ComboFix 14-10-15.01 - samsung 17/10/2014 14:48:47.3.4 - x64
Microsoft Windows 7 Home Basic 6.1.7601.1.1254.90.1055.18.4010.1925 [GMT 3:00]
Running from: c:\users\samsung\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated*
.
.
((((((((((((((((((((((((( Files Created from 2014-09-17 to 2014-10-17 )))))))))))))))))))))))))))))))
.
.
2014-10-17 11:57 . 2014-10-17 11:57 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-10-17 11:57 . 2014-10-17 11:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-17 11:57 . 2014-10-17 11:57 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-10-17 11:29 . 2014-10-17 11:29 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\\offreg.dll
2014-10-17 11:27 . 2014-10-17 11:27 -------- d-----w- C:\MediaDrug
2014-10-12 09:55 . 2014-10-12 09:55 -------- d-----w- c:\users\samsung\AppData\Local\Razer
2014-10-12 08:05 . 2014-10-12 08:05 -------- d-----w- c:\programdata\Razer
2014-10-12 08:05 . 2014-10-12 08:05 -------- d-----w- c:\program files (x86)\Razer
2014-10-12 07:49 . 2014-10-17 11:15 -------- d-----w- c:\program files (x86)\Homepage
2014-10-10 12:53 . 2014-10-10 12:53 -------- d-----w- c:\users\samsung\AppData\Local\Setup Integrity Check
2014-10-07 17:11 . 2014-10-07 17:11 -------- d-----w- c:\windows\SysWow64\Screenshots
2014-10-05 15:05 . 2014-10-05 15:12 -------- d-----w- c:\users\samsung\AppData\Roaming\TeraCopy
2014-10-05 15:05 . 2014-10-05 15:05 -------- d-----w- c:\program files\TeraCopy
2014-10-05 14:50 . 2014-10-05 14:59 -------- d-----w- c:\program files (x86)\DAEMON Tools Toolbar
2014-09-26 14:03 . 2014-09-26 14:03 -------- d-----w- c:\program files (x86)\HP USB Disk Storage Format Tool
2014-09-26 13:54 . 2014-09-26 14:03 -------- d-----w- c:\program files (x86)\Camfrog
2014-09-26 13:42 . 2014-09-26 13:50 -------- d-----w- c:\windows\SysWow64\NV
2014-09-26 13:42 . 2014-09-26 13:50 -------- d-----w- c:\windows\system32\NV
2014-09-26 13:41 . 2014-09-26 13:42 -------- d-----w- c:\programdata\NVIDIA
2014-09-26 13:41 . 2014-09-26 13:41 -------- d-----w- c:\users\UpdatusUser
2014-09-26 13:39 . 2014-09-26 13:39 -------- d-----w- c:\programdata\NVIDIA Corporation
2014-09-26 13:37 . 2014-09-26 13:37 -------- d-----w- c:\program files (x86)\nvıdıa
2014-09-26 13:34 . 2014-09-26 13:34 -------- d-----w- c:\program files\Alwil Software
2014-09-26 13:27 . 2014-09-26 13:27 -------- d-----w- c:\program files (x86)\Yeni klasor (2)
2014-09-26 10:24 . 2014-09-26 10:24 -------- d-----w- c:\users\samsung\AppData\Roaming\Labcenter Electronics
2014-09-23 12:18 . 2014-09-23 12:19 -------- d-----w- c:\program files\Yeni klasor
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2014-09-19 15:24 . 2010-06-24 02:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\pp crlconfig600.dll
2014-08-14 16:52 . 2014-04-15 12:25 699568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-14 16:52 . 2013-02-02 22:40 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-23 13:32 . 2014-07-23 13:32 17408 ----a-w- C:\psapi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\]
2012-01-04 23:02 233288 ----a-w- c:\program files (x86)\Expat Shield\HssIE\ExpatIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\]
2014-04-10 08:59 423744 ----a-w- c:\users\samsung\AppData\LocalLow\Kurulum\prxtbKur 2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\]
2014-04-10 08:59 423744 ----a-w- c:\users\samsung\AppData\LocalLow\Hotspot_Shield\p rxtbHot0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\]
2012-01-03 14:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\]
c:\program files (x86)\BlockAndSurf-soft\173.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Internet Explorer\Toolbar]
""= "c:\users\samsung\AppData\LocalLow\Kurulum\prx tbKu r2.dll" [2014-04-10 423744]
""= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
""= "c:\program files (x86)\Yandex\YandexBarIE\yndbar.dll" [2012-03-05 8921400]
""= "c:\users\samsung\AppData\LocalLow\Hotspot_Shi eld\ prxtbHot0.dll" [2014-04-10 423744]
.
