solve my problems? It takes 10m to download a 10MB's file , i may not be able to download more software in future.



#10 tunarinc

tunarinc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 15 November 2015 - 06:03 AM

OK, here's the log.
 
 
HitmanPro 3.7.10.251
www.hitmanpro.com
 
   Computer name . . . . : 130315BEYAZ
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : 130315beyaz\Belgeler
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2015-11-15 12:48:30
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 12m 31s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 28
   Traces  . . . . . . . : 258
 
   Objects scanned . . . : 1.741.296
   Files scanned . . . . : 28.970
   Remnants scanned  . . : 221.893 files / 1.490.433 keys
 
Malware _____________________________________________________________________
 
   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\coloader.dll
      Size . . . . . . . : 118.784 bytes
      Age  . . . . . . . : 246.7 days (2015-03-13 20:53:42)
      Entropy  . . . . . : 7.1
      SHA-256  . . . . . : D44ECA927BB7AD4168C163049883E7BF715854C70A04D1FFBBFC60745D444BA8
      Product  . . . . . : Microsoft® Visual Studio .NET
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : VsLoader
      Version  . . . . . : 7.10.3077
      Copyright  . . . . : Copyright© Microsoft Corporation.  All rights reserved.
      LanguageID . . . . : 1033
    > Bitdefender  . . . : Win32.Ramnit
    > Kaspersky  . . . . : Virus.Win32.Nimnul.a
      Fuzzy  . . . . . . : 98.0
 
   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\dbgautoattach.dll
      Size . . . . . . . : 145.408 bytes
      Age  . . . . . . . : 246.7 days (2015-03-13 20:51:16)
      Entropy  . . . . . : 7.2
      SHA-256  . . . . . : 663B91AD2FC7311D8775A1FBB2B610D58A0C10D48E8156A90BF65A6DE114A828
      Product  . . . . . : Microsoft® Visual Studio® 2005
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : Handles auto attaching the Visual Studio debugger
      Version  . . . . . : 8.0.50727.42
      Copyright  . . . . : © Microsoft Corporation. All rights reserved.
      LanguageID . . . . : 1033
    > Bitdefender  . . . : Win32.Ramnit
    > Kaspersky  . . . . : Virus.Win32.Nimnul.a
      Fuzzy  . . . . . . : 98.0
 
   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
      Size . . . . . . . : 397.312 bytes
      Age  . . . . . . . : 246.7 days (2015-03-13 20:53:42)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : 4FCC2124DFF880FFC68AFA7231A28FE4F49648524CC96AAB346FC65A7A4CCB9C
      Product  . . . . . : Microsoft® Visual Studio .NET
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : Machine Debug Manager
      Version  . . . . . : 7.10.3077
      Copyright  . . . . : Copyright© Microsoft Corporation.  All rights reserved.
      Service  . . . . . : MDM
      Parent Name  . . . : C:\Windows\system32\services.exe
      LanguageID . . . . : 1033
      Running processes  : 1932
    > Bitdefender  . . . : Win32.Ramnit
    > Kaspersky  . . . . : Virus.Win32.Nimnul.a
      Fuzzy  . . . . . . : 95.0
      Startup
         HKLM\SYSTEM\CurrentControlSet\Services\MDM\
 
   C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdmSrv.exe
      Size . . . . . . . : 56.320 bytes
      Age  . . . . . . . : 0.7 days (2015-11-14 19:08:50)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : FD6C69C345F1E32924F0A5BB7393E191B393A78D58E2C6413B03CED7482F2320
      Product  . . . . . : люзанх
      Publisher  . . . . : SOFTWIN S.R.L.
      Description  . . . : BitDefender Management Console
      Version  . . . . . : 106.42.73.61
      Copyright  . . . . : 2528-6142
      LanguageID . . . . : 1033
    > HitmanPro  . . . . : Malware
      Fuzzy  . . . . . . : 108.0
 
   C:\Program Files (x86)\Jumpstart\jswnwstore.dll
      Size . . . . . . . : 253.952 bytes
      Age  . . . . . . . : 103.7 days (2015-08-03 18:51:25)
      Entropy  . . . . . : 6.7
      SHA-256  . . . . . : 6620444840E1B6A39C26BBFE13E19F0850F664BE6DB849D18F4BC8C0380A510E
      Product  . . . . . : Jumpstart for Wireless
      Publisher  . . . . : Atheros Communications, Inc.
      Description  . . . : Jumpstart for Wireless Native Wifi profile interface
      Version  . . . . . : 2.1.0.18
      Copyright  . . . . : Copyright © 2004 - 2007, Atheros Communications, Inc. All Rights Reserved.
      LanguageID . . . . : 1033
    > Bitdefender  . . . : Win32.Ramnit
    > Kaspersky  . . . . : Virus.Win32.Nimnul.a
      Fuzzy  . . . . . . : 98.0
 
