New
#11
@prikker,
Post #4. I rather not comment, but you will not see me using that tool, and I am always looking for a 'good find'.
@prikker,
Post #4. I rather not comment, but you will not see me using that tool, and I am always looking for a 'good find'.
SystemLook 30.07.11 by jpshortstuff
Log created at 00:07 on 24/01/2017 by Sercan
Administrator - Elevation successful
========== filefind ==========
Searching for "mail.ru"
No files found.
Searching for "*mail.ru* "
C:\AdwCleaner\quarantine\files\sekxookiedoukkgqlcniwmviiisevboq\7.1.30_0\images\thumbnails\calendar. mail.ru.jpeg --a---- 41532 bytes [11:06 23/01/2017] [10:57 23/01/2017] EE307A21F0A103CB7A9919587050CCA2
C:\AdwCleaner\quarantine\files\sekxookiedoukkgqlcniwmviiisevboq\7.1.30_0\images\thumbnails\games.mai l.ru.jpeg --a---- 76020 bytes [11:06 23/01/2017] [10:57 23/01/2017] 44DF27D4A13972E6C63265367E4473B5
C:\AdwCleaner\quarantine\files\sekxookiedoukkgqlcniwmviiisevboq\7.1.30_0\images\thumbnails\mail.ru.j peg --a---- 72653 bytes [11:06 23/01/2017] [10:57 23/01/2017] B4626139F1D6FE8E887C2AE84EA66E78
C:\AdwCleaner\quarantine\files\sekxookiedoukkgqlcniwmviiisevboq\7.1.30_0\images\thumbnails\news.mail .ru.jpeg --a---- 83028 bytes [11:06 23/01/2017] [10:57 23/01/2017] 3C39D32BEE51A01A97D722DA3153F98E
C:\AdwCleaner\quarantine\files\sekxookiedoukkgqlcniwmviiisevboq\7.1.30_0\images\thumbnails\torg.mail .ru.jpeg --a---- 60098 bytes [11:06 23/01/2017] [10:57 23/01/2017] 6692BA323442F7FE407341185676D1DC
C:\AdwCleaner\quarantine\files\sekxookiedoukkgqlcniwmviiisevboq\7.1.30_0\images\thumbnails\travel.ma il.ru.jpeg --a---- 80699 bytes [11:06 23/01/2017] [10:57 23/01/2017] AC2D567CB35AFCECE1C492582EC01D38
C:\Users\Sercan\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_cloud.mail.ru_0.localstorage --a---- 3072 bytes [19:10 23/01/2017] [19:11 23/01/2017] CD7EFE1CD49EB743739A5107A7806397
C:\Users\Sercan\AppData\Local\Google\Chrome\User Data\Profile 1\Local Storage\https_cloud.mail.ru_0.localstorage-journal --a---- 0 bytes [19:10 23/01/2017] [19:11 23/01/2017] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Sercan\AppData\Roaming\Microsoft\Windows\Recent\https_cloud.mail.ru_0.indexeddb.leveldb.lnk --a---- 1668 bytes [14:36 23/01/2017] [14:36 23/01/2017] E2C0984BF2EF709B821A4BC64A3E8723
========== folderfind ==========
Searching for "mail.ru"
No folders found.
Searching for "*mail.ru* "
No folders found.
========== regfind ==========
Searching for "mail.ru"
No data found.
-= EOF =-
The tool in post 4 found mywebsearch and deleted it. MBam and AdwCleaner didn't find it.
cookies1,
First, follow up with the Zemana instructions:
How to remove Mail.ru (Chrome, Firefox, IE, Edge)
Also, try clearing browsing data:
Clear browsing data - Computer - Chromebook Help
Next, please run Malwarebytes Anti-Malware in >> Safe Mode:
Hold down the Shift key while clicking on Power > Restart
Following the prompts, go to Troubleshoot > Advanced Options > Windows Startup Settings > Press the Restart button
After the computer restarts, select: Safe Mode
Find Malwarebytes Anti-Malware, and give it a run.
Last, if mail.ru is still present, do the following:
Please use the Farbar Recovery Scan Tool Download
Save FRST to your Desktop.
[Note: You need to run the version compatible with your system: 32 bit or 64 bit]
Double-click FRST to run it.
When the tool opens click Yes to the disclaimer.
Next, press the Scan button.
When done, the tool makes a log (FRST.txt) on the Desktop.
Also, the first time the tool is run, it makes another log: (Addition.txt).
Please attach the results of both reports in your reply.
cookies1,
Have a change of mind. Just work with running FRST (Farbar Recovery Scan Tool), attaching the results, and do not do anything else.
Suspecting that FRST may show some Group Policy changes, and, if so, until those are removed, we will get nowhere in a hurry.
Also, are you running Windows 10 Home, or Pro?
Hang in there!!
Last edited by cottonball; 23 Jan 2017 at 22:45.
Have you checked the Chrome's shortcut? Potentially unwanted programs usually modify your browser shortcuts to automatically load extra web pages or files, hijack your search results, redirect you to unsafe websites, and display endless pop up ads on your webpage are the common thing.
mail.ru virus may modify your browser shortcuts by adding its harmful files to the shortcut target. So, you should navigate to delete the baleful arguments.
Right-click your Chrome shortcuts on your desktop and choose Properties option.
In the opened window, select Shortcuts tab. Locate to the Target field, remove the unwanted homepage link behind exe and then click Apply > OK button after deleting.
Hey! I fixed the problem doing these;
Removed: AVG, FMW 1, Java 8 Update 51, Java 8 Update 51 (64-bit), Restore Point Creator version 3.5, Revo Unistaller Pro 3.1.4, IObit, Bitdefender Agent, mcafee.
Reset:" hosts" file.
Cleaned: Appdata\Local\Temp, WINDOWS\Temp, appdata\roaming\.sonoyuncu, downloads\winrarv521.tr.pre-cracked
Then I installed Kaspersky Internet Security 2017 and scanned my PC. But there is no threat.
After I've done all these, there is no ad pop-up no more. But I'm suspicious about its files in my PC and I can't see them. Did Kaspersky ignore adverts? Because there is "Anti-Banner" in settings menu. Now is my PC clean or this is just Kaspersky ignore?
Also my homepage isn't mail.ru. When I noticed a virus in my PC, firstly I deleted homepage and extensions. But there was ad pop-up virus again. I'm using Windows 10 Home Single Language.
Thanks for your helps, you're so helpful. Also by the way, here you are: FRST results;
Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-01-2017
Ran by Sercan (24-01-2017 12:42:22)
Running from D:\İNDİRİLENLER
Windows 10 Home Single Language Version 1607 (X64) (2016-09-24 10:10:46)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2070039639-675289181-3059388584-500 - Administrator - Disabled)
Guest (S-1-5-21-2070039639-675289181-3059388584-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2070039639-675289181-3059388584-1003 - Limited - Enabled)
Sercan (S-1-5-21-2070039639-675289181-3059388584-1001 - Administrator - Enabled) => C:\Users\Sercan
VarsayılanHesap (S-1-5-21-2070039639-675289181-3059388584-503 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2070039639-675289181-3059388584-1001\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\{B0B387B2-B1E4-43F2-961D-08ABFD759E1A}) (Version: 12.1.9.160 - Adobe Systems, Inc)
AIDA64 Extreme v5.70 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.70 - FinalWire Ltd.)
AirTies Network Assistant (HKLM-x32\...\{7B87A4D7-0A08-4468-B8E3-6CA9F23B5C66}) (Version: 1.2.2 - AirTies Wireless Networks)
Ansel (Version: 376.33 - NVIDIA Corporation) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Application Verifier x64 External Package (Version: 8.100.26936 - Microsoft) Hidden
Bandicam (HKLM-x32\...\Bandicam) (Version: 3.0.1.1003 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.47.30570 - Electronic Arts)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.10.0.4321 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{473E82D7-79E2-43DF-8FA0-025407C93191}) (Version: 0.10.0.4321 - BlueStack Systems, Inc.)
Boilsoft Video Splitter 6.34 (HKLM-x32\...\{24549038-9956-4EE5-976D-4419AAEA7DD5}_is1) (Version: - Boilsoft, Inc.)
Camtasia Studio 8 (HKLM-x32\...\{A2A41B60-D51F-4C04-BC94-B4C94F7B6DC0}) (Version: 8.6.0.2054 - TechSmith Corporation)
Car Mechanic Simulator 2015 (HKLM-x32\...\Car Mechanic Simulator 2015_is1) (Version: 1.0.7.5 - RePack by Valdeni)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Don't Starve Together (HKLM\...\Steam App 322330) (Version: - Klei Entertainment)
FileZilla Client 3.20.1 (HKLM-x32\...\FileZilla Client) (Version: 3.20.1 - Tim Kosse)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Grand Theft Auto V Update v1.36 (HKLM-x32\...\R3JhbmRUaGVmdEF1dG9W_is1) (Version: 1 - )
HD Tune Pro 5.60 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1168 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{9CDE90B4-5EEB-4B3C-84DE-3527F92B5BBD}) (Version: 5.0.10.2793 - Intel Corporation)
Intel® Yonga Kümesi Aygıt Yazılımı (x32 Version: 10.0.13 - Intel(R) Corporation) Hidden
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Secure Connection (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kits Configuration Installer (x32 Version: 8.100.25984 - Microsoft) Hidden
METAL GEAR SOLID V: THE PHANTOM PAIN (HKLM-x32\...\Steam App 287700) (Version: - Konami Digital Entertainment)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{D1D37853-0004-3E36-A7AA-74F4EEA35F64}) (Version: 4.5.50930 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Excel 2007 Help Güncelleştirmesi (KB963678) (HKLM-x32\...\{90120000-0016-041F-0000-0000000FF1CE}_PROPLUS_{E792E914-5172-48B2-A58A-65C3F311C4E2}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Powerpoint 2007 Help Güncelleştirmesi (KB963669) (HKLM-x32\...\{90120000-0018-041F-0000-0000000FF1CE}_PROPLUS_{8C762073-C6A4-4A11-A639-1C73014FAE00}) (Version: - Microsoft)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word 2007 Help Güncelleştirmesi (KB963665) (HKLM-x32\...\{90120000-001B-041F-0000-0000000FF1CE}_PROPLUS_{96E44099-EB0F-45A3-8831-40412110810D}) (Version: - Microsoft)
Microsoft OneDrive (HKU\S-1-5-21-2070039639-675289181-3059388584-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 tr) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 tr)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0 - Mozilla)
MSI Afterburner 4.1.1 (HKLM-x32\...\Afterburner) (Version: 4.1.1 - MSI Co., LTD)
MSI Development Tools (x32 Version: 8.100.26898 - Microsoft Corporation) Hidden
Neat Video v3.1.0 Pro plug-in for Sony Vegas (64-bit) (HKLM\...\Neat Video for Sony Vegas_is1) (Version: - Neat Video team, ABSoft)
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version: - )
NVIDIA 3D Vision Denetleyici Sürücüsü 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Sürücüsü 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.33 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.2.0.96 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.2.0.96 - NVIDIA Corporation)
NVIDIA Grafik Sürücüsü 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.33 - NVIDIA Corporation)
NVIDIA HD Ses Sürücüsü 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA Miracast Sanal Ses 355.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 355.60 - NVIDIA Corporation)
NVIDIA PhysX Sistem Yazılımı 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.2.0.96 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.0.0.0 - NVIDIA Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.3.5.6379 - Electronic Arts, Inc.)