[HKEY_CLASSES_ROOT\clsid\]
.
[HKEY_CLASSES_ROOT\clsid\]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\]
[HKEY_CLASSES_ROOT\Yandex.Toolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\]
[HKEY_CLASSES_ROOT\Yandex.Toolbar]
.
[HKEY_CLASSES_ROOT\clsid\]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 BackupStack;Computer Backup (MyPC Backup);c:\program files (x86)\MyPC Backup\BackupStack.exe;c:\program files (x86)\MyPC Backup\BackupStack.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
R2 d0e87c27;SW-Sustainer;c:\windows\system32\rundll32.exe;c:\wind ows\SYSNATIVE\rundll32.exe [x]
R2 ExpatShieldService;Expat Shield Service;c:\program files (x86)\Expat Shield\bin\openvpnas.exe;c:\program files (x86)\Expat Shield\bin\openvpnas.exe [x]
R2 IePluginServices;IePlugin Services;c:\programdata\IePluginServices\PluginSer vice.exe;c:\programdata\IePluginServices\PluginSer vice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Update TowerTilt;Update TowerTilt;c:\program files (x86)\TowerTilt\updateTowerTilt.exe;c:\program files (x86)\TowerTilt\updateTowerTilt.exe [x]
R2 Util TowerTilt;Util TowerTilt;c:\program files (x86)\TowerTilt\bin\utilTowerTilt.exe;c:\program files (x86)\TowerTilt\bin\utilTowerTilt.exe [x]
R2 WindowsProtectManger;WindowsProtectManger Service;c:\programdata\WindowsProtectManger\wprote ctmanager.exe;c:\programdata\WindowsProtectManger\ wprotectmanager.exe [x]
R3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protokolu;c:\windows\system32\DRIVERS\amppal.sys;c :\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 ATICDSDr;ATICDSDr;c:\users\samsung\AppData\Local\T emp\ATICDSDr.sys;c:\users\samsung\AppData\Local\Te mp\ATICDSDr.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 ExpatTrayService;Expat Shield Tray Service;c:\program files (x86)\Expat Shield\bin\ExpatTrayService.EXE;c:\program files (x86)\Expat Shield\bin\ExpatTrayService.EXE [x]
R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe;c:\prog ram files (x86)\globalUpdate\Update\GoogleUpdate.exe [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c: \windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\ windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
R4 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\p rogram files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
R4 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
R4 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R4 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
R4 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\pro gram files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
R4 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys;c:\win dows\SYSNATIVE\DRIVERS\klbg.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpc iflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\ sptd.sys;c:\windows\\SystemRoot\System32\Drivers\s ptd.sys [x]
S1 w64;w64;c:\windows\system32\drivers\w64.sys;c:\win dows\SYSNATIVE\drivers\ w64.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windo ws\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\wi ndows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\ SYSNATIVE\Drivers\SABI.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
S2 ExpatSrv;Expat Shield Routing Service;c:\program files (x86)\Expat Shield\HssWPR\hsssrv.exe;c:\program files (x86)\Expat Shield\HssWPR\hsssrv.exe [x]
S2 ExpatWd;Expat Shield Monitoring Service;c:\program files (x86)\Expat Shield\bin\hsswd.exe;c:\program files (x86)\Expat Shield\bin\hsswd.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sy s;c:\windows\SYSNATIVE\DRIVERS\SGdrv64.sys [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe;c:\program files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [x]
S3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Sanal Bağdaştırıcısı;c:\windows\system32\DRIVERS\AMPPA L. sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\ windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.s ys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\wi ndows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\wind ows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\ iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFlt Coex.sys [x]
S3 IntcDAud;Intel(R) Ekran İcin Ses;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\wi ndows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sy s;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftpla ylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftr edirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh .sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh .sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2007323182-1294254658-3280840196-1001Core.job
- c:\users\samsung\AppData\Local\Facebook\Update\Fac ebookUpdate.exe [2014-08-05 16:28]
.