   C:\Program Files (x86)\Jumpstart\jswpsapi.exe
      Size . . . . . . . : 1.015.808 bytes
      Age  . . . . . . . : 103.7 days (2015-08-03 18:51:25)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : 107902810755F0953816DDAD6F47FABDF96A243C1EC4708BCE324438957208DE
      Product  . . . . . : JumpStart
      Publisher  . . . . : Atheros Communications, Inc.
      Description  . . . : Jumpstart for Wireless API
      Version  . . . . . : 2.1.0.18
      Copyright  . . . . : Copyright © 2004 - 2007, Atheros Communications, Inc. All Rights Reserved.
      Service  . . . . . : jswpsapi
      LanguageID . . . . : 1033
    > Bitdefender  . . . : Win32.Ramnit
    > Kaspersky  . . . . : Virus.Win32.Nimnul.a
      Fuzzy  . . . . . . : 95.0
      Startup
         HKLM\SYSTEM\CurrentControlSet\Services\jswpsapi\
 
   C:\Program Files (x86)\Jumpstart\jswscimd.dll
      Size . . . . . . . : 569.344 bytes
      Age  . . . . . . . : 103.7 days (2015-08-03 18:51:25)
      Entropy  . . . . . : 6.7
      SHA-256  . . . . . : F9D119E4A8F4657FD19FC8DC68CA2DE8D8D945C45DE848878A2733E5F94C5C8A
      Product  . . . . . : wsimd
      Publisher  . . . . : Atheros Communications, Inc.
      Description  . . . : Atheros Intermediate Driver Interface
      Version  . . . . . : 2.1.0.18
      Copyright  . . . . : Copyright © 2005, Atheros Communications, Inc. All Rights Reserved.
      LanguageID . . . . : 1033
    > Bitdefender  . . . : Win32.Ramnit
    > Kaspersky  . . . . : Virus.Win32.Nimnul.a
      Fuzzy  . . . . . . : 98.0
 
   C:\Program Files (x86)\Jumpstart\jswscsup.dll
      Size . . . . . . . : 937.984 bytes
      Age  . . . . . . . : 103.7 days (2015-08-03 18:51:25)
      Entropy  . . . . . : 6.8
      SHA-256  . . . . . : A0A1DD2527F56B6B6F0A0446149EA879FB47EC7C2DA75F95F1585A393EDEA4FB
      Product  . . . . . : JSCSCSUP
      Publisher  . . . . : Atheros Communications, Inc.
      Description  . . . : Jumpstart Supplicant for Wireless
      Version  . . . . . : 2.1.0.18
      Copyright  . . . . : Copyright © 2004 - 2006, Atheros Communications, Inc. All Rights Reserved.
      LanguageID . . . . : 1033
    > Bitdefender  . . . : Win32.Ramnit
    > Kaspersky  . . . . : Virus.Win32.Nimnul.a
      Fuzzy  . . . . . . : 98.0
 
   C:\Program Files (x86)\Jumpstart\jswtrayutil.exe
      Size . . . . . . . : 589.824 bytes
      Age  . . . . . . . : 103.7 days (2015-08-03 18:51:25)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : D743B6779347851953F314C8FD8F1F6068904E684FC15E0864CF650BA133A77A
      Product  . . . . . : JumpStart
      Publisher  . . . . : Atheros Communications, Inc.
      Description  . . . : Tray Utility for JumpStart for Wireless
      Version  . . . . . : 2.1.0.18
      Copyright  . . . . : Copyright © 2004 - 2006, Atheros Communications, Inc. All Rights Reserved.
      LanguageID . . . . : 1033
    > Bitdefender  . . . : Win32.Ramnit
    > Kaspersky  . . . . : Virus.Win32.Nimnul.a
      Fuzzy  . . . . . . : 98.0
 
   C:\Program Files (x86)\K-Lite Codec Pack\Tools\GraphStudioNext.exe
      Size . . . . . . . : 4.216.832 bytes
      Age  . . . . . . . : 246.7 days (2015-03-13 20:42:04)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : 73BF7331944BE401CB1251447A8896B62609044474AA6CB2CEB527E4DC388A29
    > Bitdefender  . . . : Win32.Ramnit
    > Kaspersky  . . . . : Virus.Win32.Nimnul.a
      Fuzzy  . . . . . . : 98.0
      References
         C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\GraphStudioNext.lnk
 
   C:\Program Files (x86)\K-Lite Codec Pack\Tools\mediainfo.exe
      Size . . . . . . . : 1.106.432 bytes
      Age  . . . . . . . : 246.7 days (2015-03-13 20:42:04)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : 7B583D83E7285F9A0B7039E8700C88935188AA83713101F22B0DB9FAA57C2C55
    > Bitdefender  . . . : Win32.Ramnit
    > Kaspersky  . . . . : Virus.Win32.Nimnul.a
      Fuzzy  . . . . . . : 98.0
      References
         C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\MediaInfo.lnk
 