ORION: Prelude (HKLM\...\Steam App 104900) (Version: - Spiral Game Studios)
PhoenixSuit (HKLM-x32\...\{EBF1BED9-4321-40D7-8837-177AE54C457C}) (Version: 1.0.5 - AllWinnertech)
Prison Architect v2.0 (HKLM\...\cHJpc29uYXJjaGl0ZWN0djIw_is1) (Version: 1 - )
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.23.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Red Bull Air Race - The Game (HKLM-x32\...\{6577A275-7D02-4DD9-A619-41FF2E30BB2F}_is1) (Version: 0004 - Wingracers Sports Games)
RivaTuner Statistics Server 6.3.0 (HKLM-x32\...\RTSS) (Version: 6.3.0 - Unwinder)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Scratch (HKU\S-1-5-21-2070039639-675289181-3059388584-1001\...\Scratch) (Version: 1.4.00.00 - MIT Media Lab Lifelong Kindergarten)
SDK Debuggers (x32 Version: 8.100.26936 - Microsoft Corporation) Hidden
SHIELD Streaming (Version: 7.1.0350 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.2.0.96 - NVIDIA Corporation) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-2070039639-675289181-3059388584-1001\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.31.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Free DLC program (16 DLC) (HKLM-x32\...\Free DLC program (16 DLC)_is1) (Version: 1.24.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Hearts of Stone (HKLM-x32\...\Hearts of Stone_is1) (Version: 1.0.12.0 - GOG.com)
Trackmania Turbo (HKLM-x32\...\Trackmania Turbo_is1) (Version: - )
Transformice (HKLM-x32\...\Steam App 335240) (Version: - Atelier 801)
Transformice (HKLM-x32\...\Transformice) (Version: 1.0.0 - UNKNOWN)
Transformice (x32 Version: 1.0.0 - UNKNOWN) Hidden
UE4 Prerequisites (x64) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (x32 Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Unity Web Player (HKU\S-1-5-21-2070039639-675289181-3059388584-1001\...\UnityWebPlayer) (Version: 5.3.5f1 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Windows Driver Package - USB Devices (usbUDisc) USB (01/24/2013 1.0.0.1) (HKLM\...\2968446D00DC8F0F77065B39E80E51761B9DEAC2) (Version: 01/24/2013 1.0.0.1 - USB Devices)
Windows Software Development Kit for Windows 8.1 (HKLM-x32\...\{ed3a6e6d-9661-4357-abe4-fcc03dc57a07}) (Version: 8.100.26936 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WPT Redistributables (x32 Version: 8.100.26936 - Microsoft) Hidden
WPTx64 (x32 Version: 8.100.26936 - Microsoft) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {068AD8FD-1074-43B7-8204-180B6F1472CA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {0A1B012B-CAC3-40FC-BE04-959464DEDD30} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-23] (Adobe Systems Incorporated)
Task: {1E0D895E-CBD8-4B74-95E8-89FE72A5BC2E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2248EEDF-902A-4E6B-B8E7-427F3059A4C4} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-13] (NVIDIA Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3B114FDE-1B9D-46A6-8680-36AE68C99114} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-13] (NVIDIA Corporation)
Task: {40C8629D-A37A-43CD-B2D8-FEAE0DDA9231} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-12-13] (NVIDIA Corporation)
Task: {4EF3A0FD-DDA3-4300-93F8-2214455DA24B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {52441D33-0091-40AD-9ADD-D7525D978301} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {580537E4-C5F5-421E-B917-2C9333788781} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {5B97AD3B-8EE0-4045-A4B3-67C51A9D1720} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-13] (NVIDIA Corporation)
Task: {5D54704B-07C6-4DD9-BA73-4F70C02A78BC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {606D6271-6DB6-44CC-8995-BE47D99D40C1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {61E17290-756A-4AC0-ADA9-7FDA4F6A6AC1} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-13] (NVIDIA Corporation)
Task: {6FC4CC24-94DB-4444-A2E2-548692F3EA8D} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-12-13] (NVIDIA Corporation)
Task: {81E04EEF-BEA5-428F-931C-89F1B1257A58} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-22] (Google Inc.)
Task: {8BC4482F-56A2-45F6-915B-F5E6AC363436} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {9F46F74F-2805-44CF-893A-8CA17A288741} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Sercan\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {9F7C5B31-607E-46B3-9841-3B7576C15C74} - \WPD\SqmUpload_S-1-5-21-2070039639-675289181-3059388584-1001 -> No File <==== ATTENTION
Task: {AE2FF9F2-5335-49CE-ACA4-98F1452D1E5E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B555BD07-33B4-4CD3-8AF0-0A2C0A4AD2E8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B72F8083-C6F8-45DA-9801-5D3513DEFD50} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C52A25B4-FF50-4284-97DE-D5069563EAB4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {CBAD0ABA-EE4F-4D62-B211-2559BFFB9939} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {CE3CB2DA-6CEB-46EB-9D11-19A02AF25BF9} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-08-23] (AO Kaspersky Lab)
Task: {DFBB7675-177D-41F5-B586-B3CC4DFDBE2B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-22] (Google Inc.)
Task: {F5AF3A77-3265-4B5A-8582-71A7DD870732} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {FAC0EB01-7BD4-4CE2-9639-20A799280FF2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-01-13] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Sercan\AppData\Local\Microsoft\Windows\Application Shortcuts\BlueStacks\com.android.chrome.lnk -> C:\ProgramData\BlueStacks\UserData\TileData\000139\Launcher.vbs ()
ShortcutWithArgument: C:\Users\Sercan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
==================== Loaded Modules (Whitelisted) ==============
2016-09-10 20:08 - 2016-12-13 02:36 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-09-10 20:08 - 2016-12-13 02:35 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-07-16 14:42 - 2016-07-16 14:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 21:50 - 2016-12-09 13:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-09-24 13:04 - 2016-12-11 21:47 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-12-13 21:50 - 2016-12-09 13:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-13 21:50 - 2016-12-09 13:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-24 14:01 - 2016-09-24 14:01 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 23:09 - 2016-12-21 10:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 23:09 - 2016-12-21 09:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 23:09 - 2016-12-21 09:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 23:09 - 2016-12-21 09:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 23:09 - 2016-12-21 09:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 23:09 - 2016-12-21 09:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-01-23 04:07 - 2017-01-23 04:09 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-01-23 04:07 - 2017-01-23 04:09 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-01-23 04:07 - 2017-01-23 04:09 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-14 14:30 - 2016-12-14 14:32 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\roottools.dll
2017-01-22 19:30 - 2016-12-08 11:03 - 02412888 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2017-01-22 19:30 - 2016-12-08 11:03 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2016-09-18 17:57 - 2016-06-14 16:35 - 00625440 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2016-09-14 20:52 - 2017-01-10 17:24 - 02493440 _____ () D:\Program Dosyalari\Origin\libGLESv2.dll
2014-02-19 19:51 - 2014-02-19 19:51 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-06-28 00:19 - 2016-06-28 00:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\kpcengine.2.3.dll
2015-08-15 21:32 - 2016-12-13 02:35 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-09-10 20:08 - 2016-12-13 02:35 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-09-10 20:08 - 2016-12-13 02:35 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-02-05 12:54 - 2011-08-12 13:36 - 02289016 _____ () C:\Program Files (x86)\AirTies Wireless Networks\AirTies Network Assistant\QtCore4.dll
2016-02-05 12:54 - 2011-08-12 13:36 - 08172920 _____ () C:\Program Files (x86)\AirTies Wireless Networks\AirTies Network Assistant\QtGui4.dll
2016-02-05 12:54 - 2011-08-12 13:36 - 00920448 _____ () C:\Program Files (x86)\AirTies Wireless Networks\AirTies Network Assistant\QtNetwork4.dll
2016-02-05 12:54 - 2011-08-12 13:38 - 00225664 _____ () C:\Program Files (x86)\AirTies Wireless Networks\AirTies Network Assistant\Log4qtApi1.dll
2016-02-05 12:54 - 2011-08-12 13:36 - 00196472 _____ () C:\Program Files (x86)\AirTies Wireless Networks\AirTies Network Assistant\QtSql4.dll
2016-02-05 12:54 - 2011-08-12 13:37 - 00345976 _____ () C:\Program Files (x86)\AirTies Wireless Networks\AirTies Network Assistant\QtXml4.dll
2016-02-05 12:54 - 2011-08-12 13:37 - 02557320 _____ () C:\Program Files (x86)\AirTies Wireless Networks\AirTies Network Assistant\QtXmlPatterns4.dll
2016-02-05 12:54 - 2011-08-12 13:37 - 10843008 _____ () C:\Program Files (x86)\AirTies Wireless Networks\AirTies Network Assistant\QtWebKit4.dll
2016-02-05 12:54 - 2011-08-12 13:36 - 00272760 _____ () C:\Program Files (x86)\AirTies Wireless Networks\AirTies Network Assistant\phonon4.dll
2016-02-05 12:54 - 2011-08-12 13:37 - 00032632 _____ () C:\Program Files (x86)\AirTies Wireless Networks\AirTies Network Assistant\imageformats\qgif4.dll
2016-02-05 12:54 - 2011-08-12 13:37 - 00028024 _____ () C:\Program Files (x86)\AirTies Wireless Networks\AirTies Network Assistant\imageformats\qsvg4.dll
2016-02-05 12:54 - 2011-08-12 13:37 - 00282488 _____ () C:\Program Files (x86)\AirTies Wireless Networks\AirTies Network Assistant\QtSvg4.dll
2016-02-05 12:54 - 2011-08-12 13:37 - 00422264 _____ () C:\Program Files (x86)\AirTies Wireless Networks\AirTies Network Assistant\sqldrivers\qsqlite4.dll
2016-02-05 12:54 - 2011-08-12 13:37 - 00027024 _____ () C:\Program Files (x86)\AirTies Wireless Networks\AirTies Network Assistant\designer\customwidgetplugin.dll
2016-02-05 12:54 - 2011-08-12 13:37 - 00024952 _____ () C:\Program Files (x86)\AirTies Wireless Networks\AirTies Network Assistant\designer\qwebview.dll