2014-08-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2007323182-1294254658-3280840196-1001UA.job
- c:\users\samsung\AppData\Local\Facebook\Update\Fac ebookUpdate.exe [2014-08-05 16:28]
.
2014-10-12 c:\windows\Tasks\globalUpdateUpdateTaskMachineCore .job
- c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-05-21 07:38]
.
2014-10-16 c:\windows\Tasks\globalUpdateUpdateTaskMachineUA.j ob
- c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-05-21 07:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\]
2012-01-04 23:02 287048 ----a-w- c:\program files (x86)\Expat Shield\HssIE\ExpatIE_64.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\]
c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.homepage.com.tr/?aff=1
mDefault_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1402405326&from=ild&uid=SAMSUNGXHN-M500MBB_S2RSJ1NBB09721&q=
mDefault_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1402405326&from=ild&uid=SAMSUNGXHN-M500MBB_S2RSJ1NBB09721
mStart Page = hxxp://www.homepage.com.tr/?aff=1
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.qone8.com/web/?type=ds&ts=1402405326&from=ild&uid=SAMSUNGXHN-M500MBB_S2RSJ1NBB09721&q=
uInternet Settings,ProxyServer = http=127.0.0.1:13892;https=127.0.0.1:13892
TCP: DhcpNameServer = 46.196.235.115 176.240.150.228
Handler: base64 - -
Handler: chrome - -
Handler: prox - -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run- - (no file)
BHO- - (no file)
BHO- - (no file)
BHO- - (no file)
WebBrowser- - (no file)
WebBrowser- - (no file)
ShellIconOverlayIdentifiers- - (no file)
AddRemove-1B0807BA-A294-A921-61B6-D02EA86BD410 - c:\program files (x86)\BlockAndSurf-soft\Uninstall.exe
AddRemove-Borderlands 2_is1 - c:\program files (x86)\2K Games\Borderlands 2\unins000.exe
AddRemove-BrowserCompanion - c:\program files (x86)\BrowserCompanion\uninstall.exe
AddRemove-Condition Zero_is1 - d:\condition zero\unins000.exe
AddRemove-EADM - c:\program files (x86)\Electronic Arts\EADM\Uninstall.exe
AddRemove-Fifa. manager 13_is1 - c:\program files (x86)\DangeSecond\Fifa. manager 13\unins000.exe
AddRemove-IECT1561552 - c:\programdata\Tbccint\IE\CT1561552\UninstallerUI. exe
AddRemove-Kingpin - c:\program files (x86)\Kingpin\Uninst.isu
AddRemove-Left 4 Dead 2_is1 - d:\left 4 dead 2\Uninstall\unins000.exe
AddRemove-Mafia2_Turkce - d:\mafia ii (with shitty *****)\Mafia II Turkce Yama kaldır.exe
AddRemove-Mount&Blade Warband - c:\program files (x86)\Mount&Blade Warband\uninstall.exe
AddRemove-Mozilla Firefox 31.0 (x86 tr) - c:\program files (x86)\Mozilla Firefox\uninstall\helper.exe
AddRemove-Orcs Must Die!_is1 - c:\program files (x86)\Robot Entertainment\Orcs Must Die!\unins000.exe
AddRemove-pcsx2-r4600 - c:\program files (x86)\PCSX2 0.9.8\Uninst-pcsx2-r4600.exe
AddRemove-Photodex Presenter - c:\program files (x86)\Photodex Presenter\remove.exe
AddRemove-Popi TV1.0.0.0 - c:\program files (x86)\Popi TV\uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-RegClean Pro_is1 - c:\program files (x86)\RegClean Pro\unins000.exe
AddRemove-RegClean-Pro_is1 - c:\program files (x86)\RegClean Pro\unins000.exe
AddRemove-S-860614263 - c:\programdata\supersoftware app\sw-booster\sw-booster.exe
AddRemove-Steam - d:\left4d~1\UNWISE.EXE
AddRemove-The Walking Dead 400 Days Turkce Yama 1.0 - d:\the walking dead\Uninstall.exe
AddRemove-The Walking Dead Season 2 EP 2_is1 - d:\the walking dead season 2 ep 2\unins000.exe
AddRemove-The Walking Dead Season 2 Episode 3 Turkce Yama 1.00 - d:\the walking dead season 2 ep 2\The Walking Dead. Season 2. Episode 3\Turkce Yama Kaldır.exe