   C:\Program Files (x86)\K-Lite Codec Pack\Tools\SetACL_x86.exe
      Size . . . . . . . : 358.912 bytes
      Age  . . . . . . . : 246.7 days (2015-03-13 20:42:04)
      Entropy  . . . . . : 6.7
      SHA-256  . . . . . : 709EDDC1D07804377946340D3DC8A94E4FD9187493C574A525187A26EC305C14
      Product  . . . . . : SetACL
      Publisher  . . . . : Helge Klein
      Description  . . . : SetACL 2
      Version  . . . . . : 2.1.3.0
      Copyright  . . . . : Copyright © Helge Klein
      LanguageID . . . . : 1033
    > Bitdefender  . . . : Win32.Ramnit
    > Kaspersky  . . . . : Virus.Win32.Nimnul.a
      Fuzzy  . . . . . . : 98.0
 
   C:\Program Files (x86)\lnca\11n USB Wireless LAN Utility\EnumDevLib.dll
      Size . . . . . . . : 188.416 bytes
      Age  . . . . . . . : 51.7 days (2015-09-24 20:15:00)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : B65127FF0050011057BCAA9AED0126A4C34ACEAA69A642C300DA77A74B8ECA90
      Product  . . . . . : EnumDevLib Dynamic Link Library
      Publisher
      Description  . . . : EnumDevLib DLL
      Version  . . . . . : 700.1034.1209.2009
      LanguageID . . . . : 1028
    > Bitdefender  . . . : Win32.Ramnit
    > Kaspersky  . . . . : Virus.Win32.Nimnul.a
      Fuzzy  . . . . . . : 109.0
 
   C:\Program Files (x86)\lnca\11n USB Wireless LAN Utility\IpLib.dll
      Size . . . . . . . : 262.144 bytes
      Age  . . . . . . . : 51.7 days (2015-09-24 20:15:00)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : 71F11276B59FF04C6BBE6490B2305B85D88F5EAAF16B7F2CA993E034C3619420
      Product  . . . . . : IpLib.dll
      Publisher  . . . . : Realtek
      Description  . . . : IpLib
      Version  . . . . . : 600.1001.1231.2008
      Copyright  . . . . : 2008: (c)Realtek.  All rights reserved.
      LanguageID . . . . : 1033
    > Bitdefender  . . . : Win32.Ramnit
    > Kaspersky  . . . . : Virus.Win32.Nimnul.a
      Fuzzy  . . . . . . : 106.0
 
   C:\Program Files (x86)\lnca\11n USB Wireless LAN Utility\libeay32.dll
      Size . . . . . . . : 1.130.496 bytes
      Age  . . . . . . . : 51.7 days (2015-09-24 20:15:00)
      Entropy  . . . . . : 6.9
      SHA-256  . . . . . : 556920395FE28345FB055CE56A8C3A735FF1684C22DC2778EBBF495C676BE0AD
      Product  . . . . . : The OpenSSL Toolkit
      Publisher  . . . . : The OpenSSL Project, http://www.openssl.org/
      Description  . . . : OpenSSL Shared Library
      Version  . . . . . : 0.9.8b
      Copyright  . . . . : Copyright ?1998-2005 The OpenSSL Project. Copyright ?1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.
      LanguageID . . . . : 1033
    > Bitdefender  . . . : Win32.Ramnit
    > Kaspersky  . . . . : Virus.Win32.Nimnul.a
      Fuzzy  . . . . . . : 106.0
 
   C:\Program Files (x86)\lnca\11n USB Wireless LAN Utility\RTLDHCP.exe
      Size . . . . . . . : 282.624 bytes
      Age  . . . . . . . : 51.7 days (2015-09-24 20:15:00)
      Entropy  . . . . . : 6.9
      SHA-256  . . . . . : 9E014AB0B6008FEB5605ADFD7961A62DD7C780B6A386DDDC1D1BCE98E6B89D6B
      Product  . . . . . :  RTLDHCP 應用程式
      Publisher  . . . . : Realtek
      Description  . . . : RtlDHCP
      Version  . . . . . : 1.0.0.12
      LanguageID . . . . : 1028
    > Bitdefender  . . . : Win32.Ramnit
    > Kaspersky  . . . . : Virus.Win32.Nimnul.a
      Fuzzy  . . . . . . : 106.0
 
   C:\Program Files (x86)\lnca\11n USB Wireless LAN Utility\RtlICS.dll
      Size . . . . . . . : 106.496 bytes
      Age  . . . . . . . : 51.7 days (2015-09-24 20:15:00)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : 86FF208BBDA0E67893A201FC81820C360BA5864203933A9E37A962AC3B3B6FDB
      Product  . . . . . : RtlICS Dynamic Link Library
      Publisher  . . . . : Realtek
      Description  . . . : RtlICS DLL
      Version  . . . . . : 600.1008.204.2010
      Copyright  . . . . : Copyright (C) 2007 - 2010
      LanguageID . . . . : 1033
    > Bitdefender  . . . : Win32.Ramnit
    > Kaspersky  . . . . : Virus.Win32.Nimnul.a
      Fuzzy  . . . . . . : 106.0
 