2016-02-05 12:54 - 2011-08-12 13:37 - 00027536 _____ () C:\Program Files (x86)\AirTies Wireless Networks\AirTies Network Assistant\designer\worldtimeclockplugin.dll
2016-09-10 20:08 - 2016-12-13 02:33 - 64245184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-09-10 20:08 - 2016-12-12 17:36 - 00525760 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-09-10 20:08 - 2016-12-12 17:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-09-10 20:08 - 2016-12-12 17:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-09-10 20:08 - 2016-12-12 17:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-09-10 20:08 - 2016-12-12 17:36 - 00447424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-09-10 20:08 - 2016-12-12 17:36 - 00336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-09-10 20:08 - 2016-12-12 17:36 - 01003456 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-12-18 01:28 - 2016-12-12 17:36 - 00956472 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node
2015-08-24 19:58 - 2016-09-19 17:51 - 53018112 _____ () D:\Program Dosyalari\GalaxyClient\libcef.dll
2015-08-24 19:58 - 2016-12-21 11:20 - 00507968 _____ () D:\Program Dosyalari\GalaxyClient\PocoUtil.dll
2015-08-24 19:58 - 2016-12-21 11:20 - 01076800 _____ () D:\Program Dosyalari\GalaxyClient\PocoNet.dll
2015-08-24 19:58 - 2016-12-21 11:20 - 01854528 _____ () D:\Program Dosyalari\GalaxyClient\PocoData.dll
2015-08-24 19:58 - 2016-12-21 11:20 - 00393280 _____ () D:\Program Dosyalari\GalaxyClient\PocoDataSQLite.dll
2015-08-24 19:58 - 2016-12-21 11:20 - 01589312 _____ () D:\Program Dosyalari\GalaxyClient\PocoFoundation.dll
2015-08-24 19:58 - 2016-12-21 11:20 - 00307776 _____ () D:\Program Dosyalari\GalaxyClient\PocoNetSSL.dll
2015-08-24 19:58 - 2016-12-21 11:20 - 00330816 _____ () D:\Program Dosyalari\GalaxyClient\PocoJSON.dll
2015-08-24 19:58 - 2016-12-21 11:20 - 00104000 _____ () D:\Program Dosyalari\GalaxyClient\zlib.dll
2015-08-24 19:58 - 2016-12-21 11:20 - 00520768 _____ () D:\Program Dosyalari\GalaxyClient\PocoXML.dll
2015-08-24 19:58 - 2016-12-21 11:20 - 00272448 _____ () D:\Program Dosyalari\GalaxyClient\PocoZip.dll
2015-08-24 19:58 - 2016-12-21 11:20 - 00425536 _____ () D:\Program Dosyalari\GalaxyClient\pcre.dll
2015-08-24 19:58 - 2016-12-21 11:20 - 00680000 _____ () D:\Program Dosyalari\GalaxyClient\sqlite.dll
2015-08-24 19:58 - 2016-12-21 11:20 - 00157760 _____ () D:\Program Dosyalari\GalaxyClient\PocoCrypto.dll
2015-08-24 19:58 - 2016-12-21 11:20 - 00152128 _____ () D:\Program Dosyalari\GalaxyClient\expat.dll
2015-08-24 19:58 - 2016-09-19 17:51 - 01738752 _____ () D:\Program Dosyalari\GalaxyClient\libglesv2.dll
2015-08-24 19:58 - 2016-09-19 17:51 - 00078848 _____ () D:\Program Dosyalari\GalaxyClient\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Sercan\Downloads\MSIAfterburnerSetup.zip:BDU [1]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-01-02 00:48 - 2017-01-23 22:26 - 00000822 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2070039639-675289181-3059388584-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sercan\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\assassins_ creed_syndicate_video_game-wide.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run: => "InstallerLauncher"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-2070039639-675289181-3059388584-1001\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-2070039639-675289181-3059388584-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-2070039639-675289181-3059388584-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{67F62E9C-F35A-443F-B4D1-822E4568C014}] => D:\Program Dosyalari\Steam\steamapps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{DF38EE52-3084-4967-983A-54D9752D72A1}] => D:\Program Dosyalari\Steam\steamapps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{DF2690E7-FA36-447D-AF48-C33330B19E62}] => C:\program files (x86)\airties wireless networks\airties network assistant\hnmtroubleshooter.exe
FirewallRules: [{44D4D5C0-F776-43FC-B3BF-FB2EEC1083BC}] => C:\program files (x86)\airties wireless networks\airties network assistant\hnmtroubleshooter.exe
FirewallRules: [UDP Query User{9A5ED880-2E48-4541-90BA-E9C0B6272751}C:\program files (x86)\airties wireless networks\airties network assistant\hnmtroubleshooter.exe] => C:\program files (x86)\airties wireless networks\airties network assistant\hnmtroubleshooter.exe
FirewallRules: [TCP Query User{2C17120C-5430-4870-BD54-54F916961AFA}C:\program files (x86)\airties wireless networks\airties network assistant\hnmtroubleshooter.exe] => C:\program files (x86)\airties wireless networks\airties network assistant\hnmtroubleshooter.exe
FirewallRules: [{66A14E99-B1F6-42A7-B820-600E456C2D55}] => C:\program files (x86)\airties wireless networks\airties network assistant\anagui.exe
FirewallRules: [{11B0D42D-9FF8-4963-B205-CEAAA1D23276}] => C:\program files (x86)\airties wireless networks\airties network assistant\anagui.exe
FirewallRules: [UDP Query User{4A3A8D7F-55D2-4418-9D37-7A685F7D3522}C:\program files (x86)\airties wireless networks\airties network assistant\anagui.exe] => C:\program files (x86)\airties wireless networks\airties network assistant\anagui.exe
FirewallRules: [TCP Query User{4BBCB306-3171-42CB-8FAC-54032066F073}C:\program files (x86)\airties wireless networks\airties network assistant\anagui.exe] => C:\program files (x86)\airties wireless networks\airties network assistant\anagui.exe
FirewallRules: [UDP Query User{5C8E6514-E0C1-48D9-B9AC-C1279F42B75B}C:\program files\java\jre1.8.0_51\bin\javaw.exe] => C:\program files\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [TCP Query User{42385F75-3A54-4D6C-AA7F-7343BDCD7FA7}C:\program files\java\jre1.8.0_51\bin\javaw.exe] => C:\program files\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [{0159DA93-24AE-4D89-9969-B301F5050354}] => D:\Program Dosyalari\Steam\bin\steamwebhelper.exe
FirewallRules: [{5F7D2239-A19A-4A30-96FB-FC1227105BD2}] => D:\Program Dosyalari\Steam\bin\steamwebhelper.exe
FirewallRules: [{30303652-9B81-45B1-9FAA-DE1797CC862E}] => D:\Program Dosyalari\Steam\Steam.exe
FirewallRules: [{4B44F63E-F8CC-427E-B2B7-BE0AACF327A7}] => D:\Program Dosyalari\Steam\Steam.exe
FirewallRules: [UDP Query User{184AB0F3-9E24-4F1A-B59F-A267D28D3D55}C:\users\sercan\appdata\roaming\utorrent\utorrent.exe] => C:\users\sercan\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{F395CE33-ECF0-4E15-A5C5-FC08CD36774C}C:\users\sercan\appdata\roaming\utorrent\utorrent.exe] => C:\users\sercan\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{5C542CC8-D849-4B10-AD42-11AA5D0C7720}D:\program dosyaları\grand theft auto v\gta5.exe] => D:\program dosyaları\grand theft auto v\gta5.exe
FirewallRules: [TCP Query User{8F8B0623-E506-4D3D-9810-A5ECEE8CD083}D:\program dosyaları\grand theft auto v\gta5.exe] => D:\program dosyaları\grand theft auto v\gta5.exe
FirewallRules: [{A60A47A1-5343-48BB-83D5-F9C835D1691A}] => C:\Users\Sercan\AppData\Local\Temp\Rar$EXa0.539\App\uTorrent\uTorrent.exe
FirewallRules: [{FA7BD7E2-59E2-463A-955E-CFDCE72B94BD}] => C:\Users\Sercan\AppData\Local\Temp\Rar$EXa0.539\App\uTorrent\uTorrent.exe
FirewallRules: [{7FEAB72E-512A-4F8E-941D-07D16D3A6C06}] => C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{78E4799B-30E4-4422-B7A7-B5D9912A11C6}] => D:\Program Dosyalari\Steam\steamapps\common\Transformice\Transformice.exe
FirewallRules: [{3B6AA48F-45B5-4B3E-9F2F-95144B4A6F29}] => D:\Program Dosyalari\Steam\steamapps\common\Transformice\Transformice.exe
FirewallRules: [{A38D89B6-6E3D-46CF-9C85-E539CB1AE217}] => D:\Program Dosyalari\Steam\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{7AA703FE-5610-44C6-BA30-7DF92EA0E66D}] => D:\Program Dosyalari\Steam\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{179919BD-2D75-4377-B890-7D8FA4419DD9}] => LPort=8317
FirewallRules: [{3F88057C-B79B-4817-BE5C-6A0BF059B7E3}] => D:\Program Dosyalari\Yeni klasör\firefox.exe
FirewallRules: [{ECC7A5E1-D4D9-4C47-A08D-8CA0A44ECF0E}] => D:\Program Dosyalari\Yeni klasör\firefox.exe
FirewallRules: [{B4E91DC4-5A88-40EF-AB33-1396209B9C9B}] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{C8840167-44AE-4C2D-A137-52016F1A9D17}] => D:\Program Dosyalari\Mozilla Firefox\firefox.exe
FirewallRules: [{C4BCA940-1526-4D71-AD78-288A894FC7A0}] => D:\Program Dosyalari\Mozilla Firefox\firefox.exe
FirewallRules: [{C1A76838-8BDE-4DDB-8BC4-FAFB1532A51D}] => D:\Program Dosyalari\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{221DD836-FB1A-400B-9DBA-F010D9522EAA}] => D:\Program Dosyalari\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{1F13E684-744E-4BAB-AF8B-02656CCF79BC}] => D:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{6B1C162F-4A23-498F-B61C-B5470534F70F}] => D:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{4889D8C7-1D1A-4DD8-B801-E235B607773D}] => D:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{8634280F-5800-4FAD-827F-96195CC3AAAB}] => D:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{52AF2BDA-9149-4A19-AAFD-A837C52CC192}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{6E48666F-D115-4D6E-B5C0-79E186EB3903}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{78C77EB4-D3BA-4192-8F9F-7ABBC2246A0A}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{A1B1FEC6-8F22-484A-907A-C0098F07E05D}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E7D62983-229B-439E-A08C-F968247CBA4B}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D098AFF3-7258-4AF3-9750-75D38EEE140B}] => D:\Program Dosyalari\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{4B4C2D1F-0127-407E-BA77-3C36CE2CA947}] => D:\Program Dosyalari\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{42697464-C4E0-42C5-9425-70B86588ABD0}] => D:\Program Dosyalari\Grand Theft Auto V\GTA5.exe
FirewallRules: [{352DC362-406B-4908-8A25-6106F41F6CCC}] => D:\Program Dosyalari\Grand Theft Auto V\GTA5.exe
FirewallRules: [{67C871BB-4359-4E02-87F0-EBCB160346D4}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
23-01-2017 14:03:11 Revo Uninstaller Pro's restore point - Amigo
23-01-2017 14:04:18 Revo Uninstaller Pro's restore point - Служба автоматического обновления программ
23-01-2017 15:18:52 Revo Uninstaller Pro's restore point - Exterminate It!