AddRemove-The Walking Dead. Season 2. Episode 3 1.02 - d:\the walking dead season 2 ep 2\The Walking Dead. Season 2. Episode 3\Uninstall.exe
AddRemove-VGhlV2Fsa2luZ0RlYWQ=_is1 - d:\the walking dead\unins000.exe
AddRemove-VOPackage - c:\users\samsung\AppData\Roaming\VOPackage\uninsta ll.exe
AddRemove-_is1 - d:\mass effect 3\Uninstall\unins000.exe
AddRemove- - c:\programdata\YoutubeAdblocker\zrv5BV3i.exe
AddRemove- - c:\progra~2\SW-BOO~1\ASSIST~1.DLL
AddRemove- - c:\programdata\savE on\Za1HEEjvN.exe
AddRemove- - c:\program files (x86)\EA GAMES\Need for Speed Most Wanted\EAUninstall.exe
AddRemove- - c:\programdata\DiscounutExteensi\3iF1L.exe
AddRemove-_is1 - d:\tomb raider\unins000.exe
AddRemove-_is1 - d:\crysis 3\unins000.exe
AddRemove-_is1 - d:\pro evolution soccer 2013\unins000.exe
AddRemove-_is1 - d:\prototype 2\unins000.exe
AddRemove-_is1 - d:\battlefield 3\unins001.exe
AddRemove- - c:\programdata\SNT\8nEvU9TM.exe
AddRemove- - c:\programdata\ChEapME\5oG4T3wc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2007323182-1294254658-3280840196-1001_Classes\Wow6432Node\CLSID\]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):23,dd,4d,a5,58,76,b8,78,60,3a, f9,f 9,bc,a5,54,f7,4c,6c,dd,9d,e9,
5d,ad,5a,b5,f7,f9,d8,83,82,1b,bd,b2,00,b6,81,7b,c8 ,58,c2,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2007323182-1294254658-3280840196-1001_Classes\Wow6432Node\CLSID\]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000009d
"Therad"=dword:00000027
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,6 8,e5 ,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,47,e3,5c,71,58,12,69,15,4c,ac,5b,e4,1c,ca ,8a,a8,d6,a8,17,dd,ec,a9,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Mac rome d\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\\Elevati on]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\\LocalSe rver32]
@="c:\\windows\\system32\\Macromed\\Flash\\Flash Ut il64_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\\TypeLib]
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\\Pro xyStubClsid32]
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\\Typ eLib]
@=""
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Mac rome d\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash Ut il32_14_0_0_176_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\\TypeLib]
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash 32 _14_0_0_176.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash 32 _14_0_0_176.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\\TypeLib]
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash 32 _14_0_0_176.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash 32 _14_0_0_176.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\\TypeLib]
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\\ProxyStubClsid32]
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\\TypeLib]
@=""
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPl ugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPl ugin.*1*\CLSID]
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPl ugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPl ugin.*2*\CLSID]
@=""
.
[HKEY_LOCAL_MACHINE\system\ControlSet005\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-10-17 15:01:09
ComboFix-quarantined-files.txt 2014-10-17 12:01
ComboFix2.txt 2014-10-17 11:45
.
Pre-Run: 85.943.533.568 bayt boş
Post-Run: 85.834.444.800 bayt boş
.
- - End Of File - - 9EFAE3DF37806AB3F9BB15B5E98DC1C8
__________________