   C:\Program Files (x86)\lnca\11n USB Wireless LAN Utility\RtlIhvOid.dll
      Size . . . . . . . : 290.816 bytes
      Age  . . . . . . . : 51.7 days (2015-09-24 20:15:37)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : D40ACD5BF2CFE611AB1268F843B30E820041C8091BCD47129D213C804A9A7B3B
      Product  . . . . . : IHV OID
      Publisher  . . . . : Realtek
      Description  . . . : IHV OID (for Vista)
      Version  . . . . . : 1.1015.826.2010
      LanguageID . . . . : 1028
    > Bitdefender  . . . : Win32.Ramnit
    > Kaspersky  . . . . : Virus.Win32.Nimnul.a
      Fuzzy  . . . . . . : 106.0
 
   C:\Program Files (x86)\lnca\11n USB Wireless LAN Utility\RtlLib.dll
      Size . . . . . . . : 516.096 bytes
      Age  . . . . . . . : 51.7 days (2015-09-24 20:15:00)
      Entropy  . . . . . : 6.7
      SHA-256  . . . . . : 77B753A8D34E6A6D84021F208414088DE0D20E79DB61AACAD526B0D69C45DDC5
      Product  . . . . . : RtlLib Dynamic Link Library
      Publisher  . . . . : Realtek Semiconductor Corp.
      Description  . . . : RtlLib DLL(IHV)
      Version  . . . . . : 700.1064.1110.2010
      Copyright  . . . . : Copyright (C) 2008-2010
      LanguageID . . . . : 1033
    > Bitdefender  . . . : Win32.Ramnit
    > Kaspersky  . . . . : Virus.Win32.Nimnul.a
      Fuzzy  . . . . . . : 106.0
 
   C:\Program Files (x86)\lnca\11n USB Wireless LAN Utility\RtWlan.exe
      Size . . . . . . . : 1.228.800 bytes
      Age  . . . . . . . : 51.7 days (2015-09-24 20:15:00)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : 0B6971DF311D0F65467F0A6849C7C1CA62D7ED682E40C2A30710EB3EA0E5A13B
      Product  . . . . . : RtWLan Application
      Publisher  . . . . : Realtek Semiconductor Corp.
      Description  . . . : RtWLan ( For Vista / Win7) Application(External Registrar)
      Version  . . . . . : 700.1629.1012.2010
      Parent Name  . . . : C:\Program Files (x86)\lnca\11n USB Wireless LAN Utility\RtlService.exe
      LanguageID . . . . : 1028
      Running processes  : 2852
    > Bitdefender  . . . : Win32.Ramnit
    > Kaspersky  . . . . : Virus.Win32.Nimnul.a
      Fuzzy  . . . . . . : 106.0
      References
         HKU\S-1-5-21-3479016494-1360464811-1450154057-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Program Files (x86)\lnca\11n USB Wireless LAN Utility\RtWLan.exe
 
   C:\Program Files (x86)\lnca\11n USB Wireless LAN Utility\RtWlanSrv.exe
      Size . . . . . . . : 56.320 bytes
      Age  . . . . . . . : 0.0 days (2015-11-15 11:36:48)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : FD6C69C345F1E32924F0A5BB7393E191B393A78D58E2C6413B03CED7482F2320
      Product  . . . . . : люзанх
      Publisher  . . . . : SOFTWIN S.R.L.
      Description  . . . : BitDefender Management Console
      Version  . . . . . : 106.42.73.61
      Copyright  . . . . : 2528-6142
      LanguageID . . . . : 1033
    > HitmanPro  . . . . : Malware
      Fuzzy  . . . . . . : 116.0
      Forensic Cluster
          0.0s C:\Program Files (x86)\lnca\11n USB Wireless LAN Utility\RtWlanSrv.exe
          0.0s C:\Program Files (x86)\Microsoft\DesktopLayer.exe
 
   C:\Program Files (x86)\Microsoft\DesktopLayer.exe
      Size . . . . . . . : 56.320 bytes
      Age  . . . . . . . : 0.0 days (2015-11-15 11:36:48)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : FD6C69C345F1E32924F0A5BB7393E191B393A78D58E2C6413B03CED7482F2320
      Product  . . . . . : люзанх
      Publisher  . . . . : SOFTWIN S.R.L.
      Description  . . . : BitDefender Management Console
      Version  . . . . . : 106.42.73.61
      Copyright  . . . . : 2528-6142
      LanguageID . . . . : 1033
    > HitmanPro  . . . . : Malware
      Fuzzy  . . . . . . : 102.0
      Forensic Cluster
         -0.0s C:\Program Files (x86)\lnca\11n USB Wireless LAN Utility\RtWlanSrv.exe
          0.0s C:\Program Files (x86)\Microsoft\DesktopLayer.exe
 