23-01-2017 16:17:06 Revo Uninstaller Pro's restore point - ESET Smart Security
23-01-2017 16:21:10 Revo Uninstaller Pro's restore point - ESET Smart Security
23-01-2017 17:32:38 Revo Uninstaller Pro's restore point - SUPERAntiSpyware
23-01-2017 18:08:47 JRT Pre-Junkware Removal
23-01-2017 19:28:56 Revo Uninstaller Pro's restore point - SpyHunter 4
23-01-2017 20:55:33 Revo Uninstaller Pro's restore point - Zemana AntiMalware
23-01-2017 21:22:42 Revo Uninstaller Pro's restore point - UnHackMe 8.50
23-01-2017 21:22:55 Revo Uninstaller Pro's restore point - UnHackMe 8.50
23-01-2017 22:00:43 Revo Uninstaller Pro's restore point - Zemana AntiMalware
23-01-2017 22:11:27 Removed Java 8 Update 51
23-01-2017 22:11:40 Removed Java 8 Update 51 (64-bit)
23-01-2017 22:12:16 Revo Uninstaller Pro's restore point - CCleaner
23-01-2017 22:13:54 Revo Uninstaller Pro's restore point - Kaspersky Total Security
23-01-2017 22:15:29 Revo Uninstaller Pro's restore point - Kaspersky Secure Connection
23-01-2017 22:16:17 Revo Uninstaller Pro's restore point - herdProtect Anti-Malware Scanner
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/23/2017 11:00:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CASPER_NIRVANA)
Description: Microsoft.MicrosoftJigsaw_8wekyb3d8bbwe!App uygulamasının etkinleştirilmesi şu hatayla başarısız oldu: -2144927148 Ek bilgi için Microsoft-Windows-TWinUI/Operational günlüğüne bakın.
Error: (01/23/2017 10:58:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Hatalı uygulama adı: igfxCUIService.exe, sürüm: 6.15.10.3960, zaman damgası: 0x54299ab0
Hatalı modül adı: igfxCUIService.exe, sürüm: 6.15.10.3960, zaman damgası: 0x54299ab0
Özel durum kodu: 0xc0000005
Hata uzaklığı 0x0000000000012bb8
Hatalı işlem kimliği: 0x630
Uygulama başlangıç zamanı: 0x01d275b30e7a3f42
Hatalı uygulama yolu: C:\Windows\system32\igfxCUIService.exe
Hatalı modül yolu: C:\Windows\system32\igfxCUIService.exe
Rapor kimliği: 0c56a852-46ed-44e7-9d85-ea65a58ceb80
Hatalı paket tam adı:
Hatalı paketle ilgili uygulama kimliği:
Error: (01/23/2017 10:30:03 PM) (Source: LiveUpdate.exe) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/23/2017 10:16:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Şifreleme Hizmetleri, Sistem Yazıcısı Nesnesi'nde OnIdentity() çağrısını işlerken başarısız oldu.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Bağlantı Katmanı Bulma Protokolü.
System Error:
Erişim engellendi.
.
Error: (01/23/2017 10:16:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Şifreleme Hizmetleri, Sistem Yazıcısı Nesnesi'nde OnIdentity() çağrısını işlerken başarısız oldu.
Details:
AddLegacyDriverFiles: Unable to back up image of binary klupd_klif_mark.
System Error:
Sistem belirtilen dosyayı bulamıyor.
.
Error: (01/23/2017 10:16:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Şifreleme Hizmetleri, Sistem Yazıcısı Nesnesi'nde OnIdentity() çağrısını işlerken başarısız oldu.
Details:
AddLegacyDriverFiles: Unable to back up image of binary klupd_klif_klbg.
System Error:
Sistem belirtilen dosyayı bulamıyor.
.
Error: (01/23/2017 10:16:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Şifreleme Hizmetleri, Sistem Yazıcısı Nesnesi'nde OnIdentity() çağrısını işlerken başarısız oldu.
Details:
AddLegacyDriverFiles: Unable to back up image of binary klupd_klif_klark.
System Error:
Sistem belirtilen dosyayı bulamıyor.
.
Error: (01/23/2017 10:16:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Şifreleme Hizmetleri, Sistem Yazıcısı Nesnesi'nde OnIdentity() çağrısını işlerken başarısız oldu.
Details:
AddLegacyDriverFiles: Unable to back up image of binary klupd_klif_arkmon.
System Error:
Sistem belirtilen dosyayı bulamıyor.
.
Error: (01/23/2017 10:16:17 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Birim Gölge Kopya Hizmeti hatası: IVssWriterCallback arabirimi sorgulanırken hata oluştu. hr = 0x80070005, Erişim engellendi.
.
Bu duruma genellikle yazan veya istekte bulunan işlemdeki yanlış güvenlik ayarları neden olur.
İşlem:
Yazıcı Verileri Toplanıyor
Bağlam:
Yazıcı Sınıf Kimliği: {e8132975-6f93-4464-a53e-1050253ae220}
Yazıcı Adı: System Writer
Yazıcı Örnek Kimliği: {5f2ffbf1-310d-45ed-a457-7520f243bd94}
Error: (01/23/2017 10:15:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Şifreleme Hizmetleri, Sistem Yazıcısı Nesnesi'nde OnIdentity() çağrısını işlerken başarısız oldu.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Bağlantı Katmanı Bulma Protokolü.
System Error:
Erişim engellendi.
.
System errors:
=============
Error: (01/24/2017 12:39:20 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D} sunucusu belirtilen zaman aşımı süresi içinde DCOM'a kayıt yaptıramadı.
Error: (01/24/2017 12:36:19 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: uygulamaya özgü izin ayarları
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
CLSID'sine ve
{F72671A9-012C-4725-9D2F-2A4D32D65169}
APPID'sine sahip COM Sunucu uygulaması için, Yok SID (Yok) uygulama kapsayıcısında çalışan LocalHost (LRPC Kullanan) adresindeki SID değeri (S-1-5-18) olan NT AUTHORITY\SYSTEM kullanıcısına Yerel Etkinleştirme izni vermiyor. Bu güvenlik izni, Bileşen Hizmetleri yönetim aracı kullanılarak değiştirilebilir.
Error: (01/24/2017 05:17:30 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: uygulamaya özgü izin ayarları
{D63B10C5-BB46-4990-A94F-E40B9D520160}
CLSID'sine ve
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
APPID'sine sahip COM Sunucu uygulaması için, Yok SID (Yok) uygulama kapsayıcısında çalışan LocalHost (LRPC Kullanan) adresindeki SID değeri (S-1-5-18) olan NT AUTHORITY\SYSTEM kullanıcısına Yerel Etkinleştirme izni vermiyor. Bu güvenlik izni, Bileşen Hizmetleri yönetim aracı kullanılarak değiştirilebilir.
Error: (01/24/2017 12:59:02 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Ana tarayıcı kendisinin etki alanı için ana tarayıcı olduğunu sanan AIR6372SO-NAS bilgisayarından
NetBT_Tcpip_{F553D58B-9442-4589-A2DE-64173A557DFC} ulaşım hizmeti üzerinden bir sunucu duyurusu aldı.
Ana tarayıcı duruyor veya bir seçim yapılıyor.
Error: (01/24/2017 12:57:16 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D} sunucusu belirtilen zaman aşımı süresi içinde DCOM'a kayıt yaptıramadı.