   C:\Users\Belgeler\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe
      Size . . . . . . . : 394.752 bytes
      Age  . . . . . . . : 32.8 days (2015-10-13 16:33:22)
      Entropy  . . . . . : 6.8
      SHA-256  . . . . . : 4794FFA019B6ACA1DC41D518DBE11DD63413AC331B4B5E23731F28582B9C7250
      Publisher  . . . . : BitTorrent Inc.
      Description  . . . : WebHelper
      Version  . . . . . : 1.0.0
    > Bitdefender  . . . : Win32.Ramnit
    > Kaspersky  . . . . : Virus.Win32.Nimnul.a
      Fuzzy  . . . . . . : 100.0
 
   C:\Users\Belgeler\Documents\Visual Studio 2013\Projects\Project13\Debug\Project13.exe
      Size . . . . . . . : 67.072 bytes
      Age  . . . . . . . : 217.0 days (2015-04-12 12:57:42)
      Entropy  . . . . . : 4.3
      SHA-256  . . . . . : D21468A14C63C2E503385C9CE8B3D1858A6337DF9B41F912E357F98EA9D86078
    > Bitdefender  . . . : Gen:Variant.Graftor.253609
      Fuzzy  . . . . . . : 106.0
 
   C:\Users\Belgeler\Downloads\adwcleaner_5.020.exe
      Size . . . . . . . : 1.787.392 bytes
      Age  . . . . . . . : 1.6 days (2015-11-13 21:49:31)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 934EE6F3275A943097DE507D217772D6097555BDBA2195479E3694B0C4872DE8
    > Bitdefender  . . . : Win32.Ramnit
    > Kaspersky  . . . . : Virus.Win32.Nimnul.a
      Fuzzy  . . . . . . : 116.0
      References
         HKU\S-1-5-21-3479016494-1360464811-1450154057-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\Belgeler\Downloads\adwcleaner_5.020.exe
      Forensic Cluster
         -8.1s C:\Users\Belgeler\Downloads\ComboFix.exe
          0.0s C:\Users\Belgeler\Downloads\adwcleaner_5.020.exe
          3.2s C:\Users\Belgeler\AppData\Local\Google\Chrome\User Data\Profile 1\Service Worker\ScriptCache\6bf94ec9dd3ff71f_0
          3.2s C:\Users\Belgeler\AppData\Local\Google\Chrome\User Data\Profile 1\Service Worker\ScriptCache\6bf94ec9dd3ff71f_1
          3.2s C:\Users\Belgeler\AppData\Local\Google\Chrome\User Data\Profile 1\Service Worker\CacheStorage\7225a148f6d2772aac1590c8f5f05b7d778f73d8\
          3.2s C:\Users\Belgeler\AppData\Local\Google\Chrome\User Data\Profile 1\Service Worker\CacheStorage\7225a148f6d2772aac1590c8f5f05b7d778f73d8\index.txt
          3.2s C:\Users\Belgeler\AppData\Local\Google\Chrome\User Data\Profile 1\Service Worker\CacheStorage\7225a148f6d2772aac1590c8f5f05b7d778f73d8\80726d47d52c03cfaa178f5ec58005c1a34e896a\
          3.5s C:\Users\Belgeler\AppData\Local\Google\Chrome\User Data\Profile 1\IndexedDB\https_www.google.com.tr_0.indexeddb.leveldb\
          3.5s C:\Users\Belgeler\AppData\Local\Google\Chrome\User Data\Profile 1\IndexedDB\https_www.google.com.tr_0.indexeddb.leveldb\LOG
          3.5s C:\Users\Belgeler\AppData\Local\Google\Chrome\User Data\Profile 1\IndexedDB\https_www.google.com.tr_0.indexeddb.leveldb\LOG.old
          3.5s C:\Users\Belgeler\AppData\Local\Google\Chrome\User Data\Profile 1\IndexedDB\https_www.google.com.tr_0.indexeddb.leveldb\LOCK
          3.5s C:\Users\Belgeler\AppData\Local\Google\Chrome\User Data\Profile 1\IndexedDB\https_www.google.com.tr_0.indexeddb.leveldb\MANIFEST-000001
          3.5s C:\Users\Belgeler\AppData\Local\Google\Chrome\User Data\Profile 1\IndexedDB\https_www.google.com.tr_0.indexeddb.leveldb\CURRENT
          3.7s C:\Users\Belgeler\AppData\Local\Google\Chrome\User Data\Profile 1\IndexedDB\https_www.google.com.tr_0.indexeddb.leveldb\000003.log
          3.8s C:\Users\Belgeler\AppData\Local\Google\Chrome\User Data\Profile 1\Service Worker\CacheStorage\7225a148f6d2772aac1590c8f5f05b7d778f73d8\80726d47d52c03cfaa178f5ec58005c1a34e896a\index
          3.8s C:\Users\Belgeler\AppData\Local\Google\Chrome\User Data\Profile 1\Service Worker\CacheStorage\7225a148f6d2772aac1590c8f5f05b7d778f73d8\80726d47d52c03cfaa178f5ec58005c1a34e896a\634c1da03a904209_0
          3.8s C:\Users\Belgeler\AppData\Local\Google\Chrome\User Data\Profile 1\Service Worker\CacheStorage\7225a148f6d2772aac1590c8f5f05b7d778f73d8\80726d47d52c03cfaa178f5ec58005c1a34e896a\index-dir\
          3.8s C:\Users\Belgeler\AppData\Local\Google\Chrome\User Data\Profile 1\Service Worker\CacheStorage\7225a148f6d2772aac1590c8f5f05b7d778f73d8\80726d47d52c03cfaa178f5ec58005c1a34e896a\index-dir\the-real-index
          3.8s C:\Users\Belgeler\AppData\Local\Google\Chrome\User Data\Profile 1\Service Worker\CacheStorage\7225a148f6d2772aac1590c8f5f05b7d778f73d8\80726d47d52c03cfaa178f5ec58005c1a34e896a\a09b5037accb4281_0
          3.8s C:\Users\Belgeler\AppData\Local\Google\Chrome\User Data\Profile 1\Service Worker\CacheStorage\7225a148f6d2772aac1590c8f5f05b7d778f73d8\80726d47d52c03cfaa178f5ec58005c1a34e896a\fdf2cfeb8ad0eeac_0
          3.8s C:\Users\Belgeler\AppData\Local\Google\Chrome\User Data\Profile 1\Service Worker\CacheStorage\7225a148f6d2772aac1590c8f5f05b7d778f73d8\80726d47d52c03cfaa178f5ec58005c1a34e896a\9e4ba737e9219aa5_0
 