Error: (01/24/2017 12:54:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: uygulamaya özgü izin ayarları
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
CLSID'sine ve
{F72671A9-012C-4725-9D2F-2A4D32D65169}
APPID'sine sahip COM Sunucu uygulaması için, Yok SID (Yok) uygulama kapsayıcısında çalışan LocalHost (LRPC Kullanan) adresindeki SID değeri (S-1-5-18) olan NT AUTHORITY\SYSTEM kullanıcısına Yerel Etkinleştirme izni vermiyor. Bu güvenlik izni, Bileşen Hizmetleri yönetim aracı kullanılarak değiştirilebilir.
Error: (01/24/2017 12:52:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: uygulamaya özgü izin ayarları
{D63B10C5-BB46-4990-A94F-E40B9D520160}
CLSID'sine ve
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
APPID'sine sahip COM Sunucu uygulaması için, Yok SID (Yok) uygulama kapsayıcısında çalışan LocalHost (LRPC Kullanan) adresindeki SID değeri (S-1-5-18) olan NT AUTHORITY\SYSTEM kullanıcısına Yerel Etkinleştirme izni vermiyor. Bu güvenlik izni, Bileşen Hizmetleri yönetim aracı kullanılarak değiştirilebilir.
Error: (01/23/2017 11:12:34 PM) (Source: KLIF) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/23/2017 11:01:33 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D} sunucusu belirtilen zaman aşımı süresi içinde DCOM'a kayıt yaptıramadı.
Error: (01/23/2017 10:58:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: uygulamaya özgü izin ayarları
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
CLSID'sine ve
{F72671A9-012C-4725-9D2F-2A4D32D65169}
APPID'sine sahip COM Sunucu uygulaması için, Yok SID (Yok) uygulama kapsayıcısında çalışan LocalHost (LRPC Kullanan) adresindeki SID değeri (S-1-5-18) olan NT AUTHORITY\SYSTEM kullanıcısına Yerel Etkinleştirme izni vermiyor. Bu güvenlik izni, Bileşen Hizmetleri yönetim aracı kullanılarak değiştirilebilir.
CodeIntegrity:
===================================
Date: 2017-01-23 18:00:01.879
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
Date: 2017-01-23 17:59:59.840
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
Date: 2017-01-23 16:11:29.056
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-01-23 14:20:53.708
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-23 14:10:55.536
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
Date: 2017-01-23 14:10:54.486
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
Date: 2017-01-23 14:10:51.377
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.ex e) attempted to load \Device\HarddiskVolume4\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.
Date: 2017-01-23 14:04:55.891
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-23 14:04:55.649
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-01-23 14:02:18.180
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 26%
Total physical RAM: 16327.9 MB
Available physical RAM: 12046.13 MB
Total Virtual: 17351.9 MB
Available Virtual: 12724.56 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:96.03 GB) (Free:34.35 GB) NTFS
Drive d: (CASPER) (Fixed) (Total:1863.01 GB) (Free:1352.72 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: C11F4CAB)
Partition: GPT.
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 64A06A24)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2017
Ran by Sercan (administrator) on CASPER_NIRVANA (24-01-2017 12:41:59)
Running from D:\İNDİRİLENLER
Loaded Profiles: Sercan (Available Profiles: Sercan)
Platform: Windows 10 Home Single Language Version 1607 (X64) Language: Türkçe (Türkiye)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(MICRO-STAR INTERNATIONAL CO., LTD.) C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Electronic Arts) D:\Program Dosyalari\Origin\OriginWebHelperService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(AirTies Wireless Networks) C:\Program Files (x86)\AirTies Wireless Networks\AirTies Network Assistant\AnaGui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(GOG.com) D:\Program Dosyalari\GalaxyClient\GalaxyClient.exe
(GOG.com) D:\Program Dosyalari\GalaxyClient\GalaxyClient Helper.exe
(GOG.com) D:\Program Dosyalari\GalaxyClient\GalaxyClient Helper.exe
(GOG.com) D:\Program Dosyalari\GalaxyClient\GalaxyClient Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{C12EDCD9-A219-4778-A5FC-0D0F1F219F12}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{C12EDCD9-A219-47 (the data entry has 36 more characters).
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [904824 2015-08-19] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => D:\Program Dosyalari\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-2070039639-675289181-3059388584-1001\...\Run: [GalaxyClient] => D:\Program Dosyalari\GalaxyClient\GalaxyClient.exe [3971648 2016-12-21] (GOG.com)
HKU\S-1-5-21-2070039639-675289181-3059388584-1001\...\Run: [DAEMON Tools Lite Automount] => D:\Program Dosyalari\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-2070039639-675289181-3059388584-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3994736 2016-10-01] (Tonec Inc.)
HKU\S-1-5-21-2070039639-675289181-3059388584-1001\...\MountPoints2: {6e3e4549-3c39-11e6-82d4-d8cb8a34a717} - "F:\setup.exe"
HKU\S-1-5-21-2070039639-675289181-3059388584-1001\...\MountPoints2: {84821c0b-69b3-11e5-827d-d8cb8a34a717} - "F:\iStudio.exe"
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AirTies Network Assistant.lnk [2016-02-05]
ShortcutTarget: AirTies Network Assistant.lnk -> C:\Program Files (x86)\AirTies Wireless Networks\AirTies Network Assistant\AnaGui.exe (AirTies Wireless Networks)
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{f553d58b-9442-4589-a2de-64173a557dfc}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-09-06] (Internet Download Manager, Tonec Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-09-06] (Internet Download Manager, Tonec Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-23] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-23] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2070039639-675289181-3059388584-1001 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
FireFox:
========
FF ProfilePath: C:\Users\Sercan\AppData\Roaming\Mozilla\Firefox\Profiles\sx7hpokk.default [2017-01-23]
FF NewTab: Mozilla\Firefox\Profiles\sx7hpokk.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\sx7hpokk.default -> Google
FF Extension: (Disable youtube html5 player) - C:\Users\Sercan\AppData\Roaming\Mozilla\Firefox\Profiles\sx7hpokk.default\Extensions\@disableyoutube html5player.xpi [2016-11-11]
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-09-21]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-12-26]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF HKU\S-1-5-21-2070039639-675289181-3059388584-1001\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF HKU\S-1-5-21-2070039639-675289181-3059388584-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Sercan\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Sercan\AppData\Roaming\IDM\idmmzcc5 [2017-01-23] [not signed]
FF HKU\S-1-5-21-2070039639-675289181-3059388584-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-23] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-23] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2015-07-23] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-02-19] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-02-19] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-11] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-22] (Google Inc.)
FF Plugin HKU\S-1-5-21-2070039639-675289181-3059388584-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Sercan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-05-08] (Unity Technologies ApS)
StartMenuInternet: FIREFOX.EXE - D:\Program Dosyalari\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\Sercan\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-01-24]
CHR Extension: (tab packager by tab.bz) - C:\Users\Sercan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\klhheoejnijomhdjilifdbjeholikpnb [2017-01-23]
CHR Extension: (Assassin's Creed 4 Black Flag) - C:\Users\Sercan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lldfhamljhbognenjcohoodlecghkeei [2017-01-23]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-10-16]
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2218712 2016-12-13] (Adobe Systems, Incorporated)
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-08-19] (BlueStack Systems, Inc.)
R3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-08-19] (BlueStack Systems, Inc.)
R3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [839288 2015-08-19] (BlueStack Systems, Inc.)
S3 Disc Soft Lite Bus Service; D:\Program Dosyalari\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
S3 fussvc; D:\Programlar\Windows Kits\App Certification Kit\fussvc.exe [143872 2014-10-24] (Microsoft Corporation) [File not signed]
S3 GalaxyClientService; D:\Program Dosyalari\GalaxyClient\GalaxyClientService.exe [284224 2016-12-21] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6625856 2016-11-10] (GOG.com)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-10-15] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3036312 2016-07-28] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-02-19] (Intel Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
S2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [3046688 2016-07-29] (IObit)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-13] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-13] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2016-12-11] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-12-13] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2016-12-13] (NVIDIA Corporation)
S3 Origin Client Service; D:\Program Dosyalari\Origin\OriginClientService.exe [2119176 2017-01-10] (Electronic Arts)
R2 Origin Web Helper Service; D:\Program Dosyalari\Origin\OriginWebHelperService.exe [2181648 2017-01-10] (Electronic Arts)
S3 Te.Service; D:\Programlar\Windows Kits\Testing\Runtimes\TAEF\Wex.Services.exe [122368 2015-02-26] (Microsoft Corporation) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-08-19] (BlueStack Systems)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2015-09-08] (Disc Soft Ltd)
S3 dtproscsibus; C:\WINDOWS\System32\drivers\dtproscsibus.sys [30352 2015-08-15] (Disc Soft Ltd)
S3 dtultrascsibus; C:\WINDOWS\System32\drivers\dtultrascsibus.sys [30264 2015-08-15] (Disc Soft Ltd)
S3 dtultrausbbus; C:\WINDOWS\System32\drivers\dtultrausbbus.sys [47160 2015-08-15] (Disc Soft Ltd)
R3 ikbevent; C:\WINDOWS\system32\DRIVERS\ikbevent.sys [22216 2014-02-03] ()
R3 imsevent; C:\WINDOWS\system32\DRIVERS\imsevent.sys [22728 2014-02-03] ()
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD.sys [44744 2014-02-03] ()
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
S0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
S1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [191312 2016-06-26] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [435032 2016-12-26] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\klids.sys [182360 2017-01-23] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1019616 2016-12-26] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57424 2016-12-26] (AO Kaspersky Lab)
S3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R4 klkbdflt2; C:\WINDOWS\system32\DRIVERS\klkbdflt2.sys [43440 2016-05-23] (AO Kaspersky Lab)
S3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
U0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [218920 2017-01-23] (AO Kaspersky Lab)
U3 klupd_klif_arkmon_66516A70; C:\ProgramData\Kaspersky Lab\AVP17.0.0\temp\66516A704F1D378E58B85D79633C103D\klupd_klif_arkmon.sys [218920 2017-01-23] (AO Kaspersky Lab)
U3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [85984 2017-01-23] ()
U3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [245512 2017-01-23] (AO Kaspersky Lab)
U0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [104720 2017-01-23] (AO Kaspersky Lab)
U3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [164888 2017-01-23] (AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [134880 2016-12-26] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251848 2017-01-23] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3f929cc119e3b994\nvlddmkm.sys [14200880 2016-12-13] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-12-13] (NVIDIA Corporation)
U5 NvStUSB; C:\Windows\System32\Drivers\NvStUSB.sys [451216 2014-11-04] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2016-12-13] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
R3 tpfilter; C:\WINDOWS\System32\drivers\tpfilter.sys [25928 2015-11-22] (TP Microelectronic)
S3 usbUDisc; C:\WINDOWS\System32\drivers\USBDrv_AMD64.sys [18392 2013-01-25] (Scott)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-24] (Intel Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-01-23] (Zemana Ltd.)
U0 aswVmm; no ImagePath
U0 Partizan; system32\drivers\Partizan.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-24 12:41 - 2017-01-24 12:41 - 00000000 ____D C:\FRST
2017-01-24 12:36 - 2017-01-24 12:36 - 00000000 ___HD C:\OneDriveTemp
2017-01-23 23:20 - 2017-01-23 23:20 - 00245512 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2017-01-23 23:15 - 2017-01-23 23:15 - 00218920 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2017-01-23 23:15 - 2017-01-23 23:15 - 00164888 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2017-01-23 23:15 - 2017-01-23 23:15 - 00104720 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2017-01-23 23:15 - 2017-01-23 23:15 - 00085984 _____ C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2017-01-23 23:12 - 2017-01-23 23:15 - 00003240 _____ C:\WINDOWS\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2017-01-23 23:12 - 2017-01-23 23:12 - 00002230 _____ C:\Users\Public\Desktop\Safe Money.lnk
2017-01-23 23:12 - 2017-01-23 23:12 - 00002212 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2017-01-23 23:12 - 2017-01-23 23:12 - 00001454 _____ C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk
2017-01-23 23:12 - 2017-01-23 23:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2017-01-23 23:12 - 2017-01-23 23:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2017-01-23 23:12 - 2017-01-23 23:12 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2017-01-23 23:12 - 2016-12-26 22:03 - 01019616 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2017-01-23 23:12 - 2016-12-26 22:03 - 00435032 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2017-01-23 23:12 - 2016-06-26 15:14 - 00191312 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2017-01-23 23:12 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2017-01-23 22:50 - 2017-01-23 22:50 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-01-23 22:50 - 2017-01-23 22:50 - 00000000 ____D C:\Users\Sercan\AppData\Roaming\Sun
2017-01-23 22:50 - 2017-01-23 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-23 22:50 - 2017-01-23 22:50 - 00000000 ____D C:\Program Files (x86)\Java
2017-01-23 22:11 - 2017-01-23 22:11 - 00000000 _____ C:\WINDOWS\SysWOW64\RENE7ED.tmp
2017-01-23 21:51 - 2017-01-23 21:51 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\subinacl.exe
2017-01-23 21:51 - 2017-01-23 21:51 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2017-01-23 21:19 - 2017-01-23 21:22 - 00000154 _____ C:\WINDOWS\SysWOW64\Partizan.RRI
2017-01-23 21:13 - 2017-01-23 21:19 - 00000000 ____D C:\Users\Sercan\Documents\RegRun2
2017-01-23 21:13 - 2017-01-23 21:13 - 00000002 RSHOT C:\WINDOWS\winstart.bat
2017-01-23 21:13 - 2017-01-23 21:13 - 00000002 RSHOT C:\WINDOWS\SysWOW64\CONFIG.NT
2017-01-23 21:13 - 2017-01-23 21:13 - 00000002 RSHOT C:\WINDOWS\SysWOW64\AUTOEXEC.NT
2017-01-23 21:13 - 2017-01-23 21:13 - 00000000 ____D C:\ProgramData\RegRun
2017-01-23 20:25 - 2017-01-24 12:41 - 00249569 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-01-23 20:25 - 2017-01-23 22:00 - 00071915 _____ C:\WINDOWS\ZAM.krnl.trace
2017-01-23 20:25 - 2017-01-23 20:25 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-01-23 20:16 - 2017-01-23 20:16 - 05483584 _____ ( ) C:\Users\Sercan\Downloads\Zemana.AntiMalware.Setup.exe
2017-01-23 19:33 - 2017-01-23 19:33 - 00000000 ____D C:\Users\Sercan\AppData\Roaming\ProductData
2017-01-23 18:09 - 2017-01-23 18:09 - 00001902 _____ C:\Users\Sercan\Desktop\JRT.txt
2017-01-23 18:08 - 2017-01-23 18:08 - 01663040 _____ (Malwarebytes) C:\Users\Sercan\Downloads\JRT.exe
2017-01-23 14:10 - 2017-01-23 14:10 - 00000279 _____ C:\Users\Sercan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Geri Dönüşüm Kutusu.lnk
2017-01-23 03:01 - 2017-01-23 03:01 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-23 03:01 - 2017-01-23 03:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-23 01:07 - 2017-01-23 01:07 - 00218834 _____ C:\ProgramData\cl.uninstall.1485122769.bdinstall.bin
2017-01-23 01:06 - 2017-01-23 01:06 - 00000336 _____ C:\WINDOWS\system32\㩃坜义佄南呜䵅屐浸㙬〲⸳浴p翸
2017-01-23 01:06 - 2017-01-23 01:06 - 00000328 _____ C:\WINDOWS\system32\㩃坜义佄南呜䵅屐浸㕬䉆⸸浴p翸
2017-01-23 01:06 - 2017-01-23 01:06 - 00000326 _____ C:\WINDOWS\system32\㩃坜义佄南呜䵅屐浸㙬〲⸴浴p翸
2017-01-23 00:30 - 2017-01-23 00:30 - 00401025 _____ C:\ProgramData\cl.1485120489.bdinstall.bin
2017-01-23 00:01 - 2017-01-23 00:01 - 00028871 _____ C:\ProgramData\agent.1485118862.bdinstall.bin
2017-01-22 23:57 - 2017-01-22 23:57 - 00028879 _____ C:\ProgramData\agent.1485118630.bdinstall.bin
2017-01-22 23:56 - 2017-01-22 23:57 - 10333355 _____ C:\Users\Sercan\Downloads\bitdefender_antivirus.rar
2017-01-22 23:56 - 2017-01-22 23:56 - 00029017 _____ C:\ProgramData\agent.1485118561.bdinstall.bin
2017-01-22 23:52 - 2017-01-22 23:52 - 00006704 _____ C:\Users\Sercan\Desktop\Scan_2017-1-22-23-52.txt
2017-01-22 23:45 - 2017-01-22 23:45 - 02941567 _____ C:\Users\Sercan\Desktop\GSI6_CASPER_NIRVANA_Sercan_01_22_2017_23_41_32.zip
2017-01-22 23:44 - 2017-01-22 23:44 - 00000000 ____D C:\Program Files\Reason
2017-01-22 23:43 - 2017-01-22 23:44 - 02873112 _____ (Reason Company Software Inc.) C:\Users\Sercan\Downloads\herdProtectScan_Setup.exe
2017-01-22 23:37 - 2017-01-22 23:41 - 11011656 _____ (AO Kaspersky Lab) C:\Users\Sercan\Downloads\GetSystemInfo6.1.exe
2017-01-22 23:33 - 2017-01-22 23:33 - 00000000 ____D C:\Users\Sercan\AppData\Roaming\AVG
2017-01-22 23:32 - 2017-01-22 23:32 - 00000000 ____D C:\Users\Sercan\AppData\Roaming\TuneUp Software
2017-01-22 23:31 - 2017-01-22 23:31 - 00000000 ____D C:\Users\Sercan\AppData\Local\MFAData
2017-01-22 23:29 - 2017-01-22 23:29 - 00000000 ____D C:\Users\Sercan\AppData\Local\Chromium
2017-01-22 22:47 - 2017-01-22 22:47 - 00028882 _____ C:\ProgramData\agent.1485114476.bdinstall.bin
2017-01-22 19:30 - 2017-01-22 19:30 - 00002347 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-22 19:30 - 2017-01-22 19:30 - 00002335 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-22 19:24 - 2017-01-22 20:29 - 00003538 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-01-22 19:24 - 2017-01-22 20:29 - 00003414 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-01-22 19:23 - 2017-01-22 19:24 - 01065376 _____ (Google Inc.) C:\Users\Sercan\Downloads\ChromeSetup (2).exe
2017-01-22 16:05 - 2017-01-23 17:39 - 00000000 ____D C:\Users\Sercan\Desktop\BİRGİ BELGESEL ÇEKİMİ
2017-01-22 14:20 - 2017-01-23 20:47 - 00000000 ____D C:\AdwCleaner
2017-01-21 19:04 - 2017-01-21 19:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-01-15 14:13 - 2017-01-15 15:18 - 00000308 _____ C:\Users\Sercan\Desktop\PS4.txt
2017-01-11 18:53 - 2017-01-11 18:53 - 00000000 ____D C:\ProgramData\Socialclub
2017-01-11 18:46 - 2017-01-11 18:46 - 00000000 ____D C:\Program Files\Rockstar Games
2017-01-11 18:46 - 2017-01-11 18:46 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2017-01-11 18:20 - 2017-01-11 18:51 - 00000559 _____ C:\Users\Public\Desktop\Grand Theft Auto V.lnk
2017-01-11 18:20 - 2017-01-11 18:51 - 00000559 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grand Theft Auto V.lnk
2017-01-10 23:09 - 2016-12-21 11:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-10 23:09 - 2016-12-21 11:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-10 23:09 - 2016-12-21 11:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-10 23:09 - 2016-12-21 10:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-10 23:09 - 2016-12-21 10:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-10 23:09 - 2016-12-21 10:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-10 23:09 - 2016-12-21 10:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-10 23:09 - 2016-12-21 10:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-10 23:09 - 2016-12-21 10:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-10 23:09 - 2016-12-21 10:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-10 23:09 - 2016-12-21 10:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-10 23:09 - 2016-12-21 10:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-10 23:09 - 2016-12-21 10:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-10 23:09 - 2016-12-21 10:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-10 23:09 - 2016-12-21 10:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-10 23:09 - 2016-12-21 10:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-10 23:09 - 2016-12-21 10:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-10 23:09 - 2016-12-21 10:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-10 23:09 - 2016-12-21 10:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-10 23:09 - 2016-12-21 10:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-10 23:09 - 2016-12-21 10:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-10 23:09 - 2016-12-21 10:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-10 23:09 - 2016-12-21 10:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-10 23:09 - 2016-12-21 10:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-10 23:09 - 2016-12-21 10:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-10 23:09 - 2016-12-21 10:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-10 23:09 - 2016-12-21 10:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-10 23:09 - 2016-12-21 10:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-10 23:09 - 2016-12-21 10:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-10 23:09 - 2016-12-21 10:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-10 23:09 - 2016-12-21 10:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-10 23:09 - 2016-12-21 10:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-10 23:09 - 2016-12-21 10:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-10 23:09 - 2016-12-21 10:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-10 23:09 - 2016-12-21 10:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-10 23:09 - 2016-12-21 10:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-10 23:09 - 2016-12-21 10:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-10 23:09 - 2016-12-21 10:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-10 23:09 - 2016-12-21 10:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-10 23:09 - 2016-12-21 09:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-10 23:09 - 2016-12-21 09:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-10 23:09 - 2016-12-21 09:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-10 23:09 - 2016-12-21 09:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-10 23:09 - 2016-12-21 09:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-10 23:09 - 2016-12-21 09:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-10 23:09 - 2016-12-21 09:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-10 23:09 - 2016-12-21 09:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-10 23:09 - 2016-12-21 09:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-10 