   D:\GH WORLD TOUR MOD\GHWT.exe
      Size . . . . . . . : 21.149.184 bytes
      Age  . . . . . . . : 233.6 days (2015-03-26 21:26:13)
      Entropy  . . . . . : 3.2
      SHA-256  . . . . . : 5B8FF763D9A1367A06368575D53446344956F20B94FA672DB9F2C1249122A7CC
      Product  . . . . . : Guitar Hero: World Tour
      Publisher  . . . . : Aspyr Media, Inc.
      Description  . . . : Guitar Hero World Tour
      Version  . . . . . : 1.0.1.25215
      LanguageID . . . . : 0
    > Bitdefender  . . . : Win32.Ramnit
    > Kaspersky  . . . . : Virus.Win32.Nimnul.a
      Fuzzy  . . . . . . : 100.0
      References
         HKU\S-1-5-21-3479016494-1360464811-1450154057-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\D:\GH WORLD TOUR MOD\GHWT.exe
 
   D:\League Of Legends\RADS\projects\lol_air_client\releases\0.0.1.169\deploy\LolClient.exe
      Size . . . . . . . : 132.608 bytes
      Age  . . . . . . . : 3.7 days (2015-11-11 19:36:30)
      Entropy  . . . . . : 7.2
      SHA-256  . . . . . : E213FA22CE5FC2A85707A1ED390E7D7C7CB1F028E12628F6C60E2D2AF8C891FA
    > Bitdefender  . . . : Win32.Ramnit
    > Kaspersky  . . . . : Virus.Win32.Nimnul.a
      Fuzzy  . . . . . . : 112.0
      References
         HKU\S-1-5-21-3479016494-1360464811-1450154057-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\D:\League Of Legends\RADS\projects\lol_air_client\releases\0.0.1.169\deploy\LolClient.exe
 
   D:\League Of Legends\RADS\system\rads_user_kernel.exe
      Size . . . . . . . : 1.355.776 bytes
      Age  . . . . . . . : 453.8 days (2014-08-18 18:19:31)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : 7A784F5A267C9286EA67DED3D154B2584FC13B80FB39916EE1029EE26F348EAC
      Product  . . . . . : PVP.net Patcher Kernel
      Description  . . . : PVP.net Patcher Kernel
      Version  . . . . . : 1.0.0.228
      Copyright  . . . . : Copyright (C) 2011
      LanguageID . . . . : 1033
    > Bitdefender  . . . : Win32.Ramnit
    > Kaspersky  . . . . : Virus.Win32.Nimnul.a
      Fuzzy  . . . . . . : 101.0
      References
         HKU\S-1-5-21-3479016494-1360464811-1450154057-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\D:\League Of Legends\RADS\system\rads_user_kernel.exe
 
 
Suspicious files ____________________________________________________________
 
   C:\Users\Belgeler\Downloads\FRST64.exe
      Size . . . . . . . : 2.198.528 bytes
      Age  . . . . . . . : 0.0 days (2015-11-15 11:41:01)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 6E8BF313C850728328088C2DC10FB5369B9C938F71F58EC7EB8D51374EB1CA51
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      References
         HKU\S-1-5-21-3479016494-1360464811-1450154057-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\Belgeler\Downloads\FRST64.exe
 
   C:\Windows\SysWOW64\GameMon.des
      Size . . . . . . . : 3.611.808 bytes
      Age  . . . . . . . : 57.7 days (2015-09-18 19:40:36)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 15ACE88D509DF2B53B0E9B9170A4F90A4DAB11493056DBF49147838A66D5E7CA
      Product  . . . . . : nProtect Game Monitor
      Publisher  . . . . : INCA Internet Co., Ltd.
      Description  . . . : nProtect Game Monitor Rev 2239
      Version  . . . . . : 2015.7.20.1
      RSA Key Size . . . : 2048
      Service  . . . . . : npggsvc
      LanguageID . . . . : 1042
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 25.0
         The file name extension of this program is not common.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         Starts automatically as a service during system bootup.
         Program is code signed with a valid Authenticode certificate.
      Startup
         HKLM\SYSTEM\CurrentControlSet\Services\npggsvc\
 
 
Cookies _____________________________________________________________________
 
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\016P13QU.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\03JEBJ6C.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\0DJ8N7B3.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\0I8FXJKQ.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\0UBY8T8W.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\11NPO19O.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\11ONUSNV.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\1BEE1UED.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\1D228H2Y.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\1LG8UF5V.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\1TRNT56W.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\1ZU9QRT9.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\26NNI4W6.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\28Q1S0YF.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\2A4CW54Q.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\2EIJ87M5.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\2F08YGJQ.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\2IXN91PD.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\2NV8PEDM.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\2OICKIBP.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\2XAX5YG7.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\2Y1B07WP.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\3820Y60U.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\3CAZ3I9Z.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\3HJNU0J2.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\3M35A9XN.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\3T59OQ7I.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\3YYGUB02.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\42XH332Z.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\48QB051K.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\4IAHBVLQ.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\4LYBIHMW.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\4M58TFDL.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\4SN111V8.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\4U90K02A.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\4ZOEP3O0.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\52325IHN.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\5CW0XCDI.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\5I5YLJJY.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\5MD9C15N.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\5NIDC8GB.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\5OHVLIUN.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\5PFYDYMM.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\5UPEDYAT.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\606EHD5T.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\666AOHVK.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\69Z6LMY0.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\6G78WEAZ.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\6N02ZD05.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\6PC4WJFA.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\6ZMW9K2M.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\706CYFQ0.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\734AR0MU.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\73ZIDM5G.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\7RGVICZK.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\84NKPTL7.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\8F5CUPHK.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\8I7L198G.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\8J1WCYZ7.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\8RKMEJUF.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\8Z32NDAB.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\90V0TKHX.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\9A2Y1W5M.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\9AYGJP5B.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\9FOBATGR.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\9QVWFC0B.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\9R48BZUS.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\A0E31Z4Y.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\ABDY07CL.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\AEALWRW5.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\AI0BLZ0Z.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\ALMUBGQB.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\AW2LGSEW.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\B77NQABM.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\B8KXW3PY.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\BKNZRADG.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\BXBKKUH0.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\C0HRJ34M.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\C1MPHA0K.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\C1PG3KKV.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\CAU5LK08.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\CMFB61SE.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\CPHCK09J.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\CR7BYHC9.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\CW32NP6T.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\D627HPT1.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\D7C02NVK.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\DFM76KWP.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\DJL4R6O5.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\DRF650QP.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\DRMQH1LG.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\DWO3RTX7.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\E1H6J806.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\E326S6AY.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\E87EF4L0.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\EARON0BC.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\EJ118UJ6.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\EKAEUL84.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\ENUV7IQR.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\ERST12HM.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\EX15GE70.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\FDKD58EE.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\FEFLFH2H.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\FEVUYE57.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\FQVGK9IU.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\FWVGKS92.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\G248DSF7.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\GTFGGBRN.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\H3B60KQP.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\H60X6RCA.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\HEZH01G4.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\HIOFJVNI.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\HUV6RRIQ.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\HY4YZNCY.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\I15TXEB2.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\IC4B01TA.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\IL3QH2RW.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\IR3PR8OA.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\IU8HEDUY.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\J1WCS3LE.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\J3I25PBB.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\J6LTDX7C.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\J6WVMKJO.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\J7GHISXN.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\JG5U3O8F.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\JLE0K37K.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\K3YQ915T.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\KAN3VWZO.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\KFSGXTI6.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\KLPS3YKY.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\KUNO8DV9.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\L5BPC8Z9.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\L9G6K8GK.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\LBV5ZYUZ.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\LOSBYHSP.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\LP550BOJ.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\LUVW5PBL.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\LVA6AJCR.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\LZB5HKAJ.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\MA7DIPYB.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\N9SELLFV.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\NEKEKNNM.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\NT3SQUG2.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\NY4J72VJ.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\OCDG4V1L.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\OCTMD7YL.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\P7VF9GS2.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\PLOOTJG3.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\PTHQ9UH8.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\PZPR0I20.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\Q4HI3AG4.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\Q4JC1KAG.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\Q9KXGEHG.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\QBPQ485O.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\QNDLURKQ.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\QXR2BCS8.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\R7J41RN2.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\R7OXZKDY.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\R9N0CIJA.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\RA8X1SRW.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\RASCWR6T.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\RJPGVRPY.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\RNN5J48K.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\RYSAFA7J.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\SAFW3UM7.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\SH3F9SA6.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\SJNIJP1T.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\SN0H168A.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\T3SFY61T.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\T3XWQ7X0.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\T76L3ZN5.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\TC3YWDQG.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\TLNF4OE1.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\TPMTGWQL.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\TRAP9JDX.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\TULSXBK0.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\U2BC0MHF.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\UE0XYYPV.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\UECZE1C0.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\UNS5INC2.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\V17YDRC8.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\V1JAW9O8.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\VC98NYTX.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\VD8B46PW.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\VF47QII3.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\VMQBR9OL.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\VUIEJLI8.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\W33CQSSD.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\W6IU8AJ5.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\WD1E2B05.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\WLECT5W8.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\WXK3OUN9.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\X4KM2G4S.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\XBF88CRY.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\XGN0KYOG.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\XIOJE16F.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\XMKYDHA2.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\XNPUB8SU.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\XXS37C92.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\Y80GDJSO.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\Y8SC50LC.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\YO6NV034.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\YYXOQBUK.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\Z4R9VC7I.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\Z5PMV2R7.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\Z6QF7TW3.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\ZBFR8805.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\ZR6MO4LQ.txt
   C:\Users\Belgeler\AppData\Roaming\Microsoft\Windows\Cookies\ZXT3E195.txt
 