23:09 - 2016-12-21 09:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-10 23:09 - 2016-12-21 09:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-10 23:09 - 2016-12-21 09:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-10 23:09 - 2016-12-21 09:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-10 23:09 - 2016-12-21 09:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-10 23:09 - 2016-12-21 09:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-10 23:09 - 2016-12-21 09:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-10 23:09 - 2016-12-21 09:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-10 23:09 - 2016-12-21 09:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-10 23:09 - 2016-12-21 09:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-10 23:09 - 2016-12-21 09:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-10 23:09 - 2016-12-21 08:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-10 23:09 - 2016-12-21 08:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-10 23:09 - 2016-12-21 08:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-10 23:09 - 2016-12-21 08:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-10 23:09 - 2016-12-21 08:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-10 23:09 - 2016-12-21 08:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-10 23:09 - 2016-12-21 08:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-10 23:09 - 2016-12-21 08:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-10 23:09 - 2016-12-21 08:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-10 23:09 - 2016-12-21 07:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-10 23:09 - 2016-12-21 07:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-10 23:09 - 2016-12-21 07:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-10 23:09 - 2016-12-21 07:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-10 23:09 - 2016-12-21 07:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-10 23:09 - 2016-12-21 07:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-10 23:09 - 2016-12-21 07:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-10 23:09 - 2016-12-21 07:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-10 23:09 - 2016-12-21 07:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-10 23:09 - 2016-12-21 07:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-10 23:09 - 2016-12-21 07:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-10 23:09 - 2016-12-21 07:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-10 23:09 - 2016-12-21 07:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-10 23:09 - 2016-12-21 07:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-10 23:09 - 2016-12-21 07:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-10 23:09 - 2016-12-21 07:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-10 23:09 - 2016-12-21 07:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-10 23:09 - 2016-12-21 07:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-10 23:09 - 2016-12-21 07:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-10 23:09 - 2016-12-21 07:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-10 23:09 - 2016-12-21 07:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-10 23:09 - 2016-12-21 07:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-10 23:09 - 2016-12-21 07:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-10 23:09 - 2016-12-21 07:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-10 23:09 - 2016-12-21 07:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-10 23:09 - 2016-12-21 07:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-10 23:09 - 2016-12-21 07:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-10 23:09 - 2016-12-21 07:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-10 23:09 - 2016-12-14 08:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-10 23:09 - 2016-12-14 08:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-10 23:09 - 2016-12-14 08:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-10 23:09 - 2016-12-14 08:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-10 23:09 - 2016-12-14 08:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-10 23:09 - 2016-12-14 08:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-10 23:09 - 2016-12-14 08:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-10 23:09 - 2016-12-14 08:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-10 23:09 - 2016-12-14 08:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-10 23:09 - 2016-12-14 08:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-10 23:09 - 2016-12-14 08:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-10 23:09 - 2016-12-14 08:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-10 23:09 - 2016-12-14 08:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-10 23:09 - 2016-12-14 08:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-10 23:09 - 2016-12-14 08:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-10 23:09 - 2016-12-14 08:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-10 23:09 - 2016-12-14 08:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-10 23:09 - 2016-12-14 08:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-10 23:09 - 2016-12-14 07:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-10 23:09 - 2016-12-14 07:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-10 23:09 - 2016-12-14 07:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-10 23:09 - 2016-12-14 07:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-10 23:09 - 2016-12-14 07:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-10 23:09 - 2016-12-14 07:42 - 00384000 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DXCpl.exe
2017-01-10 23:09 - 2016-12-14 07:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-10 23:09 - 2016-12-14 07:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-10 23:09 - 2016-12-14 07:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 23:09 - 2016-12-14 07:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-10 23:09 - 2016-12-14 07:41 - 00362496 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DXCpl.exe
2017-01-10 23:09 - 2016-12-14 07:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-10 23:09 - 2016-12-14 07:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-10 23:09 - 2016-12-14 07:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-10 23:09 - 2016-12-14 07:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-10 23:09 - 2016-12-14 07:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-10 23:09 - 2016-12-14 07:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 23:09 - 2016-12-14 07:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-10 23:09 - 2016-12-14 07:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-10 23:09 - 2016-12-14 07:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-10 23:09 - 2016-12-14 07:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-10 23:09 - 2016-12-14 07:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-10 23:09 - 2016-12-14 07:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-10 23:09 - 2016-12-14 07:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-10 23:09 - 2016-12-14 07:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-10 23:09 - 2016-12-14 07:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-10 23:09 - 2016-12-14 07:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-10 23:09 - 2016-12-14 07:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-10 23:09 - 2016-12-14 07:35 - 02220032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12SDKLayers.dll
2017-01-10 23:09 - 2016-12-14 07:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-10 23:09 - 2016-12-14 07:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-10 23:09 - 2016-12-14 07:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-10 23:09 - 2016-12-14 07:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-10 23:09 - 2016-12-14 07:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-10 23:09 - 2016-12-14 07:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-10 23:09 - 2016-12-14 07:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-10 23:09 - 2016-12-14 07:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-10 23:09 - 2016-12-14 07:25 - 02795520 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12SDKLayers.dll
2017-01-10 23:09 - 2016-12-14 07:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-10 23:09 - 2016-12-14 07:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-10 23:09 - 2016-12-14 07:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-10 23:09 - 2016-12-14 07:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-10 23:09 - 2016-12-14 07:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-10 23:09 - 2016-12-14 07:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-10 23:09 - 2016-12-14 07:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-10 23:09 - 2016-12-14 07:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-10 23:09 - 2016-12-14 07:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-10 23:09 - 2016-12-14 07:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-10 23:09 - 2016-12-14 07:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-10 23:09 - 2016-12-14 07:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-10 23:09 - 2016-11-02 15:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-10 23:09 - 2016-11-02 14:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-10 23:09 - 2016-11-02 13:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-10 23:09 - 2016-11-02 13:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-10 23:09 - 2016-11-02 13:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-10 23:09 - 2016-08-02 07:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-07 19:55 - 2017-01-07 19:55 - 00000000 ____D C:\Users\Sercan\Documents\Rockstar Games
2016-12-30 22:00 - 2016-12-31 09:19 - 00000407 _____ C:\Users\Sercan\Desktop\DİNLEME METİNLERİ.txt
2016-12-27 19:21 - 2016-12-27 19:21 - 00000141 _____ C:\Users\Sercan\Desktop\OSMANLICA SINAV ÖNCESİ.txt
2016-12-26 22:03 - 2016-12-26 22:03 - 00134880 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klwtp.sys
2016-12-26 22:03 - 2016-12-26 22:03 - 00057424 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klim6.sys
2016-12-25 12:59 - 2016-12-25 18:28 - 00005251 _____ C:\Users\Sercan\Desktop\COĞRAFYA DERS NOTLARI (EBA).txt
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-24 12:39 - 2016-09-24 13:09 - 00004196 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{01DE6044-421D-486D-96AA-6101FD0E0137}
2017-01-24 12:37 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-24 12:36 - 2016-09-24 13:04 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-24 12:36 - 2016-05-14 10:00 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-01-24 12:36 - 2015-08-12 12:47 - 00000000 ___RD C:\Users\Sercan\OneDrive