 


#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:01 PM

Posted 15 November 2015 - 06:12 AM

I'm afraid I have very bad news.

Win32/Ramnit (and related variants) is a dangerous file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A or VBS/Generic. Win32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll and .HTML/HTM files and opens a back door that compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file.

-- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.

With this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of damage can vary.

Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies Worm:Win32/Ramnit.A with a random file name. The infection is often contracted by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and a major source of system infection. However, a variant called the Ramnit worm targets Facebook users....can bypass two-factor authentication and transaction signing systems, gain remote access to financial institutions and compromise online banking.

In my opinion, Ramnit is not effectively disinfectable, so your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. Security vendors that claim to be able to remove file infectors cannot guarantee that all traces of it will be removed as they may not find all the remnants. If something goes awry during the malware removal process there is always a risk the computer may become unstable or unbootable and you could loose access to all your data.

Further, your machine has likely been compromised by the backdoor Trojan and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if your anti-virus reports that the malware appears to have been removed.

Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
• Reimaging the system
• Restoring the entire system using a full system backup from before the backdoor infection
• Reformatting and reinstalling the system

Backdoors and What They Mean to You

This is what security expert miekiemoes has to say: Virut and other File infectors - Throwing in the Towel?

If I guide someone with Virut (or any other File Infector) present and their Antivirus cannot properly disinfect it, then I recommend a format and reinstall...dealing with such infections is a waste of time and that's why I prefer the fastest and safest solution - which is a format and reinstall...After all, I think it would be irresponsible to let the malware "stew" (download/spread/run more malware) for another couple of days/weeks if you already know it's a lost case.

This is what Jesper M. Johansson at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.

The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 tunarinc

tunarinc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 15 November 2015 - 06:16 AM

So, its ok for me to install win10?


Edited by tunarinc, 15 November 2015 - 06:21 AM.


#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:01 PM

Posted 15 November 2015 - 06:22 AM

Yes, you have to format the harddrive and all removable media. Then install the operating system from a DVD.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 tunarinc

tunarinc
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  

Posted 15 November 2015 - 06:45 AM

This is the second time i am formatting my computer, and i am curious about what will hapen to it. I have some questions about formatting since it doesn't have a "undo" option

 

1.What will happen  to my drivers? Is there a way to prevent them from deleting?

 

-I dont know which drivers i have installed so i may forgot to install them again.

 

2. Should i copy my important files to a USB drive?

 

-After copying i can delete the viruses on the USB from another computer, than backup them.

 

3. Is there a guide for me to how to format everything correctly?

 

4. After formatting do you recommend me an antivirus program that you support?

 

 

 

 

Btw thanks for illuminating such a "noob" like me :D



#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:01 PM

Posted 15 November 2015 - 07:16 AM

This is the second time i am formatting my computer, and i am curious about what will hapen to it. I have some questions about formatting since it doesn't have a "undo" option
 
1.What will happen  to my drivers? Is there a way to prevent them from deleting? No.
 
2. Should i copy my important files to a USB drive?

You can boot from a LIVE CD like ESET, delete the infected files and backup your important files (only music, pictures - no software etc.) to a flashdrive.

http://www.eset.com/int/support/sysrescue/
 
 
3. Is there a guide for me to how to format everything correctly?
Create a DVD by using a clean computer. http://www.expertreviews.co.uk/software/operating-systems/1401617/how-to-clean-install-windows-10-and-create-boot-media
 
4. After formatting do you recommend me an antivirus program that you support?
 ESET. http://www.eset.com/
 
 
 


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users