2017-01-24 01:03 - 2016-07-16 14:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-24 00:52 - 2016-09-24 13:04 - 00000000 ____D C:\Users\Sercan
2017-01-24 00:52 - 2015-08-22 22:40 - 00000000 ____D C:\Users\Sercan\AppData\Roaming\DMCache
2017-01-24 00:51 - 2016-08-31 00:58 - 00000000 ____D C:\Users\Sercan\AppData\Roaming\Origin
2017-01-24 00:51 - 2016-08-31 00:50 - 00000000 ____D C:\ProgramData\Origin
2017-01-24 00:00 - 2015-08-14 20:27 - 00000000 ____D C:\Users\Sercan\Desktop\Notlar ve Bilgiler
2017-01-23 23:42 - 2016-12-22 21:45 - 00000000 ____D C:\Users\Sercan\AppData\LocalLow\Mozilla
2017-01-23 23:15 - 2015-08-12 22:37 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-23 23:13 - 2016-07-16 14:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-23 23:12 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\ELAMBKUP
2017-01-23 23:12 - 2016-07-16 09:04 - 00131072 _____ C:\WINDOWS\system32\config\ELAM
2017-01-23 23:05 - 2016-07-17 01:12 - 00935906 _____ C:\WINDOWS\system32\perfh01F.dat
2017-01-23 23:05 - 2016-07-17 01:12 - 00237544 _____ C:\WINDOWS\system32\perfc01F.dat
2017-01-23 23:05 - 2015-08-24 13:52 - 02417458 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-23 22:59 - 2016-09-22 00:32 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-01-23 22:58 - 2016-12-18 01:28 - 00006776 _____ C:\ProgramData\NvTelemetryContainer.log_backup1
2017-01-23 22:58 - 2016-09-24 13:09 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-23 22:58 - 2016-07-16 09:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-01-23 22:51 - 2015-08-12 22:53 - 00000000 ____D C:\ProgramData\Oracle
2017-01-23 22:23 - 2015-08-20 19:16 - 00000000 ____D C:\Users\Sercan\AppData\Roaming\.sonoyuncu
2017-01-23 22:03 - 2015-08-13 19:59 - 00000000 ____D C:\Users\Sercan\AppData\Local\CrashDumps
2017-01-23 20:30 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-01-23 17:58 - 2016-12-11 22:41 - 00000814 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-23 16:55 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-01-23 16:55 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-23 16:08 - 2016-09-24 13:03 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-23 14:06 - 2015-09-14 21:06 - 00000000 ____D C:\Users\Sercan\AppData\Local\Unity
2017-01-23 14:00 - 2015-08-13 15:24 - 00000000 ____D C:\Users\Sercan\AppData\Roaming\PhotoScape
2017-01-23 10:24 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-23 01:06 - 2016-02-17 01:33 - 00042960 _____ C:\bdlog.txt
2017-01-22 20:19 - 2015-11-07 13:50 - 00000000 ____D C:\Users\Sercan\ATUDB
2017-01-22 19:30 - 2015-08-12 12:53 - 00000000 ____D C:\Users\Sercan\AppData\Local\Google
2017-01-22 19:29 - 2015-08-12 12:53 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-22 18:39 - 2016-10-16 16:17 - 00000000 ____D C:\Users\Sercan\AppData\Roaming\IDM
2017-01-22 18:39 - 2016-09-24 14:03 - 00000000 ___DC C:\WINDOWS\Panther
2017-01-22 18:39 - 2015-09-08 00:49 - 00000000 ____D C:\Users\Sercan\AppData\Roaming\DAEMON Tools Lite
2017-01-22 18:39 - 2015-08-12 23:54 - 00000000 ____D C:\Users\Sercan\AppData\Roaming\uTorrent
2017-01-22 15:24 - 2015-10-12 22:03 - 00000000 ____D C:\Users\Sercan\Desktop\DERSLER VE SINAVLAR
2017-01-22 14:09 - 2015-08-28 16:05 - 00021504 ____H C:\Users\Sercan\Desktop\photothumb.db
2017-01-22 07:30 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-01-21 23:13 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-01-21 23:13 - 2013-08-22 18:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-01-21 00:04 - 2015-08-29 22:58 - 00000000 ____D C:\Users\Sercan\Documents\The Witcher 3
2017-01-14 10:46 - 2016-09-24 13:03 - 00280280 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-14 04:24 - 2016-07-16 14:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-14 04:24 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-14 04:24 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-14 04:24 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-14 04:24 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-13 21:27 - 2015-08-13 12:46 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-13 21:25 - 2016-07-16 14:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-13 21:25 - 2015-08-13 12:46 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-13 18:29 - 2016-12-09 18:28 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-13 18:29 - 2015-08-24 13:51 - 00002392 _____ C:\Users\Sercan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-07 19:18 - 2014-12-06 04:28 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-07 17:32 - 2016-01-21 22:12 - 00000000 ____D C:\Users\Sercan\AppData\Local\ElevatedDiagnostics
2017-01-01 00:29 - 2016-12-16 21:59 - 00037887 _____ C:\Users\Sercan\Desktop\TARİH DERS NOTLARI (Benim Hocam).txt
==================== Files in the root of some directories =======
2016-11-10 18:41 - 2016-06-03 17:30 - 0000073 _____ () C:\Users\Sercan\AppData\Roaming\registered-vaults.xml.bkp
2016-05-14 09:42 - 2016-05-14 09:42 - 0343843 _____ () C:\Users\Sercan\AppData\Local\ars.cache
2016-05-14 09:42 - 2016-05-14 09:42 - 0429657 _____ () C:\Users\Sercan\AppData\Local\census.cache
2015-12-23 19:55 - 2016-12-08 18:24 - 0006656 _____ () C:\Users\Sercan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-05 12:56 - 2016-02-05 12:56 - 0018432 _____ () C:\Users\Sercan\AppData\Local\HnmDb.db
2016-05-14 09:22 - 2016-05-14 09:22 - 0000036 _____ () C:\Users\Sercan\AppData\Local\housecall.guid.cache
2016-05-14 09:39 - 2016-05-14 09:39 - 0000010 _____ () C:\Users\Sercan\AppData\Local\sponge.last.runtime.cache
2016-11-10 18:43 - 2016-11-10 18:43 - 0028762 _____ () C:\ProgramData\agent.1478792576.bdinstall.bin
2016-11-10 19:43 - 2016-11-10 19:43 - 0046363 _____ () C:\ProgramData\agent.1478796188.bdinstall.bin
2016-11-10 19:44 - 2016-11-10 19:44 - 0027089 _____ () C:\ProgramData\agent.1478796238.bdinstall.bin
2016-11-10 19:58 - 2016-11-10 19:58 - 0028760 _____ () C:\ProgramData\agent.1478797088.bdinstall.bin
2016-12-10 23:21 - 2016-12-10 23:21 - 0029015 _____ () C:\ProgramData\agent.1481401276.bdinstall.bin
2016-12-10 23:21 - 2016-12-10 23:21 - 0029020 _____ () C:\ProgramData\agent.1481401302.bdinstall.bin
2016-12-11 19:59 - 2016-12-11 19:59 - 0029017 _____ () C:\ProgramData\agent.1481475575.bdinstall.bin
2017-01-22 22:47 - 2017-01-22 22:47 - 0028882 _____ () C:\ProgramData\agent.1485114476.bdinstall.bin
2017-01-22 23:56 - 2017-01-22 23:56 - 0029017 _____ () C:\ProgramData\agent.1485118561.bdinstall.bin
2017-01-22 23:57 - 2017-01-22 23:57 - 0028879 _____ () C:\ProgramData\agent.1485118630.bdinstall.bin
2017-01-23 00:01 - 2017-01-23 00:01 - 0028871 _____ () C:\ProgramData\agent.1485118862.bdinstall.bin
2017-01-23 00:30 - 2017-01-23 00:30 - 0401025 _____ () C:\ProgramData\cl.1485120489.bdinstall.bin
2017-01-23 01:07 - 2017-01-23 01:07 - 0218834 _____ () C:\ProgramData\cl.uninstall.1485122769.bdinstall.bin
2016-11-10 18:42 - 2016-11-10 18:42 - 0055266 _____ () C:\ProgramData\dm.1478792549.bdinstall.bin
2016-11-10 18:45 - 2016-11-10 18:45 - 0034738 _____ () C:\ProgramData\dm.1478792698.bdinstall.bin
2016-11-10 19:57 - 2016-11-10 19:57 - 0055170 _____ () C:\ProgramData\dm.1478797054.bdinstall.bin
2016-11-18 06:43 - 2016-11-18 06:43 - 0040265 _____ () C:\ProgramData\dm.1479440630.bdinstall.bin
2016-12-11 20:10 - 2016-12-11 20:10 - 0035344 _____ () C:\ProgramData\dm.1481476190.bdinstall.bin
2016-09-24 13:04 - 2016-09-24 13:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-12-18 01:28 - 2017-01-24 12:36 - 0004604 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-18 01:28 - 2017-01-23 22:58 - 0006776 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-01-22 19:36
==================== End of FRST.txt ============================
cookies1,
Thanks for the reports.
For some reason, did not get notified of your post.
As you can see, the logs are lengthy, so it will take me a while to go through them. The old eyes are not what they used to be!
Will get back with the next step later this PM, maybe evening, but will try to do so sooner.
Thanks for your patience.
cookies1,
Any reason why this was run from D:\ vs. the Desktop in C:\?
Is D:\ an external hard drive?
Please do the following:
Press the Windows and R keys at the same time. This opens the Run box.
Type Notepad and click OK.
Next, please copy the entire contents inside the code box below to Notepad:
Save the file as fixlist.txt in the same folder where the FRST is running from. It appears to be running from D:\INDIRILENLER vs. the Desktop. They both need to be in the same place, preferably the Desktop.Code:Start CreateRestorePoint: EmptyTemp: CloseProcesses: ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File GroupPolicy: Restriction <======= ATTENTION GroupPolicy\User: Restriction <======= ATTENTION Toolbar: HKU\S-1-5-21-2070039639-675289181-3059388584-1001 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - No File Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found> U0 Partizan; system32\drivers\Partizan.sys [X] S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X] C:\WINDOWS\system32\?????????????p? Task: {1E0D895E-CBD8-4B74-95E8-89FE72A5BC2E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {5D54704B-07C6-4DD9-BA73-4F70C02A78BC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {606D6271-6DB6-44CC-8995-BE47D99D40C1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {4EF3A0FD-DDA3-4300-93F8-2214455DA24B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {8BC4482F-56A2-45F6-915B-F5E6AC363436} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {9F7C5B31-607E-46B3-9841-3B7576C15C74} - \WPD\SqmUpload_S-1-5-21-2070039639-675289181-3059388584-1001 -> No File <==== ATTENTION Task: {AE2FF9F2-5335-49CE-ACA4-98F1452D1E5E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {B555BD07-33B4-4CD3-8AF0-0A2C0A4AD2E8} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {B72F8083-C6F8-45DA-9801-5D3513DEFD50} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {C52A25B4-FF50-4284-97DE-D5069563EAB4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {CBAD0ABA-EE4F-4D62-B211-2559BFFB9939} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {F5AF3A77-3265-4B5A-8582-71A7DD870732} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Reboot: End
Next, run FRST and click Fix only once, and wait.
When done, the tool creates a log: (Fixlog.txt)
Please attach it to your reply.
Also, let us know how it is going.
cookies1,
How is it going?
Running FRST with the fixlist presented above is in your best interest.
Mail.ru has a modus operandi of its own, and we need to do our best to keep it off the computer.
Creators of this browser hijacker (and others) can manipulate Group Policy to change some settings so they cannot be easily removed or disabled. There are two entries in the FRST report which point to Group Policy restriction.
They need to be removed.